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This  book  is  published  to  facilitate  public  review  of  the  long-awaited  PGP  3.0  source  code.  Please  send  your  comments  to: 
pgp3~prealpha@pgp.com. 

Any  and  all  interfaces  in  this  code  will  most  likely  change,  hopefully  due  to  insightful  comments  from  readers  of  this  book. 
Therefore,  we  strongly  discourage  any  development  of  code,  intended  for  any  purpose  other  than  test  or  evaluation,  that  is 
based  on  this  pre-alpha  release. 

For  further  information  about  Pretty  Good  Privacy,  Inc.  and  its  products,  please  visit  our  Web  page  at: 
http:/ / www.  pgp.  com 
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Makefile. in 

Makefile.in 

n 

tt  Top  Level  makefile 
# 

tt  $ I d : Makef i le  . i n,v  1.1  0 1 996/1  1 /1  2 01:42:20  mhw  Exp  $ 

# 

P 0 S T S 1)  B D I R S = l i b apps 
. i n c s : 

touch  . incs 

-mkd i r include 

-mkdir  include/pgp 

$ ( M A K E ) $(MFLAGS)  headers 

incs:  .incs 

all::  incs 
headers::  incs 

world:  headers  depend  all 

clean:  : 

$(RM)  .incs 
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makefile 

all: 


clean: 


headers 


makefile. msc 


.msc 

include\pgp\usuals.h 

for  %d  in  ( lib  apps  ) do  \ 

cd  %d  &&  $ ( M A K E ) / $ ( H A K E F L A G S ) " D E B U G = - D D E B U G = 1 - D 0 L D T R U S T = 1 " \ 

/f  makefile. msc  $a  &&  cd  .. 


for  % d in  ( lib  apps  ) do  \ 

cd  %d  &&  $ ( M A K E ) / $ ( M A K E F L A G S ) /f  makefile. msc  $3  &&  cd 

include\pgp\usuals.h: 

copy  c o n f i g_w i n 3 2 . h config.h 

-mkdir  include 

-del/q  include\pgp 

-mkdir  include\pgp 

-mkdir  lib\include 

cd  lib  &&  $ ( M A K E ) / $ ( M A K E F L A G S ) /f  makefile. msc  headers  S&  cd  .. 
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aclocal.m4 


aclocal.m4 

d n L 

dnl  Local  autoconf  configuration  macros  for  PGP  3 
dn  l 

dnl  $ I d : aclocal.m4,v  1.3. 2.1  1 996/  1 1 /1  5 00:1  4:21  mhw  Exp  $ 
dnl 

dnl 

dnl  The  big  finish. 

dnl  Produce  c o n f i g . s t a t u s , config.h,  and  links,  and  configure  subdirs. 
dnl  P G P_A  C_0  UTPUTCCFILE.  . .0  [ , PRE.IND  [ , POST. IN]  C,  EXTRA-CMDS] 
dnl  [,  INIT-CMDSD  ) 

def  i ne ( P G P_A C_0 U T P U T , 

[trap  ' ' 1 2 15 
AC_CACHE_SAVE 

trap  ' rm  -f r conf test*  confdefs*  core  core.*  *.core  $ a c_c l e a n_f i l e s ; exit  1' 
12  15 

test  "xSprefix"  = xNONE  &&  p r e f i x = $ a c_d e f a u l t_p r e f i x 

# Let  make  expand  exec_pref i x . 

test  " x $ e x e c_p r e f i x " = xNONE  &&  exec_pref i x= 1 ${pref i x> ' 

# Any  assignment  to  VPATH  causes  Sun  make  to  only  execute 

ft  the  first  set  of  double-colon  rules,  so  remove  it  if  not  needed. 

# If  there  is  a colon  in  the  path,  we  need  to  keep  it. 
if  test  "x$srcdi r"  = x.;  then 

c h a n g e q u o t e ( , )dnl 

a c_v p s u b= ' / A [ ]*VPATH[  ]*=[A:]*$/d' 

changequoted,  ])dnl 
f i 

trap  'rm  -f  $ C 0 N F I G_S T A T U S conftest*;  exit  1'  1 2 15 

i f def ( [ AC_LI ST_HE ADER ] , [ D E F S = - D H A V E_C 0 N F I G_H ] , l A C_0 U T P U T_M A K E_D E F S ( ) ] ) 

U Without  the  "./",  some  shells  look  in  PATH  for  c o n f i g . s t a t u s . 

: SC  CON  F I G_S  T A T U S = . /config. status! 

echo  creating  $ C 0 N F I G_S T A T U S 

rm  -f  SCON F I G_STATUS 

cat  > $C0NFIG_STAT0S  <<E0F 

# ! / b i n / s h 

ti  Generated  automatically  by  configure. 

ti  Run  this  file  to  recreate  the  current  configuration. 

# This  directory  was  configured  as  follows, 

dnl  hostname  on  some  systems  (SVR3.2,  Linux)  returns  a bogus  exit  status, 
dnl  so  uname  gets  run  too. 

U on  host  '(hostname  ||  uname  -n)  2>/dev/null  | sed  1 q ' : 

# 

[#]  [$]0  [ $ ] a c_c o n f i g u r e_a r g s 

# 

# Compiler  output  produced  by  configure,  useful  for  debugging 

# configure,  is  in  ./config.  log  if  it  exists. 

changequoteC,  )dnl 

a c_c s_u s a g e = " U s a g e : SCON FIG_STATUS  [ — recheck]  [--version]  [ — help]" 
c h a n g e q u o t e ( C , ])dnl 
for  a c_o  p t i o n 
d o 
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case  " [ \ $ ] a c_o p t i o n " in 

-recheck  | — recheck  | — rechec  | — reche  | — rech  | — rec  | — re  | --r) 
echo  "running  [ \ $ 3 -C  CON  F I G_S  H E LL- / b i n / s h > C$30  C $ 1 a c_c o n f i g u r e_a r g s " \ 

" — no-create  -no-recursion" 

exec  [\$3LC0NFIG_SHELL-/bi n/sh)  [$30  [ $ ] a c_c o n f i g u r e_a r g s --no-create  \ 
— no-recursion  ; ; 

-version  | --version  | --versio  | --versi  | --vers  | 
echo  " $ C 0 N F I G_S T A T U S generated  by  autoconf  version 
exit  0 ; ; 

-help  | --help  | --hel  | --he  | --h) 

echo  " C \ $ ] a c_c s_u s a g e " ; exit  0 ;; 

*)  echo  " C \ $ II  a c_c  s_u  s a g e " ; exit  1 ;; 

e s a c 
done 


— ver  | - - v e | — v) 

AC  ACVERSION" 


a c_g i v e n_s  rcdi r = $srcdi  r 
i f def ( [AC_PR0VIDE_AC_PR0G_INSTALL3, 
3 ) dn  l 


[ a c_g i v e n_I N S T A LL  = " $ INSTALL' 


c h a n g e q u o t e ( < < , >>)dnl 
i f def ( <<AC_LI ST_HEADER>>, 

<<trap  ' rm  -fr  'echo  "$1  A C_L I S T_H E A D E R " | sed  "s/:[A  3*//g"'  conitest*;  \ 

exit  1'  1 2 1 5 > > , 

<<trap  ' rm  -fr  'echo  "$1"  | sed  "s/:CA  3*//g"'  conftest*;  exit  1'  1 2 15>>) 

changequote([/  3)dnl 

PGP_AC_0UTPUT_FILES($1 , $2,  $3) 

i f def ( [ AC_LI ST_HE ADER3 , [ A C_0 U T P U T_H E A D E R ( A C_L I S T_H E A D E R ) 3 ) dn  L 

i f def ( [AC_LIST_LINKS3,  L A C_0 U T P U T_L I N KS ( A C_L I S T_F I L E S , A C_L I S T_L I N KS ) 3 )dnl 
ifelse(II$5D,  , , 

[EOF 

cat  >>  $CONFIG_STATUS  <<E0F 

$5 

EOF 

cat  >>  $CONFIG_STATUS  <<\E0F3) 

$4 

exit  0 
EOF 

chmod  + x SCON F IG_STATUS 

rm  -fr  confdefs*  $ a c_c L e a n_f i L e s 

test  " $ n o_c  reate"  = yes  ||  $ C C 0 N F I G_S H E LL- / b i n / s h > $ C 0 N F I G_S T A T U S ||  exit  1 
dnl  c on f i g . s t a t u s should  not  do  recursion. 

i f def ( [AC_LIST_SUBDIRSH,  [ A C_0 U T P U T_S U B D I R S ( A C_L I S T_S U B D I R S ) 3 ) d n l 
3 ) d n l 


dnl  This  is  a subroutine  of  P G P_A C_0 U T P U T . It  is  called  inside  an  unquoted 
dnl  here  document  whose  contents  are  going  into  c o n f i g . s t a t u s . 
dnl  PGP_AC_OUTPUT_FILES( FILE . . . , PRE.IN,  POST. IN) 
defineCPG  P_A  C_0  U T P U T_F ILES, 

[#  Protect  against  being  on  the  right  side  of  a sed  subst  in  config. status, 
changequotel,  )dnl 

sed  ' s/%3/33/;  s/3%/33/;  s/%g$/3g/;  /3g$/s/C\\\\&%3/\\\\&/g; 

s/33  / % 3/;  s/33/3%/;  s/3g$/%g/'  > conftest. subs  <<\CE0F 

c h a n g e q u o t e ( C , 3)dnl 

document  variables  are  unquoted  when  configure  runs 
when  conf i g . status  runs,  so  variables  are  expanded  once. 


dnl  These  here 
dnl  but  quoted 
$ a c_v  p s u b 
dnl  Shell  code 
Sextrasub 


in  configure. in  might  set  extrasub 
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aclocal.m4 


dnl  Insert  the  sed  substitutions  of  variables, 
undivert ( A C_D I V E R S I 0 N_S E D ) 

CEOF 

EOF 

cat  >>  $CONFIG_STATUS  <<E0F 

CONFI G_FILES=\$CCONFIG_ FILES- "$1"> 

C0NFIG_PRE=\${C0NFIG_PRE-"$2"} 

CON  F IG_P0ST=\${C0N  F IG_P0ST-"$3"  > 

EOF 

cat  >>  $ C 0 N F I G_S  T A T U S <<\E0F 

dnl  Check  for  the  existence  of  the  pre  and  post  files  _FIRST_ 

# test  for  pre  and  post  files,  to  make  sure  they  exist 
if  test  -r  " $ a c_g i v e n_s r c d i r / $ C 0 N F I G_P R E " ; then 
a c_c  o n f i g_p  re  = "$ac_give  n_s  rcdi r/$C0NFI G_P  RE" 
echo  "Using  $ a c_c o n f i g_p r e for  pre-makef i le" 
else 

ac_config_pre="" 
echo  "No  file  $CONFIG_PRE" 
f i 

if  test  -r  " $ a c_g i v e n_s r c d i r / $ C 0 N F I G_P0 S T " ; then 
ac_config_post="$ac_given_srcdir/$CONFIG_POST" 
echo  "Using  $ a c_c o n f i g_p o s t for  p o s t - m a k e f i 1 e " 
else 

a c_c  o n f i g_p  ost  = " " 
echo  "No  file  $ C 0 N F I G_P 0 S T " 
f i 

for  ac_file  in  ..  $ C 0 N F I G_F I L E S ; do  if  test  "x$ac_f  i le"  !=  x..;  then 

dnl  Specifying  an  input  file  breaks  the  trap  to  clean  up  on  interrupt, 
dnl  but  that's  not  a huge  problem. 

# Support  " o u t f i l e C : i n f i l e ] " , defaulting  i n f i l e = " o u t f i l e . i n " . 
case  " $ a c_f i l e " in 

*:*)  a c_f i l e_i n= 1 echo  "$ac_file"|sed  1 s % . * : % % 1 ' 
ac_f i le= ' echo  " $ a c_f i l e " | s ed  1 s % : . * % % ' ' ;; 

*)  a c_f i l e_i n = " $ C a c_f i l e > . i n " ; ; 
e s a c 

ft  Adjust  relative  srcdir,  etc.  for  subdirectories. 

# Remove  last  slash  and  all  that  follows  it.  Not  all  systems  have  dirname. 
c h a n g e q u o t e ( , )dnl 

ac_di r= ' echo  $ac_file|sed  ,s%/CA/]CA/]*$%%'1 
changequoted,  ])dnl 

if  test  "$ac_dir"  !=  "$ac_file"  &&  test  "$ac_di r"  !=  . ; then 

# The  file  is  in  a subdirectory. 

test  ! -d  "$ac_di r"  &&  mkdir  "$ac_dir" 
ac_di r_suf f ix  = "/ ' echo  $a  c_d ir|sed  's%A\./%%' 

# A for  each  directory  in  $a c_d i r_s u f f i x . 

changequotel,  )dnl 

a c_d  ots= ' echo  $a  c_d ir_suffix|sed  ' s%/CA/D*%../%g'  ' 
changequoted,  T)dnl 
else 

a c_d i r_s u f f i x = ac_dots= 
f i 

case  " $ a c_g i v e n_s r c d i r " in 
. ) srcdir=. 
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if  test  -z  "$ac_dots";  then  t op_s r cd i r= . 
else  top_srcdi r= ' echo  $ac_dots|sed  ' s %/$%%'';  fi  ;; 
/*)  srcdi r = "$ac_give n_s  r c d i r $a c_d i r_s  u f f i x " 
t o p_s  rcdi r = "$a  c_g i v e n_s  rcdi r"  ; ; 

* ) U Relative  path. 

srcdi r = "$a  c_d  o t s $ a c_g i ven_srcdi r$ac_di r_suffi x" 
t o p_s rcdi r = "$a  c_d  o t s $ a c_g i v e n_s  rcdi r"  ; ; 
e s a c 


i f def ( :ac_provide_ac_prog_in stall:, 

C case  " $ a c_g i v e n_I N S T A L L " in 
changequote ( , )dnl 

C/$]*)  INSTALL  = "$a  c_g iven_INSTALL"  ;; 
c h a n g e q u o t e ( C , ])dnl 

*)  I N S T A LL  = " $ a c_d o t s $ a c_g i v e n_I N S T A L L " ;; 

e s a c 
] ) dn  l 

echo  creating  "$ac_file" 
rm  -f  " $a  c_f i l e ” 

conf_in_f i le  = " 1 echo  $a c_f i l e_i n | s ed  's%. */%%''" 

configure_input="Generated  automatically  from  $ c o n f _i n_f i l e by  configure, 
case  " $ a c_f i l e " in 
★Makefile*)  a c_c o m s u b = " 1 i \ \ 
ft  $configure_input"  ;; 

* ) a c_c  omsub=  ;; 
e s a c 

sed  -e  "$ac_comsub 

s % 3 c o n f i gure_i  nput5)%$conf  i gure_i  nput%g 
s % a s r c d i r3Z$srcdi  r%g 
s % 5)  t op_s  rcdi  r3Z$to  p_s  rcdi  r % g 
s%3top_bui  Iddi  r 3 M a c_d  o t s . % g 
s %ad i r_s  u f f i x 3%$a  c_d i r_s  u f f i x%g 

i f def ( C AC_PR0 VI D E_A C_P R 0 G_I N STALL],  Cs%3INSTALLa%$INSTALL%g 
] ) d n l 

" -f  c on f t e s t . s ubs  $ a c_c o n f i g_p r e $a c_g i ven_s r cd i r / $a c_f i l e_i n \ 

$ a c_c o n f i g_po s t > $ac_file 

f i ; done 

rm  -f  c o n f t e s t . s u b s 
] ) 
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apps/ 

apps/ 


' 


>• 


■ 
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apps/.cvsignore 


.cvsignore 

Ma  k e 1 i L e 
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apps/Makefile.in 

Makefile. in 

u 

ft  a pps  / 
ti 

ft  $ I d : Makefi  le  . i n,  v 1.8  1 996/1  1 /1  2 01:42:23  mhw  Exp  $ 

ft 

S U B D I R S = c ommo n enctest  dectest  sigvrfy  pgp3  pgpk 
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makefile,  msc 

Hnclude  "makefile. in 


all  check  clean 
for  % d 


depend  headers  install  very-clean:: 
n ( $(SUBDIRS)  ) do  \ 

cd  % d S&  $ ( M A K E ) / $ ( M A K E F L A G S ) /f  makefile. msc  $3  &&  cd  .. 


clean:  : 


del  * . I i b 


apps/ 


common/ 


common/ 


apps/ common/. cvsignore 


.cvsignore 

M a k e f i L e 
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apps/ common/ Makefile,  in 

Makefile. in 

# 

# apps/common 
U 

# $ I d : Makef i Le  . i n, v 1.6  1 996/1  1 / 1 2 01:42:24  mhw  Exp  $ 

U 

OBJS  = file.o  exit.o  keyrings. o initapp.o  pgpopt.o 
LOCALDEFINES  = - D P G P S Y S D I R = \ " $ ( L i b d i r ) / p g p \ " 
all::  DONE 
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apps/ common/ makefile. msc 

makefile. msc 

all::  Lib 

! include  " ma ke f i L e . i n " 

DOB J S=  $ ( OB J S : . o= . ob j ) 
lib:  $ ( DOB J S ) 

. c . o b j : 

$(CC)  $(CFLAGS)  $(DEBUG)  -11  - I . . \ . . \ i n c L u d e - D H A V E_S T D A R G_H  \ 
-DHAVE_STDLI B_H  -c  $< 

Lib  / ou t : . . \ c om L i b . L i b *.obj 

clean: 

del  * . o b j 

DONE  : 
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exit.c 

/ * 

* exit.c  --  This  code  is  for  a runtime  app.  It  is  *N0T*  threaded, 

* in  any  sense  of  the  word.  It  stores  state  in  static  variables 

* and  wipes  system  stack  and  heap  when  exiting  from  the  application. 

* 

* Written  by:  Colin  Plumb  and  Derek  Atkins  < w a r l o r d 5)  M I T . E D l)  > 

* 

* $ I d : e x i t . c , v 1.26.2.1  1 996/1  1 /1  4 04:09:1  6 cbertsch  Exp  $ 

* / 

flifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 
ft  e n d i f 


//include  <signal.h> 
//include  <string.h> 
//include  <stdio.h> 
//ifdef  H A V E_S  T D A R G_H 
//include  <stdarg.h> 

U e n d i f 

# i f d e f H A V E_S  T D L I B_H 
//include  <stdlib.h> 

# e n d i f 


/ * For  memsetO  * / 


/ * for  getenvl ) * / 


tf  i f def  UNIX 

//include  < s y s / t y p e s . h > /*  For  sbrk()  */ 

# e l i f d e f i n e d ( M S D 0 S ) 

//include  <malloc.h>  /*  For  s t a c k a v a i l ( ) , a l local  ) */ 

U if  M S C_V  E R >=  800 
/ * 

* See  flame  elsewhere  about  Microsoft's  stupid  ideas  about  the  name 

* that  are  reserved  by  ANSI  C if  you  do  something  undefined  by  ANSI 

* include  an  undefined  header  (like  <malloc.h>). 

*/ 

//define  alloca  _a  l loca 
//define  stackavail  _stackavail 
//endif  /*  MSC_VER  >=  800  */ 

//endif  /*  MSD0S  */ 


spaces 

like 


//include 

//include 

//include 

//include 

//include 

//include 


"exi t . h" 

" keyrings. h" 
"pgp/pgpenv  . h" 
"pgp  / randpool . h" 
"pgp/randseed.h" 
"pgp/timedate.h" 


static  void  *stack0  = NULL,  *heap0  = NULL; 
static  struct  PgpEnv  *env0  = NULL; 
static  int  program_name  = 0; 

static  int  newversion  = 0;  / * whether  keyrings  should  be  rewritten  as 

latest  version  (1)  or  original  version  (0)  */ 

/*  Expiry  date  in  days  - defined  for  beta  versions  */ 

//define  E X P I R Y_D  A T E p g p D a t e F r om  Y M D ( 1 99  7 , 2,  1 ) 

/ * 

* This  usually  returns,  but  might  exit  if  this  is  an  old  beta  version  that 

* shouldn't  be  in  use  any  more. 

*/ 

void 


16 


apps/ common/ exit.c 


e x i t E x p i r y C h e c k (struct  PgpEnv  *env) 

{ 

#ifdef  E X P I R Y_D  ATE 

int  tzFix  = pgpenvGetlnt  (env,  P G P E N V_T Z F I X , NULL,  NULL); 
unsigned  today  = (unsigned)(pgpTimeStamp  (tzFix)/86400); 
unsigned  expires  = EXPIRY_DATE; 


if  (expires  >=  today)  { 

expires  -=  today; 
if  (expires  < 30) 

fprintf  (stderr, 

"This  experimental  version  of  PGP  will  expire 

return; 

> 

fputs  ("\aThis  experimental  version  of 
if  (Igetenv  ( " 0 V E R R I D E_P G P_T I M E B 0 M B " ) ) 
exitCleanup(PGPEXI T_V  E R S I 0 N ) ; 

# e nd i f 

> 


n %u  days\n",  expires); 

PGP  has  expired. \n",  stderr 


void 

exitUsage  (int  code) 


switch  ( p r o g r a m_n a m e ) C 
case  EX  I T_PR0G_PGPM : 

fputs  ("\n\ 

Usage  summary:  (for  full  details,  see  the  User's  guide)\n\ 

\ n \ 

To  encrypt  a file  with  Bob's  public  key  Cor  others  as  well],  type:\n\ 

pgp  -e  bob  C-e  other  userids...]  filename  (produces  f i l e n a m e . pg p ) \ n \ 
To  sign  a plaintext  file  with  your  secret  key  Cor  Alice's  secret  key]:\n\ 

pgp  -s  filename  C-u  alice]  (produces  fi  l ename  . pgp) \n\ 

To  sign  a file  with  your  secret  key  and  then  encrypt  with  Bob's  public  key:\n\ 
pgp  -s  -e  bob  C-e  other  userids...]  filename  C-u  alice]\n\ 

To  encrypt  with  conventional  encryption  (a  passphrase) : \n\ 
pgp  -c  filename\n\ 

To  produce  ASCII  armor  output  for  email  ( f i l e n a me  . a s c ) , add  the  -a  option. \n\ 

\ n \ 

To  decrypt  a ciphertext  (.pgp  or  .asc)  file  or  check  a signature:  \ n\ 
pgp  filename. pgp  or  pgp  f i lename . asc\n\ 

\ n \ 

To  generate  a secret/public  key  pair,  type  pgpk  -g\n\ 

For  brief  help  on  key  management  functions,  type  pgpk  -h\n",  stderr); 

break; 

case  EXIT_PROG_PGPK: 

fputs  ("\n"\ 

"Usage  summary:  (for  full  details,  see  the  User's  guide)\n"\ 

"\n"\ 

"To  generate  your  own  unique  p u b l i c / p r i v a t e key  pai r : \ n"\ 

" pgpk  -g\n"\ 


'To 

'To 

'To 

'To 

'To 


add  a key  file's  contents  to  your  public  or  private 
pgpk  -a  keyfile  Ckeyfile  ...]\n"\ 

remove  a key  from  your  public  and  private  key  ring:\ 
pgpk  -r  userid  (or  pgpk  -rk  userid)\n"\ 
remove  a user  ID  from  your  public  and  private  key  ri 
pgpk  - r u userid\n"\ 

remove  a signature  from  your  public  key  ring:\n"\ 
pgpk  -rs  userid\n"\ 

edit  your  user  ID  or  pass  phrase : \n" \ 


key  r i 
n"  \ 

ng : \ n " 


n g : \ n " \ 


\ 
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pgpk  -e  y o u r_u s e r i d \ n " \ 

To  edit  the  confidence  you  have  in  a person  as  an  introducer: \n"\ 
pgpk  -e  her_userid\n"\ 

To  extract  (copy)  a key  from  your  public  key  ring:\n"\ 
pgpk  -x  userid  -o  keyfile\n"\ 

To  extract  (copy)  a key  from  your  public  key  ring  in  ascii  form:\n"\ 
pgpk  -xa  userid  -o  keyfile\n"\ 

To  list  the  contents  of  your  key  rings  : \ n“\ 
pgpk  -ILL]  [useridl\n"\ 

To  check  signatures  on  your  public  key  ring:\n"\ 
pgpk  -c  [userid]\n"\ 

To  sign  someone  else's  public  key  on  your  public  key  ring:\n"\ 


To 

pgpk  -s  her_userid  C-u  your, 
disable  or  re-enable  some  e 

_useridl\n"\ 
l s e ' s public 

key  on  your  public 

key 

ring: 

\ n " \ 

To 

pgpk  -d  her_userid\n"\ 
permanently  revoke  your 

own 

key  on  your 

public  and  private 

key 

rings 

: \ n " 

To 

pgpk  -k  your_userid\n"\ 
revoke  a signature  you 

made 

on  someone 

else's  key  on  your 

pub 

key  r i 

ng:\ 

f 

pgpk  -ks  your_userid\n" 
stderr); 

\ 

break; 

default  : 

fputs  ("\n\ 

Usage  summary  unavailable  for  this  program. \n\ 
\ n " , stderr)  ; 

break; 

} 


exi t C l eanup( code)  ; 


void 

exi tArgError  (char  const  *fmt,  ...) 

( 

va_l i s t a p ; 

fputs  ("Invalid  arguments:  ",  stderr)  ; 

va_start  (ap,  fmt); 

vfprintf  (stderr,  fmt,  ap); 

v a_e  n d ( a p ) ; 

fputc  ('\n',  stderr); 

exitCleanup  ( P G P E X I T_A R G S ) ; 

> 

/ * attribute(x)  expands  to  nothing  unless  G N U C is  defined.  * / 

static  void  exitWipe(int  code)  attri but e (( noreturn  ))  ; 

static  void  exitWipe1(int  code,  void  * b a s e ) attribute((noreturn)); 

//  i f d e f MSDOS 

//include  <dos.h>  /*  FOR  MK_FP,  FP_SEG  and  FP_0FF  */ 

//include  <malloc.h>  /*  for  allocaO,  s t a c k a v a i l ( ) , _heapwalk()  */ 

/ * 

* Now,  Microsoft  has  recently  developed  a habit  of  prepending  an  underscore 

* to  the  beginning  of  everything.  They  wave  their  arms  and  mutter  about  ANSI. 

* If  they  have  a really  broken  linker  then  I can  see  how  they  might  not  be 

* able  to  deal  with  user  code  declaring  functions  that  are  also  supplied  in 

* the  library,  so  they  need  to  put  the  functions  in  a name  space  that  user 

* code  can't  declare  in,  BUT  THIS  SURE  DOESN'T  APPLY  TO  MACROS.  For  any 
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* header  *not*  defined  by  ANSI  (such  as,  say,  <dos.h>,  <conio.h>,  <io.h>, 

* <unistd.h>,  < s y s / t y p e s . h > , etc.),  any  structures,  unions,  macros,  enums, 

* and  so  on  - anything  not  visible  to  the  linker  - can  be  defined  any 

* way  you  like. 

* 

* So  I don't  understand  Microsoft.  Defining  p r e f i x -p r e pe nd e d aliases 

* for  library-internal  calls  is  fine  (so  my  extern  variable  "write" 

* won't  get  called  when  I call  printf()),  but  to  get  rid  of  more  convenient 

* names  if  I *do*  include  the  relevant  file?  Wierd. 

*/ 


# i f n d e f MK_FP 
//ifdef  _MK_FP 
//define  MK_F  P „MK_FP 
//else 

//define  M K_F  P ( s e g , o f f ) ((void  far  *)((seg)«16  | (off))) 

# e n d i f 

//  e nd  i f / * !MK  FP  * / 


# i f n d e f FP_SEG 
//ifdef  _FP_SEG 
//define  FP_SEG  _FP_SEG 
//else 

//define  FP_SEG(ptr)  ( ( u n s i g n e d ) ( ( u n s i g n e d long)(ptr)  >>  16)) 

# e n d i f 

#endi f /*  ! F P SEG  */ 


# i f nde  f FP_0FF 
//ifdef  _F  P_0  F F 
//define  F P_0  F F _FP_0FF 

//else 

//define  FP_0FF(ptr)  ( ( u n s i g n e d ) ( p t r ) ) 
ft  e nd  i f 

//endif  /*  ! F P 0 F F */ 

ft  if  MSC_VER  >=  800 
//define  alloca  _a  l loca 
//define  stackavail  _stackavail 
tte  nd  i f 


static  void 

e x i t W i p e 1 ( i n t code,  void  *base) 

{ 

int  status; 

/ * Wipe  the  stack  * / 
if  (stackO) 

memset(base,  0,  (char  *)(stackO)-(char  *)base); 

//ifdef  UNIX 

/*  ACHTUNG!  This  code  might  be  dangerous  */ 

{ 

struct  _heapinfo  info; 

/*  Wipe  the  heap  * / 

/*  First  pass  - initial  wipe  with  Oxff  */ 

_heapset(0xff); 

info. _p  entry  = 0; 

while  (_h e a pw a l k ( 8 i n f o ) ==  _HEAP0K)  { 

if  ( i nf o ._usef l ag  ==  _U  SEDENTRY)  { 

memset ( i nfo ._p entry,  Oxff,  info._size); 
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> 

> 

/ * Second  pass 
_heapset(0); 

> 

# e nd  i f / * UNIX  * / 

exit(code); 

> 


freeCinfo. _p  entry); 

/*  f ree(  ) mucks  up  _heapwalk,  so  restart  */ 
info. _p  entry  = 0 ; 

- wipe  all  free  areas  */ 


# if  BORLANDC 

#if  BORLANDC  <=  0x0400 

unsigned  _stklen  = 16384; 

# e L s e 

unsigned  const  _stklen  = 16384; 

# e n d i f 

# e n d i f 

static  void 
exitWipeCint  code) 

{ 

exitWipe1(code,  alloca(stackavail()-500)); 

> 


//else  /*  ! MSD0S  */ 


static  void 

e x i t W i p e 1 ( i n t code,  void  *base) 

{ 

/ * Wipe  the  stack  */ 
if  (stackO) 

memsetCbase,  0,  ((char  *) (stackO)-(char  *)base)); 


# i f 0 


# e n d i f 

# i f d e f 

U e n d i f 
> 


/*  Disabled  until  stdio  problems  can  be  resolved  */ 

/ * Wipe  the  heap  */ 
if  (heapO)  C 

base  = sbrk(0); 

memsetCheapO,  0,  (char  Obase-Cchar  OheapO); 

> 

VMS  /*  On  VMS,  the  bottom  3 bits  are  a severity  * / 
code  = ( 1 < < 2 8 ) | (code  <<  3)  | (1  + (code  !=  0 ) ) ; 

exit(code); 


/* 

* This  recursively  calls  itself  until  it  has  eaten  enough  stack, 

* then  wipes  it. 

* ASSUMPTIONS:  it  assumes  that  the  stack  is  contiguous  and  grows  downwards. 

* (This  is  reasonably  portable  in  practice, 

* even  though  counterexamples  exist.) 

* If  these  are  violated,  who  knows  what  will  happen! 

*/ 


static  void 
exitWipe(int  code) 
{ 
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char  bufC1024]; 

if  (stackO  &&  (char  *)stackO  - buf  < 16384) 

exitWipe(code);  / * Recursive  call  to  fill  stack  * / 
exitWipeICcode,  buf); 

} 


# e nd  i f / * IMSDOS  * / 


void 

e x i t C l e a n u p ( i n t code) 

{ 

FILE  *rs; 
char  const  * f n ; 

/*  close  everything  */ 

mainCloseKeyrings  (1,  newversion); 


i f 


( e n v 0 ) { 

pgpRandPoolKeystroke  (code);  / * Maybe  it's  an  interrupt?  * / 
fn  = pgpenvGetString  (envO,  P G P E N V_R A N D S E E D , NULL,  NULL); 
rs  = fopen  (fn,  "wb"); 
if  ( r s ) ( 

pgpRandSeedWri te  (rs,  NULL,  NULL); 
fclose  (rs); 

> 

pgpenvDestroy  (envO); 


fclose(stdin); 
fclose(stdout); 
f c lose ( stderr ) ; 

exitWipe(code); 

> 

tfifdef  MSDOS 

/* 

* DOS  Error  codes  from  0x13  to  0x27  are  reported  as  critical  errors, 

* But  they  are  mapped  to  0..0x14  before  being  passed  in  di.  Some 

* fancy  extensions  (like  networks)  can  create  more. 

* Actually,  Ox 

*/ 

static  char  const  * const  doserrsl]  = { 

"Write  protect  error$", 

"Unknown  units", 

"Drive  not  ready$", 

"Unknown  commands", 

"Data  error  (bad  CRC)$", 

"Bad  request  structure  lengths", 

"Write  protect  errorS", 

"Seek  errorS", 

"Unknown  media  typeS", 

"Sector  not  foundS", 

"Printer  out  of  paperS", 

"Write  faults", 

"Read  faults ", 

"General  failure" 

"Sharing  violations". 
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"Lock  violations", 

"Invalid  disk  changeS", 

"FCD  unavai  lableS", 

"System  resource  exhaustedS", 

"Code  page  mismatchS", 

"Out  of  inputs", 

"Insufficient  disk  spaceS", 

"Unknown  errorS"  /*  Catch-all  */ 


static  char  const  * const  readwri te[]  = { 

"Reading",  "Writing" 

>; 

static  char  const  * const  areal]  = C 

"DOS  area",  "file  allocation  table",  "disk  directory”,  "file  area" 

>; 


# i f n d e f BORLANDC 

/* 

* Microsoft  Visual  C somehow  distinguishes  between  "const  void  far  *" 

* (which  works)  and  "void  const  far  *"  and  "void  far  const  *" 

* (which  don't).  I have  no  idea  why.  If  you  move  the  const  after  the  void, 

* trying  to  pass  a "char  const  *"  (or  a "const  char  *")  produces  a warning. 

* Ugh!  (It  also  blows  up  if  the  " far"  comes  before  the  "void".  Huh?) 

*/ 

i n t 

bdosptr(int  code,  const  void  far  *ptr,  int  subcode) 

{ 

union  _R  E G S regs; 
struct  _SREGS  segregs; 

regs. h. ah  = code; 
regs.h.al  = subcode; 
regs.x.dx  = _F P_0 F F ( p t r ) ; 
segregs. ds  = _F P_S EG ( p t r ) ; 

_intdosx(Sregs,  Sregs,  Ssegregs); 
return  regs.x.cf  lag  ? -1  : regs.  x.  ax; 

> 

# e n d i f /*  ! BORLANDC  */ 


/* 

* The  registers  are  passed  in  the  following  order. 


: k 

i f 

ax  bit  15  (ah  bit  7)  i 

s CLEAR, 

i t 

1 s a 

disk 

error. 

k 

a h 

bit  0 is  1 if  a write 

error;  0 

i f 

a read  error. 

k 

a h 

bits  1 and  2 identify 

the  area 

o f 

the 

disk 

with  the  error: 

k 

0 

(00)  for  DOS  area 

k 

1 

(01 ) for  FAT 

* 2 (10)  for  disk  directory 

* 3 (11)  for  files  area 

* al  gives  the  drive  code  (0  = a:,  1 = b:,  etc.) 

* 

* If  ax  bit  15  (ah  bit  7)  is  SET,  it's  a non-disk  error. 

* Either  a character  device  error  or  a corrupted  in-memory  FAT. 

* In  this  case,  the  rest  of  ax  is  meaningless. 

* 

* In  either  case,  the  bottom  half  of  di  gives  the  driver  error  code. 

* bp:si  point  to  the  device  driver  header  responsible 
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* 

* If  a character  device,  examine  the  device  attribute  word  at  bp:si+4. 

* If  bit  15  is  set  (character  device),  you  can  use  the  name  field. 

* Device  driver  header: 

* Offset  Len  Purpose 

* 0 4 Next  device  link  (-1  if  no  others) 

* 4 2 Deviceflags 

*6  2 Strategy  function 

* 8 2 Interrupt  function 

* 10  8 Device  name  (space-padded) 

* 

* Flag  bits: 

* 0 - standard  input  device 

* 1 - standard  output  device 

* 2 - Null  devoce 

* 3 - Clock  device 

* 4 - Sepcial 

* 5-10  Reserved,  MBZ 

* 11  - Device  supports  removable  media 

* 12  - Reserved,  MBZ 

* 13  - Non-IBM  format 

* 14  - IOCTL 

* 15  - Character  device 

* 

* A DOS  CRITICAL  ERROR  HANDLER  MAY  ONLY  USE  DOS  FUNCTIONS  0-12! 

* Return  code  is:  0 = _H A R D E R R_I G N 0 R E , 1 = _H A R D E R R_R E T R Y , 

* 2 = _H  A R D E R R_A  B 0 R T (int  23),  3 = _H A R D E R R_F A I L (DOS  3+). 

* / 

void  f a r 

h a r d E r r H a n d l e r ( un s i g n ed  di,  unsigned  ax,  unsigned  far  tdevhdr) 

{ 

char  buf£640; 
i n t i ; 

di  8 = Oxff; 

sprintf(buf,  "\r\nDos  error  %d:  $",  di); 

bdosptr(9,  buf,  0 ) ; 

if  (di  >=  s i z e o f ( d o s e r r s ) / s i z e o f ( *do s e r r s ) ) 

di  = sizeof(doserrs)/sizeof(*doserrs)  - 1; 
bdosptr(9,  doserrsLdiO,  0 ) ; 
bdosptr(9,  "\r\n$",  0); 

if  (ax  & 0x8000)  ( /*  Disk  error  */ 

sprintf(buf,  "%s  %s  of  drive  %c:\r\n$", 

readwri telax>>8  8 10,  areaCax>>9  & 30,  'A'  + ax  & 2 5 5 ); 

bdosptr(9,  buf,  0); 

0 else  T 

if  ( F P_S E 6 ( d e v h d r ) + 1 88  F P_0 F F ( d e v h d r ) + 1 
88  (devhdrC20  8 0x8000))  ( 

/*  Character  device  */ 
i = 8; 

while  (((char  far  * ) d e v h d r ) C 1 0 + -- i 0 88  i) 

/ 

sprintf(buf,  "Accessing  device  \ " % . * s \ " \ r \ n$  " , 

i,  ((char  far  *)devhdr)  + 10); 

bdosptr(9,  buf,  0); 

> else  T 

/*  Error  with  in-memory  FAT  */ 
bdosptr(9,  "Accessing  in-memory"\ 
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" file  allocation  table. \r\n$",  0); 

> 

> 

_hardresume(_HARDER  R_F  AIL); 

> 

# e n d i f / * MSDOS  * / 


static  int  exitSigpipeCount  = 0; 


static  void 
exitBreak  (int  sig) 

{ 

int  code  = PG P E X I T_S I G N A L ; 


ft  i f d e f 


ft  e n d i f 
ft  i f d e f 


ft  e n d i f 
ft  i f d e f 


ft  e n d i f 


> 


SIGPIPE 

if  (sig  ==  SIGPIPE  &&  ++ e x i t S i g p i p e C o u n t < 5)  ( 

(void)signal  (sig,  exitBreak); 
return; 

} 


SIGINT 
if  (sig 


> else 


==  SIGINT)  ( 

fputs  ("\nStopped  at  user  request  . \ n", 
code  = P G P E X I T_B  R E A K ; 


S IGABRT 
if  (sig 


> else 


==  SIGABRT)  { 

fputs  ("\nlnternal  error. \n",  stderr); 
code  = PGPEXIT_INTERNAL; 


fprintf  (stderr,  "\nReceived  signal  %d. 
exitCleanup  (code); 


/*  The  signals  to  trap  */ 
static  int  const 
sigTableCT  = i 

#ifndef  EXPIRY_DATE  /*  Do  NOT  trap  on  beta  versions 

flifdef  SIGABRT 

SIGABRT, 

ft  e n d i f 
ft  e n d i f 

#ifdef  SIGALRM 

SIGALRM, 

ft  e n d i f 

# i f d e f SIGBUS 

SIGBUS, 

ft  e n d i f 

# i f d e f SIGEMT 

SIGEMT, 

ft  e n d i f 

tfifdef  SIGFPE 

SIGFPE, 

ft  e nd  i f 

# i f d e f SIGHUP 

S IGHUP, 

ft  e n d i f 


stderr); 


\ n " , s i g ) ; 
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# i fdef  SIGILL 

SIGILL, 

ft  e nd  i f 

#ifdef  SIGINT 

SIGINT, 

ft  e n d i f 

ft  if  def  i ned(SIGIOT)  &&  SIGIOT 
SIGIOT, 

ft  e n d i f 

ft  i fdef  SIGPIPE 

SIGPIPE, 

ft  e nd  i f 

#ifdef  SIGQUIT 

SIGQUIT, 

ft  e nd  i f 

# i fdef  SIGSEGV 

SIGSEGV, 

ft  e n d i f 

tfifdef  SIGSYS 

S IGS YS, 

ft  e nd  i f 

# i f d e f SIGTERM 

SIGTERM, 

ft  e n d i f 

# i fdef  SIGTRAP 

SIGTRAP, 

ft  end  i f 

# i f d e f SIGXCPU 

SIGXCPU, 

# e nd  i f 


ft  i f d e f 
ft  e nd  i f 
>; 


SIGXFSZ 

SIGXFSZ, 

-1  / * Terminate 


! = SIGABRT 


i s t * / 


void 

exitSetup  (struct  PgpEnv  *env, 
int  newvers) 


int  i ; 


void  *stacktopr 


void  *heaptop. 


i n t 


for  ( i 

> 


= 0;  sigTableCid  >=  0;  i + + ) { 
if  (signal  ( s i g T a b l e C i ] , SIG_IGN)  !=  SIG_IGN) 
(void)signal  ( s i g T a b l e C i ] , exitBreak); 


program_name  = prog; 
envO  = env; 
stackO  = stacktop; 
newversion  = newvers; 

ft  if  def  i ned  ( UN  IX  ) ||  defined( BORLANDC ) 

heapO  = heaptop; 

ft  e n d i f 


# i fdef  MSDOS 

_harderr(hardErrHandler); 

ft  e n d i f 

> 


prog. 
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exit.h 

/* 

* exit.h  --  Header  file  for  Exit  routines 

* 

* $ I d : ex i t . h , v 1.4  1 996/1  1 /1  2 01:42:24  mhw  Exp  $ 

* / 

# i f nde  f attribute 
# i f GNUC 

//define  attribute(x)  attribute (x) 

//else 

//define  attribute(x)  /*nothing*/ 

U e n d i f 
U e n d i f 

struct  PgpEnv; 

void  exitCLeanup  (int  code); 

void  exitSetup  (struct  PgpEnv  *env,  void  *stacktop,  void  *heaptop,  int 

int  newver); 

void  exitExpiryCheck  (struct  PgpEnv  *env); 
void  exi tArgError  (char  const  * f m t , ...); 

void  exitUsage  (int  code); 

/*  These  are  defined  to  be  equivalent  to  Colin's  original  code  */ 


# d e f i 

n e 

PGPEX  IT_ 

OK 

0 

# d e f i 

n e 

P G P E X I T_ 

ARGS 

7 

# d e f i 

n e 

P G P E X I T_ 

VERSION 

9 

ft  d e f i 

n e 

P G P E X I T_ 

BREAK 

1 5 

#d  e f i 

n e 

P G P E X I T_ 

SIGNAL 

1 6 

ft  d e f i 

n e 

PGPEX I T_ 

.NOMEM 

1 7 

# d e f i 

n e 

P G P E X I T_ 

INTERNAL 

1 8 

# d e f i 

n e 

EXI T_P  R0G_PGPM  1 

U d e f i 

n e 

EXI T_P  R0G_PGPK  2 

prog. 


26 


apps/ common/file. c 


file.c 

/* 

* file.c  --  Functions  to  handle  filenames 

■ k 

* Written  by:  Colin  Plumb  and  Derek  Atkins  <warlordaMIT.EDU> 

* 

* Sid:  file.c,v  1.13.2.1  1996/11/14  04:09:16  cbertsch  Exp  $ 

*/ 


# i f d e f H A V E_C  0 N F I G_H 
^include  "config.h" 

U e n d i f 


//include 
ft  i n c l u d e 
//include 
ft  i n c l ud  e 


<assert  . h> 
<stdarg.h> 
< s t d i o . h > 
<string.h> 


//include  " pg p / pg pme m . h " 
//include  "file.h" 


/ * 

* DIRSEPS  is  a string  of  possible  directory-separation  characters 

* The  first  one  is  the  preferred  one,  which  goes  in  between 

* P6PPATH  and  the  file  name  if  PGPPATH  is  not  terminated  with  a 

* directory  separator. 

* 

* PATHSEP  is  a the  directory  separator  within  a PATH  of  directories. 

* Only  one  character  per  platform,  please 
*/ 


//if  d e f i n e d ( M S D 0 S ) ||  d e f i n e d ( A T A R I ) ||  d e f i n e d (_W  I N 3 2 ) 
static  char  const  DIRSEPSC]  = "\\/:"; 

//define  PATHSEP 
//define  S I N G L E_E  X T 1 

//elif  d e f i n e d ( U N I X ) 

static  char  const  DIRSEPSC]  = 

//define  PATHSEP  ' : ' 

//elif  d e f i n e d ( A M I G A ) 

static  char  const  DIRSEPSC]  = "/:"; 

//define  PATHSEP 

//elif  defined(VMS) 

static  char  const  DIRSEPSC]  = "]:";  /*  Any  more?  */ 

//define  PATHSEP 
//define  S I N G L E_E  X T 1 

//elif  def  ined(MACINTOSH) 
static  char  const  DIRSEPSC]  = 

//define  PATHSEP 

//else 

//error  Unknown  operating  system  - need  one  of\ 

UNIX,  MSDOS,  AMIGA,  ATARI,  VMS,  or  MACINTOSH. 

//  e n d i f 


/* 
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* Build  a path  name  out  of  a number  of  segments. 

* Each  segment  is  separated  from  the  next  with  DIRSEPSCOD  if 

* it  does  not  end  in  a directory  separator  already. 

* 

* A first  pass  over  the  argument  list  adds  up  the  length  of  the  result, 

* then  space  is  allocated  for  it,  then  a second  pass  copies  the  result 

* to  the  allocated  space. 

* 

* The  first  pass  records  in  "flag"  whether  the  previous  segment  did  NOT  end 

* in  a directory  separator  and,  if  the  current  segment  exists,  adds  space 

* for  a separator  if  flag  is  true. 

* 

* Then,  if  there  was  only  one  segment  of  note,  that  is  returned  directly. 

* Otherwise,  space  is  allocated  in  the  MiscPool. 

* Finally,  the  loop  is  repeated,  copying  to  the  allocated  space  and  inserting 

* directory  separators  as  needed. 

* 

* This  function  always  returns  a newly  allocated  buffer.  It  is  the 

* responsibility  of  the  caller  to  free  it  when  finished. 

* / 

char  * 

fileNameBuildlchar  const  * s e g , ...) 

{ 

va_list  ap; 

unsigned  seglen,  len,  flag; 
char  const  *curseg,  *prevseg; 
char  * p , * r e t ; 

/*  Start  by  counting  the  length  of  the  result  */ 
va_start  (ap,  seg); 
prevseg  = 0 ; 

len  = seglen  = flag  = 0 ; 

for  (curseg  = seg;  curseg;  curseg  = va_arg(ap,  char  const  *))  { 

seglen  = strlen  (curseg); 
if  ( ! s e g l e n ) 

continue; 
prevseg  = curseg; 
len  +=  seglen  + flag; 

/*  Does  curseg  need  a directory  separator 
flag  = ( s t r c h r ( D I R S E P S , curseglseglen-1 ]) 

> 

v a_e  n d ( a p ) ; 

/*  Allocate  space  for  the  combined  string  */ 
p = (char  *)pgpMemAlloc  (len+1);  / * +1  for 

if  ( ! p ) 

return  0; 

ret  = p; 

/*  Combine  the  elements  together  */ 
va_start  (ap,  seg); 
flag  = 0 ; 

for  (curseg  = seg;  curseg;  curseg  = va_arg  (ap,  char  const  *))  C 
seglen  = strlen  (curseg); 
if  (Iseglen) 

continue; 
if  (flag) 

*p++  = DIRSEPSEO]; 
memcpy  (p,  curseg,  seglen); 


added?  */ 
= = 0); 


trailing  null  * / 
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p + = seglen; 

/*  Does  curseg  need  a directory  separator  added?  */ 
flag  = (strchr  (DIRSEPS,  curseglseg  len-1 ])  ==  0 ) ; 

> 

v a_e  nd ( a p ) ; 

*p  = '\0';  /*  Null-terminate  the  string  */ 

return  ret; 


char  * 

f i l e N a me E x t e nd  (char  const  *base,  char  const  *ext) 

{ 

char  * n a m e = (char  *)pgpMemAlloc  (strlen  (base)  + strlen  (ext)  + 1 ) ; 

if  ( ! name  ) 

return  NULL; 

strcpy  (name,  base); 
strcat  (name,  ext); 

return  name; 

> 


char  * 

f i leNameContract  (char  const  *base) 

{ 

char  *name  = (char  * ) p g pM e m A l l o c (strlen  (base)  + 1); 
char  * p ; 

if  ( ! name ) 

return  NULL; 

strcpy  (name,  base); 

/*  remove  an  ending  */ 
p = strrchr  (name,  '.'); 
if  ( p ) 

* p = ' \ 0 1 ; 

return  name; 

> 

char  * 

f i LeNameNextDi rectory  (char  const  *path,  char  const  **rest) 

{ 

char  const  *d; 
char  *name; 
unsigned  len; 

d = strchr  (path,  PATHSEP); 
if  (d)  { 

len  = d - path; 
d + + ; 

> else 

len  = strlen  (path); 

if  (rest) 

★rest  = d; 
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name  = (char  *)pgpMemAlloc  (Len  + 1 ) ; 
if  (iname) 

return  NULL; 

memcpy  (name,  path,  len); 
namet  Len]  = ' \ 0 ' ; 
return  name; 

> 

char  * 

f i L e N a m e E x t e nd Pa t h (char  const  *path,  char  const  *dir,  int  front) 
{ 

char  * p , * t ; 


> 


assert  (dir); 


P 

i f 


> 


(char  * ) p g p M e m A L L o c 
(p)  ( 


((path  ? strlen  (path) 

+ 2); 


t = p; 

if  (front)  ( 

memcpy  (t,  dir,  strlen  (dir)); 
t +=  strlen  (dir); 
if  (path)  { 

*(t++)  = PATHSEP; 
memcpy  (t,  path,  strlen 
t +=  strlen  (path); 

> 


> else 


> 


* t = 1 \ 0 ' ; 

{ 

if  (path)  { 

memcpy  (t,  path,  strlen 
t +=  strlen  (path); 

* ( t + + ) = PATHSEP; 

> 

memcpy  (t,  dir,  strlen  (dir)); 
t +=  strlen  (dir); 

* t = 'Non- 


return p; 


0 ) + strlen 


( p a t h ) ) ; 


(path)); 


(dir) 
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file.h 

/ * 

* file.h  --  build  filenames  for  PGP  applications 

★ 

* Written  By:  Derek  Atkins  < w a r l o rd 3M I T . E D U> 

* 

* $ I d : f i l e . h , v 1.7  1 996/1  1 /1  2 01:42  : 25  mhw  Exp  $ 

*/ 

char  * f i l e N a m e B u i l d (char  const  *seg,  ...); 

char  *fileNameExtend  (char  const  *base,  char  const  * e x t ) ; 

char  *f i leNameContract  (char  const  * b a s e ) ; 

char  * f i l e N a m e N e x t D i r e c t o r y (char  const  *path,  char  const  **rest  ) 
char  * f i l e N a me  Ex t e nd Pa t h (char  const  *path,  char  const  *dir,  int 


front)  ; 
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initapp.c 

/ * 

* initapp.c  initialize  a PGP  application. 

★ 

* Written  By:  Derek  Atkins  < w a r l o r d a M I T . E D U > 

★ 

* $ I d : initapp.c, v 1.1  2.2.2  1 996/1  1 /1  4 04:09:1  6 cbertsch  Exp 
*/ 


//ifdef  HAVE  CONFIG  H 


//include 

U e n d i f 

" c o n f i g . h " 

//include 

<assert  . h> 

//include 

< s t d i o . h > 

#i  nc  lude 

<string.h> 

//ifdef  H A V E_S  T D L I B_H 

# i n c l u d e 

# e n d i f 

<stdlib.h> 

//ifdef  H A V E_U  NIST  D_H 

//include 
//  e n d i f 

<unistd.h> 

//include 

"pgp/pgpmem.h" 

//include 

"pgp/pgpleaks.h 

//include 

"pgp/pgpconf  . h" 

//include 

"pgp/pgpenv  . h" 

//include 

"pgp/pgper r . h" 

//include 

"pgp/ randseed  . h 

//include 

"pgp/userio.h" 

//include 

"exi t . h" 

# i n c l ud  e 

" f i l e . h " 

//include 

"initapp.h" 

/ * for  sbrk()  * / 


i n t 

pgpInitApp  (struct  PgpEnv  **envp,  void  *stacktop, 

struct  PgpUICb  const  *ui,  void  *ui_arg,  int  exit 
int  newvers) 

struct  PgpEnv  * e n v ; 
void  *heaptop; 

FILE  * r s , *sc; 

char  *fn,  *conf di r,  *upath  = NULL; 
char  const  * p c , *pgppath; 

// if  d e f i n e d ( U N I X ) ||  definedC BORLANDC ) 

/*  Find  the  top  of  the  heap  */ 
heaptop  = sbrk(O); 

//else 

heaptop  = NULL; 

tie  n d i f 


assert  (envp); 

env  = *envp  = pgpenvCreate  (); 
if  ( ! e n v ) 

exitCleanup  ( P G P E X I T_N 0 M E M ) ; 


Prog, 
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# i f d e f 


#end  i f 


# i f d e f 
U e L s e 

# e n d i f 

# i f d e f 


/*  setup  the  exit  routines  */ 

exitSetup  (env,  stacktop,  heaptop,  exit_prog,  newvers); 


/*  Try  to  find  the  PGPPATH  */ 

if  ((pc  = getenv  ("PGPPATH"))  !=  NULL) 

pg pen v S e t S t r i ng  (env,  PG P E NV_PG P P AT H , pc, 

PGPENV_PRI_PUBDE FAULT) ; 


UNIX 
else  if 


> 


((pc  = getenv  ("HOME"))  !=  NULL)  { 

fn  = fileNameBuild  (pc,  ".pgp",  NULL); 

/*  XXX  --  check  for  file's  existence  */ 
pg p e n v S e t S t r i n g (env,  P G P E N V_PG P P A T H , fn, 

P G P E N V_P  RI_PUBDEFAULT); 

pgpMemFree  (fn); 


pgppath  = pgpenvGetString  (env,  PG P E N V_PG P P A T H , NULL,  NULL); 

/*  Ok,  PGPPATH  is  a PATH  of  directories.  Find  the  first  one..  */ 
confdir  = f i LeNameNextDi rectory  (pgppath,  NULL); 
assert  (confdir); 

fn  = fileNameBuild  (confdir,  "pubring. pgp",  NULL); 

pgpenvSetStri ng  (env,  P G P E N V_P U B R I N G , fn,  PG P E N V_P R I_P R I V D E F A U L T ) ; 
pgpMemFree  (fn); 


fn  = fileNameBuild  (confdir,  "secring.pgp",  NULL); 

pgpenvSetStri ng  (env,  P G P E N V_S E C R I N G , fn,  P G P E N V_P R I_P R I V D E F A U L T ) ; 
pgpMemFree  (fn); 

fn  = fileNameBuild  (confdir,  "randseed.bin",  NULL); 

pgpenvSetStri ng  (env,  P G P E N V_R A N D S E E D , fn,  P G P E N V_P R I_P R I V D E F A U L T ) ; 

/*  Read  in  the  randseed  file  */ 
rs  = fopen  (fn,  "rb"); 
if  ( r s ) { 

pgpRandSeedRead  (rs,  NULL); 
fclose  (rs); 

> else 

fprintf  (stderr,  "No  randseed  file  found . \n" ) ; 
pgpMemFree  (fn); 

p g p e n v S e t S t r i n g (env,  PGPENV_TMP, 

VMS 

getenv  ( " S Y S $ S C R A T C H " ) , 
getenv  ( " TMP"  ) , 

PG PE NV_PR I_PUBDE  FAULT ) ; 


upath  = getenv  ("PGPUPATH"  ); 

PGPSYSDIR 

/*  Read  the  system  config  file  */ 

fn  = fileNameBuild  (PGPSYSDIR,  "config.txt",  NULL); 
/*  No  error  if  doesn't  exist  */ 
sc  = fopen  (fn,  " r " ) ; 
if  (sc)  { 

fclose(sc); 
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tt  e n d i f 


> 

it  i f d e f 
i n t 

mainO 

{ 


it  i f d e f 
# e n d i f 


pg p C o n f i g F i L e P r o c e s s (ui,  ui_arg,  env,  fn,  PG P E NV_P R I_S Y S C ON F ) ; 

> 

pgpMemFree  (fn); 

upath  = fileNameExtendPath  (upath,  PGPSYSDIR,  0); 

/ * 

* If  PGPSYSDIR  is  defined  in  the  environment,  read  config.txt 

* from  that  directory. 

*/ 

pc  = getenv  ("PGPSYSDIR"); 
if  ( pc ) { 

fn  = fileNameBuild  (pc,  "config.txt",  NULL); 
pg p C on f i g F i L e P r o c e s s (ui,  ui_arg,  env,  fn, 

PGPENV_PRI_SYSC0NF+1 ) ; 

pgpMemFree  (fn); 

upath  = fileNameExtendPath  (upath,  pc,  0); 

> 

/*  Now  set  the  Untrusted  Path  in  the  environment  */ 

pgpenvSetString  (env,  P G P E N V_U P A T H , upath,  PG P E N V_P R I_P U B D E F A U LT ) ; 

/*  Read  the  user's  config  file  */ 

fn  = fileNameBuild  (confdir,  "config.txt",  NULL); 

pg p C on f i g F i l e P r o c e s s (ui,  ui_arg,  env,  fn,  P G P E N V_P R I_C 0 N F I G ) ; 

pgpMemFree  (fn); 

pgpMemFree  (confdir); 
return  0; 


MACINTOSH 


static  char  bufC256]; 
static  char  *argvC32II; 
int  argc  = 0; 
int  result; 
char  *p; 

pgpLeaksStartSessionC'main"); 

MACINTOSH 

atexit(pgpLeaksEndSession); 

fputs(" Command  ->  ",  stdout); 
p g p T t y G e t S t r i n g ( b u f , sizeof(buf),  NULL); 
argc  = 0 ; 
p = b u f ; 

while  (argc  < sizeof(argv)  / sizeof (argvEOl) 
&&  (argvLargcH  = strtok(p,  " ")))  { 

P = 0; 
argc++; 

} 

result  = appMain(argc,  argv); 

exitCleanup(result); 

return  result; 
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//else 
i n t 

m a i n ( i 

#i f def 
//  e n d i f 

> 

# e n d i f 


nt  argc,  char  *argvC3) 
int  result; 

pgpLeaksStartSessionl" 

MACINTOSH 

atexitlpgpLeaksEndSess 

result  = a p pMa i n ( a r g c , 
exitCleanup(result); 
return  result; 


main"); 

ion); 

argv); 
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initapp.h 

/ * 

* initapp.h  --  Initalize  a PGP  Application  from  config  files,  etc. 

* 

* Written  By:  Derek  Atkins  < w a r l o r d a M I T . E D U > 

★ 

* $Id:  initapp.h, v 1.8  1 996/1  1 /1  2 01:42:25  mhw  Exp  $ 

*/ 

# i f n d e f PG P_I N I T A P P_H 
#def i ne  PGP  INITAPP  H 


struct  PgpEnv; 
struct  PgpUICb ; 

/ * 

* envp  must  be  a valid  pointer, 

* stacktop  should  be  the  top  of  the  stack  (Sargc) 

* ui  and  ui_arg  should  be  filled  in. 

* 

* This  function  must  be  called  before  any  allocations  take  place. 

* so,  it  should  probably  be  the  first  (or  close  to  the  first)  thing 

* that  takes  place. 

*/ 

int  pgpInitApp  (struct  PgpEnv  **envp,  void  *stacktop, 

struct  PgpUICb  const  *ui,  void  *ui_arg,  int  exi t_prog, 
int  newver); 

/* 

* This  routine  must  be  defined  for  each  application.  It  works  just  li 

* initapp.c  contains  the  real  mainO,  which  calls  appmai n(  ) . This  is 

* on  the  Macintosh,  main  doesn't  get  called  with  any  parameters,  so  we 

* to  read  the  arguments  from  the  command  line  from  within  mainO  . 

* / 

int  appMain  (int  argc,  char  *argvCD); 

# e n d i f /*  PGP  INITAPP  H */ 


k e main, 
because 
need 
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keyrings. c 

/ * 

* Keyrings. c --  opens  all  the  known  keyrings 

* 

* Written  By:  Derek  Atkins  <warlorda)MIT.  EDU> 

★ 

* $ I d : keyrings. c,v  1.1  6 1 996/1  1 /1  2 01:42:25  mhw  Exp  $ 
*/ 


//ifdef  HAVE  CONFIG  H 


//include 
//end  i f 

"config.h" 

//include 

<assert . h> 

//include 

< s t d i o . h > 

//ifdef  H A V E_U  NIST  D_H 

//include 
# e n d i f 

<unistd.h> 

^include 

"pgp/pgpmem.h" 

//include 

"pgp/pgperr . h" 

//include 

"pgp/pgpenv.h" 

//include 

"pgp/pgpfi  le . h" 

//include 

"pgp/ringpub.h" 

//include 

"pgp/ringread.h 

//include 

" f i l e . h " 

//include 

" keyrings. h" 

/ ★ For  unlink  * / 


/*  Maintain  linked  list  of  open  keyrings  and  keyfiles  so  they  can  be 
rewritten  if  required.  */ 


static  s 

truct  OpenFi 

le  { 

struct 

OpenFi  le 

★next; 

struct 

Pgp  F i l e 

★ pfp; 

struct 

R i n g F i l e 

* r i n g f i l e ; 

struct 

RingSet 

★newset; 

i n t 

trusted; 

i n t 

flags; 

char 

fi  l ename  L 1 3 

> o p e n f i 

les  = {NULL, 

NULL,  NULL, 

/ * 

* This  writes  out  a RingSet  which  is  a replacement  for  a RingFile 

* which  is  open.  We  do  it  carefully  since  on  some  OS's  we  can't 

* rename  open  files.  This  closes  the  RingFile  and  the  RingSet 

* in  the  process,  so  the  RingSet  must  be  one  for 

* which  this  is  legal  (not  from  ringFileSet  for  example). 

* Renames  existing  file. ext  to  file.bak. 

* / 

static  i n t 

m a i n W r i t e o u t S e t (char  const  *file,  int  flags,  struct  RingSet  *set, 

struct  RingFile  *oldrfile,  PgpVersion  version, 
struct  PgpFile  *pfp) 

{ 

struct  PgpFile  * p f p 2 ; 
char  * t m p , ★ t m p 2 , * b a k ; 
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FILE  * f p 2 ; 
int  error  = 0; 


/* 


> 


tmp  = f i LeNameContract  (file); 
bak  = fileNameExtend  (tmp,  ".bak"); 
tmp2  = fileNameExtend  (tmp,  ".pg2"); 
pgpHemFree(tmp); 

/*  Write  out  new  data  to  tmp2  file  */ 
fp2  = fopen  (tmp2,  "wb"); 
if  ( ! f p 2 ) { 

pgpMemFree(tmp2); 
pgpMemFree(bak); 
return  PG P E R R_N0_F I L E ; 

> 

pfp2  = pgpFileWriteOpen  (fp2,  NULL); 
error  = ringSetWrite  (set,  pfp2,  NULL, 

version,  flags); 

pgpFileClose(pfp2);  / * closes  fp2  * / 

ringSetDestroy(set); 

if  (error)  { 

unlink  ( t m p 2 ) ; 
pgpMemFree(tmp2); 
pgpMemFree(bak)  ; 
return  error; 

> 

if  ( r i n g F i l e C l o s e (oldrfile)  !=  0)  ( 

/*  Have  a problem  here,  it  should  have  closed  */ 

/*  Probably  due  to  a pesky  RingSet  leak!  */ 

/*  Actually  happens  a lot  with  pgp3,  it  doesn't  care  */ 
fprintf  (stderr,  "Warning:  % s didn't  close!\n",  file);  * / 

> 

/*  Close  the  PgpFile  regardless  */ 
if  ( p f p ) 

pgpFileClose  (pfp); 

/*  Now  rename  the  files  */ 
unlink  (bak); 
rename  (file,  bak); 
unlink  (file); 

if  (rename  (tmp2,  file)  < 0)  { 

fprintf  (stderr,  "Failed  to  rename  %s  to  %s\n",  tmp2,  file); 
perror  ("rename"); 

> 

pgpMemFree  (tmp2); 
pgpMemFree  (bak); 
return  0; 


static  int 
updateRingfi  le 

( 


(struct  OpenFile  *openfile, 
int  newvers) 


int  error; 
int  re; 

PgpVersion  version  = P G P V E R S I 0 N_3 ; 


int  update,  int  force. 


/*  If  caller  has  not  asked  for  the  rings  to  be  written  out  as 
a new  version,  get  the  original  version  of  the  ringfile. 
Otherwise,  we  writeout  in  PGP  3 format  with  additional 
trust  bytes  (if  I0LDTRUST)  */ 
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/ * 


*/ 


> 


if  ( ! newvers  S S openfile->ringfile) 

version  = ringFileVersion  (openfi  le->ringfile); 

if  ( openf i l e->newset ) { 

/*  Have  a replacement  for  the  RingFile  */ 
error  = mai nWri teoutSet  ( op e n f i I e-> f i l e na me , 

openfi  le->flags,  openfi  le->newset, 
o p e n f i l e - > r i n g f i l e , version, 
openfi  l e - > p f p ) ; 
return  error; 

> 

/* 

* Here  we  are  just  closing  the  same  as  the  ringFile  we 

* opened.  See  if  it  needs  to  be  written. 

*/ 

if  (update  SS  openfi  le->trusted  SS 

( r i n g F i l e I s D i r t y ( o p e n f i l e - > r i n g f i l e ) || 
r i n g F i l e I s T r u s t C h a n g e d ( o p e n f i l e-> r i n g f i l e ) ) ) { 

return  mainWriteoutSet  ( open f i l e-> f i l ename  , 
openfile->flags, 

ringSetCopy  (ringFileSet  ( o p e n f i l e - > r i n g f i l e ) ) , 
o pe n f i l e-> r i n g f i l e , version,  o p e n f i l e-> p f p ) ; 

> 

/*  Close  if  we  can,  or  if  the  force  flag  is  set.  If  file  cannot 

be  closed  (because  it  is  the  last  'home'  of  one  or  more  objects), 
mark  it  as  pending  by  setting  the  filename  to  zero  length,  and 
setting  the  trust  flag  to  untrusted.  This  will  ensure  no  attempt 
will  be  made  to  rewrite  it  later.  */ 

if  ((re  = r i ng F i l e C l o s e ( open f i l e-> r i ng f i l e ) ) ==  0) 
pgpFileClose  (openfi  le->pfp); 

else  { 

fprintf  (stderr,  "Error,  file  %s  did  not  c lose  ! \n", 
openfi  l e — > f i lename); 

if  (force)  C 

pgpFileClose  (openfi  le->pfp); 

> else  C 

openfi  le->filename[03  = ' \ 0 1 ; 

openfi  le->trusted  = 0; 

} 

> 

return  rc; 


i n t 

ma  i n R i n g N e w S e t (char  const  *f i lename,  int  flags,  struct  RingSet  *set) 

{ 

struct  OpenFile  *openfile; 


openfi  le  = openfi  les. next; 
white  (openfile  !=  NULL  SS 

stremp  ( o pe n f i l e-> f i l e na me , filename) 
openfile  = openfi  le->next; 


} 


! = 0)  { 
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if  (lopenfile)  -C 

openfile  = (struct  OpenFile  * ) pg p M e m A L L o c ( 

sizeof  (struct  OpenFile)  + strlen  (filename))  ; 

if  (lopenfile) 

return  PG P E R R_N OM E M ; 
strcpy  (openfile->filename,  filename); 
openfile->ringfile  = NULL; 
openfile->pfp  = NULL; 
openf i le->trusted  = 0; 
openf i le->newset  = NULL; 
openf i le->next  = openfiles.next; 
openfiles.next  = openfile; 

> 

if  (openf i le->newset ) { 

ringSetDestroy(openfile->newset); 

} 

openf i le->newset  = set; 
openfile->flags  = flags; 
return  0; 

> 


/ * Close  all  ringfiles  on  the  linked  list,  updating  them  if  requested 
and  required.  * / 

void 

mai nC  loseKeyri ngs  (int  update,  int  newvers) 
t 

struct  OpenFile  *openfile; 

openfile  = openfiles.next; 
while  (openfile)  { 

updateRingfile  (openfile,  update,  1,  newvers); 
openfiles.next  = openf i le->next; 
pgpMemFree  (openfile); 
openfile  = openfiles.next; 

} 

> 


struct  RingSet 
mainOpenRingfi 

{ 


* 

e (struct  PgpEnv  const  *env,  struct  RingPool  *ringpool, 

char  const  *f i lename,  char  const  *ringtype,  int  trusted) 


struct  PgpFile  *pfp; 
struct  RingFile  *ring; 

FILE  * f p ; 

struct  OpenFile  *openfile; 
int  error  = 0; 

int  verbose  = pgpenvGetlnt  (env,  P G P E N V_V E R B 0 S E , NULL,  NULL); 


/*  Check  if  file  already  open  */ 


for 


> 


(openfile  = openfiles.next;  openfile;  openfile  = openf i le->next)  { 
if  (strcmp  (filename,  openf i l e->f i l ename  ) ==  0) 

return  (ringSetCopy  (ringFileSet  (openfile->ringfile))); 
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■f  p 

= f open 

(fi  lename. 

" rb"  ) ; 

pfp 

= pgpFi 

LeReadOpen 

(fp,  NULL,  NULL);  /*  chain  errors  * / 

i f 

(pfp)  { 

i f 

(verbose  > 

PGPERR  VERBOSE  1) 

fprintf  (stderr,  "Reading  %s  keyring  \"%s\"\n", 
ringtype,  filename); 

ring  = ringFileOpen  (ringpool,  pfp,  trusted,  Serror); 
if  (error  &&  verbose  > PG P E R R_V E RBO S E_0 ) 

fprintf  (stderr,  "ringFileOpen  returned  %d:  %s\n", 

error,  pgperrString  (error)); 

if  (ring)  { 

if  ([(openfile  = (struct  OpenFile  * ) pgpMemA  l l oc  ( 

sizeof  (struct  OpenFile)  + strlen  (filename)))) 
return  NULL; 

openfile->ringfile  = ring; 
openfile->pfp  = pfp; 
openfile->trusted  = trusted; 
openfile->flags  = 0; 
openf i le->newset  = NULL; 

if  (strcmp  (ringtype,  "public")  ==  0 &&  trusted) 
openfi  le->flags  = P G P_W R I T E T R U S T_P U B ; 
strcpy  (openfi le->f i lename,  filename); 
openfi  le->next  = openfi  les. next  ; 
o p e n f i l e s . n e x t = openfile; 
return  ringSetCopy  (ringFileSet  (ring)); 

> 


> else 


> 


if  (verbose  > P G P E R R_V E R B 0 S E_0 ) { 

fprintf  (stderr,  "Cannot  open  %s  keyring 
ringtype,  filename); 


\"%s\"\n". 


> 


return  NULL; 


/ * 

* Open  up  the  keyrings,  as  given  by  the  environment,  and  then 

* set  the  U I Argument  to  the  new  ringpool. 

*/ 


i n t 

mai  nOpenKeyr 


ngs  (struct  PgpEnv  const  *env,  struct 
int  trusted_on ly,  struct  RingSet 


struct  RingSet  *ri  ngset  = NULL,  *tempset  = 
char  const  * f i lename,  *path,  *temppath; 
char  *dir,  * f n ; 


RingPool  *ringpool, 
**ri ngsetp) 

NULL; 


if  ([ringpool  ||  ! ri ngsetp) 

return  - 1 ; 


/*  Open  Secret  Keyring  */ 

filename  = pg p e n v G e t S t r i n g (env,  P G P E NV_S E C R I NG , NULL,  NULL); 
if  (filename  &&  *f i lename) 

ringset  = m a i n 0 p e n R i n g f i l e (env,  ringpool,  filename, 

"secret",  0); 


/*  Open  Public  Keyring  */ 

filename  = pg p e n vG e t S t r i ng  (env,  PG P E N V_PU B R I N G , NULL,  NULL); 
if  (filename  &&  *f i lename) 

tempset  = ma i n 0 p e n R i ng f i l e (env,  ringpool,  filename. 
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i f 


> 


"public". 


(tempset)  l 

if  (ringset)  i 

struct  RingSet  * t s e t ; 

tset  = ringSetUnion  (ringset, 

ringSetDestroy(tempset); 

ringSetDestroy(ringset); 

ringset  = tset; 

> else 

ringset  = tempset; 


i ); 


tempset); 


/*  Now,  open  all  the  keyrings  in  my  PGPPATH  and  PGPUPATH  */ 
path  = pgpenvGetStri ng  (env,  P G P E N V_P G P P A T H , NULL,  NULL); 
assert  (path); 


while 


> 


((dir  = f i leNameNextDi rectory  (path,  Stemppath))  !=  NULL)  { 
fn  = fileNameBuild  (dir,  " pubring. pgp",  NULL); 
if  (strcmp  (fn,  filename)) 

tempset  = ma i n 0 p e n R i n g f i l e (env,  ringpool,  fn, 

"public",  1); 

else 

tempset  = NULL;  / * Don't  re-open  the  same  pubring 
pgpMemFree  (fn); 
if  (tempset)  L 

if  (ringset)  { 

struct  RingSet  * t s e t ; 

tset  = ringSetUnion  (ringset,  tempset); 
ringSetDestroy(tempset); 
ringSetDestroy(ringset); 
ringset  = tset; 

> else 


ringset  = tempset; 

> 

path  = temppath; 
if  ( ! pa  t h ) 

break; 


*/ 


path  = pgpenvGetString  (env,  P G P E N V_U P A T H , NULL,  NULL); 
if  (path  SS  ! trusted_only) 

while  ((dir  = f i LeNameNextDi rectory  (path,  Stemppath))  != 

NULL)  { 

fn  = fileNameBuild  (dir,  "pubring. pgp",  NULL); 
tempset  = ma i n Ope n R i n g f i l e (env,  ringpool,  fn, 

"untrusted  public",  0); 

pgpMemFree  (fn); 
if  (tempset)  { 

if  (ringset)  { 

struct  RingSet  *tset; 

tset  = ringSetUnion  (ringset,  tempset); 
ringSetDestroy(tempset); 
ringSetDestroy(ringset); 
ringset  = tset; 

> else 

ringset  = tempset; 

> 

path  = temppath; 
if  ( ! pa  t h ) 
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> 


> 


break; 


*ri ngsetp  = ringset; 
return  0; 
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keyrings. h 

/ * 

* keyrings. h --  Interface  to  open  all  the  known  keyrings. 

★ 

* Written  By:  Derek  Atkins  < w a r L o r d 3 M I T . E D U > 

★ 

* $ I d : keyrings. h,v  1.7  1 996/1  1 /1  2 01:42:26  mhw  Exp  $ 

* / 

# i f n d e f K E Y R I N G S_H 

# d e f i n e KEYRINGS  H 


struct  RingPool; 
struct  RingSet; 

void 

uiainCLoseKeyrings  (int  update,  int  newversion); 
struct  RingSet  * 

ma i nOpen R i ng f i L e (struct  PgpEnv  const  *env,  struct  RingPool  *ringpool, 

char  const  *f i lename,  char  const  *ringtype,  int  trusted); 

i n t 

mainOpenKeyrings  (struct  PgpEnv  const  *env,  struct  RingPool  *ringpool, 

int  t r u s t ed_o n l y , struct  RingSet  **ringsetp); 

i n t 

mainRingNewSet  (char  const  *filename,  int  flags,  struct  RingSet  * s e t ) ; 

# e n d i f /*  KEYRINGS  H */ 
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pgpopt.c 

/ * 

* pgpopt.c  --  a different  sort  of  getoptC) 

★ 

* Written  by:  Colin  Plumb  and  Derek  Atkins  <wa r l o rd3M I T . E DU> 

* 

* $ I d : pgpopt.c, v 1.6  1 996/1  1 /1  2 01:42:27  mhw  Exp  $ 

* / 

# i f d e f H A V E_C  0 N F I G_H 
^include  "config.h" 

# e nd  i f 

^include  <stdio.h> 

//include  ''pgpopt.h" 
void 

pgpOptStart  (struct  Pg pO p t C o n t e x t *opt,  int  argc,  char  **argv) 

C 

opt->optarg  = 0; 
opt->optargv  = argv; 
opt->optargc  = argc; 
opt->state  = 0 ; 

> 

/ * 

* Returns  the  option  character  of  the  next  option,  or  0 if  there 

* is  none,  or  EOF  on  the  end  of  the  command  line. 

* opt->optarg  is  the  flag's  argument  (this  may  be  NULL  at  the 

* end  of  the  command  line).  To  "claim"  it,  assign  zero  to  the 

* field  in  the  OptContext  structure. 

* 

* If  0 is  returned,  you  do  not  need  to  explicitly  claim  the  optarg 

* pointer;  that  is  assumed.  (Although  it's  harmless  to  do  so.) 

* 

* is  not  returned;  it  turns  off  option  recognition  from  there  forward. 

* (opt->state  is  set  to  -2) 

* / 
i n t 

pgpOptNext  (struct  P g p 0 p t C o n t e x t *opt) 

C 

char  c ; 

/ * 

* if  state  < 0 or  the  argument  was  claimed,  get  a new  one 

* / 

if  (opt->state  < 0 ||  !opt->optarg  || 

(opt->state  > 0 & & ! *opt->optarg)  ) ( 

if  ( --o p t - > o p t a r g c <=  0) 
return  EOF; 

opt->optarg  = *++opt->optargv; 
if  (opt->state  ==  -2) 
return  0; 
opt->state  = 0; 

> 

/ * 

* Check  to  see  if  this  is  the  start  of  a flag  word  or  a 

* "boring"  argument.  Anything  not  beginning  with  '-'  is 

* boring.  by  itself  is  considered  boring.  is 
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> 


* a special  case  that  results  in  everything  following 

* bring  considered  boring. 

* / 

if  (opt->state  ==  0)  C /*  Beginning  a new  word  */ 
opt->state  = - 1 ; 

/*  Check  for  not  or  lonely  */ 

if  ( op t -> o p t a r g C 0 ] !=  ||  o p t - > o p t a r g C 1 ] = = 

return  0 ; 

/ * Check  for  --  * / 

if  ( o p t -> o p t a r g I1 1 H ==  SS  o p t - > o p t a r g C 2 II  = = 

if  ( - - o p t - > o p t a r g c <=  0) 
return  EOF; 

opt->optarg  = *++opt->optargv; 
opt->state  = -2 ; 
return  0; 

> 

opt->optarg  + + ; / * Skip  leading  - */ 

opt->state  = 1;  / * We're  parsing  flags  * / 


/*  Now  opt->state  = 1 and  we  have  an  optarg  pointer  */ 
c = *opt->optarg++; 
if  ( ! *opt->optarg)  C 

if  ( --op t -> o p t a r g c <=  0) 
opt->optarg  = 0; 

else 


opt->optarg 
opt->state  = 0; 

} 

return  (unsigned  char)c; 


*++opt->optargv; 

/*  Always  return  > 0 */ 


' \0  1 ) 

' \ 0 ' ) C 
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pgpopt.h 


/* 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

k 

k 

★ 

★ 

★ / 


pgpopt.h  --  A different  sort  of  getoptC) 

$ I d : pgpopt. h,v  1.3  1996/1  1 /1  2 01:42:27  mhw  Exp  $ 

Call  pg pOp t S t a r t ( o p t , argc,  argv)  and  then  pgpOpt Nex t ( opt ) until  it  returns 
EOF.  pgpOptNextC)  returns  either  a flag  character  or  0 if  there  is 
no  flag.  opt->optarg  is  the  string  argument.  This  is  the  argument 
itself  if  pgpOptNext  returns  0,  or  the  following  string  ("foo"  in  "-xfoo" 
or  " — x foo")  if  pgpOptNext  returns  a character  (e.g.  ' x ' ) . 

If  pgpOptNext  returns  a character,  the  caller  must  set  optarg  to  0 
to  indicate  that  the  argument  in  opt->optarg  has  been  claimed. 

Otherwise,  opt->optarg  will  be  parsed  by  pgpOptNext  the  next  time 
it  is  called.  It  will  be  parsed  either  as  a flag  (if  the  first 
call  got  "-xfoo",  the  next  call  will  return  the  flag  'f'  with 
optarg  ==  "oo"),  or  as  an  argument  (if  the  first  call  got  "-x  foo", 
the  next  call  will  return  0 with  optarg  ==  "foo"). 

A "boring"  argument  is  one  without  a For  example  "foo"  is 

boring,  but  "-foo"  is  not. 

State  is  a private  variable  with  the  following  possible  values: 

-2  - All  further  arguments  are  "boring";  get  a new  one  and  return  it. 

(This  is  entered  if  the  option  is  seen.) 

-1  - Last  argument  was  "boring";  get  a new  one  and  check  for  flags. 

0 - Last  argument  was  a flag  that  ended  a string  (-o  foo).  If  opt->optarg 

is  non-zero,  examine  "foo"  as  the  next  argument.  If  it  is  zero, 

"foo"  was  claimed,  so  get  a new  one. 

1 - Last  argument  was  a flag  that  did  not  end  the  string.  (-of oo) . 

If  opt->optarg  is  non-zero,  examine  the  tail  "foo"  for  more  flags. 

If  it  is  zero,  get  a new  argument. 

You  may  parse  multi-letter  options  by  examining  opt->state,  and  if  it 
is  greater  than  0,  opt->optarg  follows  with  no  intervening  space. 

(This  lets  you  distinguish  -abc  LIU  from  -a  be  CO].) 

You  may  then  steal  letters  from  the  beginning  of  opt->optarg  as  needed. 

Just  perform  " o p t -> o p t a r g ++ " to  steal  them.  If  you  want  to  steal  all 
of  opt->optarg,  set  opt->optarg  = 0; 


struct  Pg pO p t C o n t e x t { 
char  *optarg; 
char  **optargv; 
int  optarge; 
int  state; 

>; 


void  pgpOptStart  (struct  PgpOptContext  *opt,  int  argc,  char  **argv); 
int  pgpOptNext  (struct  PgpOptContext  *opt); 
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dectest/ 


' 


- 


— 
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.cvsignore 

Makefile  dectest 


apps/ dectest/.  cvs  ignore 


apps/ dectest/Makefile.in 


Makefile. in 

# 

ft  apps/dectest 
# 

# $ I d : Makefile. in, v 1.3  1996/11/12  01:42:27  mhw  Exp  $ 
U 

P R 0G  = dectest 

OB  J S = dectest. o 

all::  $(PR0G) 
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makefile.msc 

0 B J S = dectest. obj 

L I B S = ..\comlib.lib  ..\..\lib\pgptty.lib  ,.\..\lib\pgplib.Lib  \ 

. .\. .\lib\bnlib. lib 

all:  dectest.exe 

dectest.exe:  $(0BJS) 

$ ( C C ) -o  dectest  $(0BJS)  $(LIBS)  /link  /debug  / d e bu g t y pe : bo t h 

. c . o b j : 

$(CC)  $(CFLAGS)  -Z7  - 1 . . \ \ i n c l u d e - 1 . . \ \ i n c l ude \ pgp  \ 

- I . . \ c ommo n - D H A V E_C 0 N F I G_H  -c  $< 

clean: 

del  * . o b j 
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dectest.c 


/* 

* dectest.c  — a deer 

* 

* Written  by:  Derek 

* 

* $ I d : dectest. c,v  1. 

* / 

//include  <stdio.h> 


//include 
//include 
//include 
//include 
//include 
//include 
//include 
# i n c l u d e 


" pgp/  f i l emod  . 
"pgp/deepipe. 
"pgp/pipeline 
"pgp/pgpenv  . h 
"pgp/pgpui . h" 
"pgp/userio.h 
"pgp/pgperr  . h 
"pgp/pgpf i le . 


//include  " p g p / r i n g p u b . 
//include  " p g p / r i n g r e a d 


static  void 

usage  (char  *whoami) 

{ 

printf  ("usage 

> 


yption  test  program 
Atkins  < w a r l o r d 5)  M I T . E D U > 

44  1 996/  1 1 /1  2 01  : 42 : 2 8 mhw 


h" 

h" 

. h" 
1 1 

1 1 

1 1 

h" 

h" 

. h" 


: %s  infile  Houtfile]\n" , 


i n t 

main  (int  arge,  char  *argv[]) 

{ 

struct  PgpUICb  u i ; 
struct  PgpTtylll  ttyui; 

struct  PgpPipeline  *head  = NULL,  **tail 

struct  PgpFileRead  *context; 

struct  PgpEnv  * e n v ; 

struct  RingPool  *pool; 

struct  RingFile  *pubring,  *secring; 

struct  RingSet  const  *ringset,  *tempset; 

char  * i n f i l e = NULL,  * o u t f i l e = NULL; 

FILE  *input,  *pubffile,  *secffile; 

struct  PgpFile  *pubfile,  *secfile; 

int  error,  arg; 


env  = pgpenvCreate  (); 


/ * Parse 
for  (arg 

i 

> 

> 


the  arguments  */ 

= 1;  arg  < arge;  arg++)  { 
f (infile  ==  NULL ) { 

infile  = argvlarg]; 
else  if  (outfile  ==  NULL) 
outfile  = argvlarg]; 

else  f 


> 


> 


usage  (argvHO]); 
return  - 1 ; 


if  (linfile)  { 

usage  (argvCO]); 


Exp  $ 


w h o a m i ) ; 


= & head; 
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> 


return  - 1 ; 


pool  = ringPoolCreate(env); 
if  ( ! poo  l ) { 

printf  ("Cannot  create  RingPoolXn"); 
return  - 1 ; 


pubring  = secring  = NULL; 
ringset  = NULL; 

secffile  = fopen  ( " s e c r i ng . pg p " , "rb"); 

secfile  = pgpFileReadOpen  (secffile,  NULL,  NULL); 

if  (secfile)  C 

secring  = ringFileOpen(pool,  secfile,  1,  &error); 
if  (error)  C 

printf  ( " r i ng F i l eOpen  returned  %d:  %s\n", 
pgperrString(error)); 


> 


> else 

> 


if  (secring) 

ringset 

C 

printf  ("Cannot 


= ringFileSet(secring); 
open  secring. pgp\n"); 


error. 


pubffile  = fopenC pubring. pgp",  "rb"); 

pubfile  = pg p F i l e R e a d Op e n ( pu b f f i l e , NULL,  NULL); 

if  (pubfile)  { 

pubring  = ringFileOpen(pool,  pubfile,  1,  Serror); 
if  (error)  C 

printf  ( " r i ng F i l eOpen  returned  %d:  %s\n", 

pgperrSt ri ng(error ) ) ; 


> 


if  (pubring)  f 
t emp  s e t 
ringset 


> 


ringFi  leSet(pubring); 
ringset  ? r i ngSe tUni on ( r i ngse t , 
: tempset; 


> else  C 


> 


printf 


("Cannot 


open  pubring. pgp\n"); 


error. 


tempset ) 


u 1 
u i 
u i 
u i 
u i 
u i 
u i 


.message  = pgpTtyMessage; 
.doCommit  = pgpTtyDebugCommit; 
.newOutput  = pgpTtyNewOutput; 

. needlnput  = pgpTtyNeedlnput; 
.sigVerify  = pgpTtySigVerify; 

. eskDecrypt  = pgpTtyEskDecrypt; 
.annotate  = pgpTtyDebugAnnotate; 


1 1 y u i 
1 1 y u i 
1 1 y u i 
1 1 y u i 
1 1 y u i 


.verbose  = 3; 

.fp  = stdout; 
.ringset  = ringset; 
. showpass  = 1 ; 

.env  = env; 


tail  = pgpDecryptPipelineCreate  (tail,  env,  NULL,  Sui,  Sttyui); 
if  ( ! t a i l ) C 

if  (head) 

head->teardown  (head); 


53 


apps/ dectest/ 


> 


if  (pool) 

ringPoolDestroy(pool); 

printf  ("Cannot  create  decryption  pipeline\n 
return  - 1 ; 

> 

/ * 

* Open  the  input  file  and  create  the  file  reader. 

* source  to  pump  the  pipeline  full  of  data 

* / 

input  = fopen  (infile,  "rb"); 
if  ( ! i n p u t ) t 

printf  ("Cannot  open  file  %s  for  reading\n”, 
head->teardown  (head); 
if  (pool) 

ringPoolDestroy(pool); 
return  - 1 ; 

> 

context  = pgpFileReadCreate  (input,  1); 
if  ([context)  ( 

printf  ("pgpFileReadCreate  failed\n"); 
head->teardown  (head); 
if  (pool) 

ringPoolDestroy(pool); 
return  - 1 ; 

> 


/*  Pump  until  I actually  get  an  error!  */ 
error  = pgpFileReadPump  (context,  head); 
if  (error)  C 

printf  ("pgpFileReadPump  returned 
pgperrString(error)); 


> 


/ d 


% s \ n " , 


/ * Cleanup  * / 

pgpFileReadDestroy  (context); 
if  (head) 

head->tea  rdown  (head); 
if  (pool) 

ringPoolDestroy(pool); 
return  error; 


); 


This  is  a 


infi  le); 


error. 
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enctest/ 


Makef i Le  enctest 


apps/ enctest/. cvsignore 

.cvsignore 


apps/ enctest/ Makefile,  in 


Makefile.in 

# 

# apps/enctest 

# 

# $ I d : Makef i L e . i n, v 1.3  1 996/  1 1 /1  2 01:42:28  mhw  Exp  $ 

# 

PR0G=  enctest 
0BJS=  enctest. o 

all::  $ ( PROG  ) 
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makefile.msc 

OBJS=  enctest. obj 

L I B S = . . \ com l i b . I i b . . \ \ L i b \ pgp 1 1 y . L i b . . \ \ L i b\ pgp L i b . I i b \ 

. .\.  .\lib\bnlib.  Lib 

all:  enctest.exe 

enctest.exe:  $(0BJS) 

$ ( C C ) -o  enctest  $(OBJS)  $ ( L I B S ) /Link  /debug  /debugtype:both 

. c . o b j : 

$ ( C C ) $(CFLAGS)  -17  -1  . . \ . -I..\..\incLude  -I..\..\incLude\pgp  \ 
-I . . \ common  - D H A V E_C 0 N F I G_H  -c  $< 

clean: 

del  * . o b j 
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enctest.c 


/* 

* enctest.c  --  An  encryption  test  program 

* 

* Written  by:  Derek  Atkins  <warlord3MIT. EDU> 

* 

* $ I d : enctest. c,v  1.95.2.2  1 996/1  1 /1  4 04:09:1  7 cbertsch  Exp  $ 
*/ 

//ifdef  H A V E_C  0 N F I G_H 
/^include  "config.h" 
it  e nd  i f 


//include  <assert  . h> 
//include  <stdio.h> 


//include 
//include 
it  include 
^include 
//include 
//include 
//include 
//include 
//include 
//include 
it  include 
it  i nc  l ude 
//include 
//include 
it  i nc  l ude 
//include 
^include 
//include 


"pgp/armorfil.h" 

"pgp/cipher.h" 

"pgp  / convkey.  h " 

"pgp/encpipe.h" 

"pgp/fi  lemod.h" 

"pgp/fi  letype.h" 

"pgp/fixedkey.h" 

"pgp/hash.h" 

"pgp/pgpenv.h" 

"pgp/pgperr.h" 

"pgp/pgpfi  le  . h" 

"pgp/pipeline.h" 

"pgp/pubkey.h" 

"pgp/random. h" 

"pgp/randseed.h" 

"pgp/sigspec.h" 

"pgp/userio.h" 

"pgp/usuals.h" 


static  void 

fillRandom  (struct  PgpRandomContext  **rng,  byte  const  *ptr,  size 
{ 


assert  (rng); 
assert  ( p t r ) ; 


if  (*rng) 

return; 


} 


*rng  = pgpRandomCreate  (); 
if  (!  *rng)  C 

printf  ("Cannot  create  Random  context\n"); 
return; 

> 

printf  ("Filling  %d  random  bytes.  ..Nn",  ten); 
pgpRandomAddBytes  (*rng,  ptr,  tenu- 
re turn; 


static  void 

usage  (char  *whoami) 

{ 

printf  ("usage:  %s  infile  outfile  [armor]"\ 


l e n ) 
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1 1 


> 


C + c l e a r s i g = o f f II  C + compness 
whoami  ) ; 

printf  ( " \ t [ e n c ry p t D 


off]\n", 

CpkencryptH 


C s e p s i g ] 


[sign] 


Ctextfi  1 1 ] \ n " ) ; 


static  struct  PgpFile  * 

openFile  (void  *arg,  void  const  *base,  unsigned  num) 

{ 

FILE  * f p ; 

char  f i l e n a m e L P A T H_M A X + 1 ] ; 
char  n II  2 0 ] ; 

(void)arg; 

memcpy  (filename,  base,  strlen  ((char  *)base)  + 1 ) ; 
if  (num)  f 

sprintf  (n,  ".%d",  num); 

strcat  (filename,  n ) ; 

> 

printf  ("Writing  file  %s\n",  filename); 
fp  = fopen  (filename,  "wb"); 
if  ( ! f p) 

return  NULL; 

return  pgpFileWriteOpen  (fp,  NULL); 

> 

i n t 

main  (int  argc,  char  *argvCD) 

{ 

struct  PgpPipeline  * h e a d = NULL,  * * t a i l = Shead; 
struct  PgpFileRead  *context; 

struct  PgpPubKey  *pub  = NULL,  *pubkeys  = NULL; 
struct  PgpSecKey  *sec  = NULL; 
struct  PgpConvKey  convkey; 
struct  PgpSigSpec  *sigspec  = NULL; 

struct  PgpLiteralParams  IP,  *literalParams  = SIP; 
struct  PgpRandomContext  *rng  = NULL; 
struct  PgpEnv  *env; 

FILE  *input  = NULL,  *rs; 

char  *infile  = NULL,  *outfile  = NULL; 

int  sign  = 0,  encrypt  = 0,  pkencrypt  = 0,  sepsig  = 0; 

int  error  = 0,  arg; 

unsigned  numrandom  = 0; 

byte  const  *ptr; 

si ze_t  len; 

char  passL256]; 

env  = pgpenvCreate  (); 
if  ( ! e n v ) { 

printf  ("Cannot  create  env! \n"); 
return  -1; 

> 


/*  Parse  the  arguments  */ 

for  (arg  = 1;  arg  < argc;  arg++)  { 

if  ( ! strncasecmp  (argvCarg],  "encr",  4))  f 
encrypt++; 

> else  if  ('.strncasecmp  (argvCargD,  "text", 
pgpenvSetlnt  (env,  PG P E N V_T E X T M0 D E , 


4)  ) { 
1,  1); 
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> 


> 

> 

> 

> 

> 

> 

> 

> 

> 

> 

> 

> 

> 


else  if  ( ! strncasecmp  (argvCargD,  "sign",  4))  { 
s i g n + + ; 

else  if  ( ! strcasecmp  (argvCargD,  " + c omp r e s s = o f f " ) ) i 
pgpenvSetlnt  (env,  PG P E N V_C OM P R E S S , 0,  1); 
else  if  ( ! strncasecmp  (argvCargD,  "pke",  3))  { 
pkencrypt++; 

else  if  ( ! strncasecmp  (argvCargD,  "armor",  5))  { 
pgpenvSetlnt  (env,  PG P E N V_A RMO R , 1,  1); 
else  if  ( ! strncasecmp  CargvCarg],  "sepsig",  6))  { 
sepsig++; 

else  if  (! strcasecmp  (argvCargD,  " + c l ea rs i g = of f " ) ) { 
pgpenvSetlnt  (env,  PG P E N V_C L E A R S I G , 0,  1); 
else  if  (!  strcasecmp  (argvCargU,  " + v e r s i o n = 4 " ) ) { 
pgpenvSetlnt  (env,  PG P E N V_V E R S I 0 N , 4,  1); 
else  if  ( ! strcasecmp  (argvCargU,  " + c i ph e r = 3de s " ) ) f 

pgpenvSetlnt  (env,  PG P E N V_C I P H E R , P G P_C I P H E R_3 D E S , 
else  if  ( ! strcasecmp  (argvCargD,  " + random"  ) ) { 
numrandom  +=  12  8; 
else  if  (infile  ==  NULL)  { 
infile  = argvCargD; 
else  if  (outfile  ==  NULL)  C 
outfile  = argvCargD; 

else  { 

usage  (argvCOD); 
return  - 1 ; 


20); 


rs  = fopen  ("/tmp/ randseed.bin",  "rb"); 
if  (rs)  f 

if  ( pg p R a nd S e e d R e a d (rs,  NULL)) 
p r i n t f ( 

"Reading  Randseed.bin  failed.\nContinuing...\n"); 
fclose  (rs); 

> 

if  (numrandom)  t 

struct  PgpTtyUI  ui; 

ui.fp  = stdout; 
ui. verbose  = 4; 

pgpTtyRandAccum  (&ui,  numrandom); 

> 


if  (iinfile  ||  ioutfile)  C 
if  (numrandom)  C 

rs  = fopen  ("/tmp/randseed.bin",  "wb"); 
if  ( r s ) f 

pgpRandSeedWrite  (rs,  NULL,  NULL); 
fclose  (rs); 

> 

return  0; 

> 

usage  (argvCOD); 
return  - 1 ; 

> 
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if  (encrypt  &&  pkencrypt)  { 

printf  ("Cannot  encrypt  using  Conventional  and  Public  Key\n"); 
return  - 1 ; 

> 

/ * 

* Open  the  input  file  and  create  the  file  reader.  This  is  a 

* source  to  pump  the  pipeline  full  of  data 

* / 

input  = fopen  (infile,  "rb"); 
if  ( ! i nput ) f 

printf  ("Cannot  open  file  %s  for  reading\n",  infile); 
return  - 1 ; 

> 

context  = pgpFileReadCreate  (input,  1 ) ; 
if  (! context)  C 

printf  ("pgpFileReadCreate  failed\n"); 
return  -1; 

> 

ptr  = p g p F i l e R e a d P e e k (context,  Slen); 

if  ( p g p F i l e T y p e B i n a r y ("en",  ptr,  len))  ( 
struct  PgpFileType  const  * f t ; 

printf  ("File  is  not  text...  It  is  b i n a r y \ n " ) ; 
pgpenvSetlnt  (env,  P G P E N V_T E X T M 0 D E , 0,  20); 

ft  = pgpFileType  (ptr,  len); 
if  (ft  & & !ft->compressible)  C 

printf  ("File  is  not  compressi ble . \n"  ); 
pgpenvSetlnt  (env,  PG P E N V_C 0M P R E S S , 0,  20); 

> 

if  ( pg p F i l eTy p e PG P (ptr,  len))  C 
char  bu  f C 2 0 ] ; 

printf  ( 

This  is  a PGP  File.  Treat  it  as  such?  Cy/N]\n"); 

fgets  (buf,  20,  stdin); 
if  (*buf  ==  ' y ' ||  *buf  ==  ' Y ' ) 

/ * 

* Ignore  literal  if  we  should  treat  it  as 

* a PGP  message 
*/ 

l i tera  l Pa  rams  = NULL; 

} 

} 

if  ( l i tera  IParams) 

literalParams->fi lename  = infile; 

if  (sign)  { 

sec  = fixedKeySec  (); 
if  ( ! s e c ) C 

printf  ( " f i x edKey G e t failed\n"); 
goto  err; 

> 
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> 

i f 


> 

i f 


fillRandom  (Srng,  ptr,  len); 

arg  = pgpenvGetlnt  (env,  P G P E N V_T E X T M 0 D E , NULL,  terror); 
arg  = arg  ? PG P_S I G T Y P E_T E X T : P G P_S I G T Y P E_B I N A R Y ; 
sigspec  = pgpSigSpecCreate  (env,  sec,  arg); 

(encrypt)  { 

printf  ("Need  a passphrase  to  create  the  secret  key\n"); 
pgpTtyGetPass  (stdout,  pass,  sizeof (pass)); 

fillRandom  (8rng,  ptr,  len); 

convkey.next  = NULL; 

convkey  .stringToKey  = 0;  / * XXX  * / 

convkey.pass  = pass; 

convkey. passlen  = strlen  (pass); 

(pkencrypt)  { 
if  ( ! pub  ) 

if  ((pub  = fixedKeyPub  ())  ==  NULL)  { 

printf  ("fixedKeyGet  failed\n"); 
goto  err; 


err: 


fillRandom  (Srng,  ptr,  len); 
pubkeys  = pub; 


> 

t a i 


i f 


- pg p E n c r y p t P i pe  l i n e C r e a t e (tail,  env,  NULL,  rng, 

(encrypt  ? Sconvkey  : NULL), 
pubkeys,  sigspec, 
literalParams, 
s e p s i g ) ; 

('.head  ||  itail)  L 

printf  ("Pipeline  Creation  failed\n"); 

error  = - 1 ; 

goto  cleanup; 


/ * 

* The  ArmorFi  le  module  will  open  the  module  for  us,  calling 

* openFilel)  to  actually  perform  the  open.  This  should  work 

* for  all  cases  of  output! 

* / 

if  ( ! pg p A rmo r F i l e W r i t e C r e a t e (tail,  openFile,  NULL,  outfile))  L 
printf  ("pgpArmorFileWriteCreate  failed\n"); 
error  = - 1 ; 
goto  cleanup; 

> 


/ * Pump  until  I actually  get  an  error!  */ 
error  = pgpFileReadPump  (context,  head); 
if  (error)  { 

printf  ("pgpFileReadPump  returned  / d : %s\n",  error, 
pgperrString(error) ); 

> 
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error  = head->si zeAdvi se  (head,  0); 
if  (error) 

printf  ("sizeAdvise  returned  %d:  %s\n",  error, 

pgperrString  (error)); 

/ * Cleanup  * / 

cleanup: 

pgpFileReadDestroy  (context); 
if  (sec) 

sec->destroy  (sec); 

if  (pub) 

pub->destroy  (pub); 
if  (head) 

head->teardown  (head); 
rs  = fopen  ( " / tmp/ randseed  . bi n" , " w b " ) ; 
if  ( r s ) ( 

pg p R a nd S e ed W r i t e (rs,  NULL,  NULL); 
fclose  (rs); 

> 

if  ( r n g ) 

pgpRandomDestroy  (rng); 
memset  (pass,  0,  sizeof  (pass)); 
return  error; 
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' 


pgp3/ 
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Makefile.in 

u 

U apps/pgp3 
# 

U $ I d : Makefile. in, v 1.6  1 996/1  1 / 1 2 01:42:29  mhw  Exp  $ 

U 

PROG  = pgp3 

INSTALLPROGS  = $(PR0G) 

C0MM0N=  . . / common 

LOCALINCLUDES  = -I$(COMMON)  - I $ ( s r c d i r ) / $ ( C 0 M M 0 N ) 

LOCALOBJS=  $( COMMON  )/ f i L e . o $ ( C 0 M M 0 N ) / e x i t . o $ ( C 0 M M 0 N ) / k e y r i n g s . o \ 
$(C0MM0N)/initapp.o  $(C0MM0N)/pgpopt.o 

OBJS  = $(L0CAL0BJS)  main.o 

all::  $ ( PROG ) 
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makefile.msc 

OBJS=  main.obj 

L I B S = . . \ com L i b . L i b . . \ \ L i b \ p g p 1 1 y . L i b . .\.  .\Lib\pgplib.  Lib  \ 

_ .\.  - \Lib\bnLib.  Lib 

all:  pgp3.exe 

pgp3.exe:  $(0BJS)  $(LIBS) 

$(CC)  -o  pgp3  $ ( 0 B J S ) $ ( L I B S ) /Link  /debug  / d e b u g t y p e : b o t h 

. c . o b j : 

$(CC)  $(CFLAGS)  S(DEBUG)  -11  - I . . \ . . \ i n c L u d e \ 

- I . . \ . . \ i n c L ud e \ pg p -I . . \common  - D H A V E_C 0 N F I G_H  -c 

clean: 

del  * . o b j 


$< 
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main.c 

/ * 

* main.c  --  PGP3's  Main  Routine! 

* 

* Written  by:  Derek  Atkins  < wa  r l o r d cDM  I T . E D U > 

* 

* $Id:  mai n . c,v  1.83.2.1  1996/11/14  04:09:17  cbertsch  Exp  $ 

* / 


//ifdef  H A V E_C  0 N F I G_H 
^include  "config.h" 

//  e n d i f 


^include 
// i n c L ud  e 
// i n c l ud  e 
^include 


<assert . h> 

< s t d i o . h > 
<string.h> 

< t i me  . h > 


//ifdef  HAVE_SYS_PARAM_H 
^include  < s y s / p a r a m . h > 

//  e n d i f 

//ifdef  H A V E_S  T D L I B_H 
//include  <stdlib.h> 
ft  e nd  i f 

//ifdef  H A V E_U  NIST  D_H 
^include  <unistd.h> 

# e n d i f 
//ifdef  UNIX 
//include  <sys/stat.h> 

# e n d i f 

//if  _MSC_VER>=1 000 
//include  <limits.h> 

//  e n d i f 


//include 
//include 
//include 
//include 
//include 
//include 
//include 
//include 
//include 
//include 
//include 
//include 
//include 
//include 
//include 
//include 
//include 
^include 
//include 
//include 
U i n c l ude 
//include 
//include 
//include 
//include 


"pgp/armorfil.h" 

"pgp/bufmod.h" 

"pgp/cipher.h" 

"pgp/convkey.h" 

"pgp/decpipe.h" 

"pgp/encpipe.h" 

"pgp/fifo.h" 

"pgp/fi  lemod.h" 

"pgp/fi letype.h" 

"pgp/hash.h" 

" pgp/ pgpmem  . h " 

"pgp/passcach.h" 

"pgp/pipeline.h" 

"pgp/pgpconf.h" 

"pgp/pgpenv  . h" 

"pgp/pgperr  . h" 

"pgp/pgpf i le  . h" 

"pgp/pgpui  . h " 

"pgp/pubkey.h" 

"pgp/ random  . h" 

"pgp/ringpub.h" 

''pgp/ringread.h" 

"pgp/sigspec.h" 

"pgp/userio.h" 

"pgp/ringui . h " 


/ * for  sbrk()  * / 

/ * for  umaskC)  * / 

/*  for  PATH  MAX  */ 
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//include 

"pgp/usuals.h" 

//include 

"pgp/trustpkt  .h 

//include 

"pgp/trust.h" 

//include 

"exi t . h" 

//include 

" f i l e . h " 

#i nc  lude 

"keyrings. h" 

//include 

" i ni tapp  . h " 

# include 

" pgpopt . h" 

struct 

Flags 

0 

char 

const  *outfile; 

char 

* * r e c i p s ; 

int  numrecips; 

byte 

conventional; 

byte 

decrypt; 

byte 

doarmor; 

byte 

encrypt; 

byte 

fi  Itermode; 

byte 

moref  lag; 

byte 

sepsig; 

byte 

sign; 

> ; 

byte 

wipe; 

struct 

UI  Arg 

{ 

>; 

struct  PgpTtylll  arg; 

static 

struct 

PgpPipeline  * h e a d = NULL; 

static 

struct 

PgpRandomContext  * r n g = NULL; 

static 

struct 

PgpPassCache  *passcache  = NULL; 

static 

struct 

PgpSecKey  *secretKey  = NULL; 

static 

struct 

PgpPubKey  *publicKey  = NULL; 

static 

struct 

RingPool  *ringpool  = NULL; 

//define  PASSLEN  256 

static 

char  phraseCPASSLEND; 

static 

struct 

P g p F i l e * 

o p e n F i 

le  (void  *arg,  void  const  *base,  unsigned 

FILE 

*f  p; 

char 

f i l ename  [ PATH_MAX  + 1 11  ; 

char 

n C 2 0 ] ; 

n urn ) 


memcpy  (filename,  base,  strlen  ((char  *)base)  + 1 ) ; 
//  i f d e f MSDOS 

if  (num  > 1)  { 

char  *name  = fileNameContract(filename); 
strcpy  (filename,  name); 


pgpMemFree(name); 

if  (num 

< 10) 
s p r i n t f 

( n. 

" . a s %d " , num) 

else  if 

(num  < 

1 00) 

s p r i n t f 

(n. 

" . a %d " , n urn  ) ; 

else  ( 

assert 

(num 

< 1000); 
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//else 


# e nd  i f 


> 


sprintf  (n,  ".%d",  num); 

> 

strcat  (filename,  n); 

> 

if  (num)  { 

sprintf  (n,  " .%d",  num); 
strcat  (filename,  n ) ; 

> 

/*  Do  check  for  overwrite  on  single  part  file,  or  first  part  of 
multi-part  file  only.  */ 

if  (num  <=  1 &&  pg pT t y C h e c kO v e r w r i t e (arg,  filename)) 

return  NULL; 

fprintf  (stderr,  "Creating  output  file  %s\n",  filename); 
fp  = fopen  (filename,  "wb"); 
if  ( ! f p) 

return  NULL; 

return  p g p F i l e W r i t e 0 p e n (fp,  NULL); 


/*  Call  pgpk  to  add  keys  */ 
static  i n t 

mainAddKeys  (void  *arg,  char  const  *f i lename) 

{ 

static  char  const  *prefix  = "pgpk  -a  "; 

struct  PgpTtyUI  *ui_arg  = (struct  PgpTtyUI  *)arg; 

struct  RingSet  * t s e t ; 

char  * b u f ; 

i n t err; 

(void)arg; 

buf  = pgpMemAlloc(strlen(prefix)  + strlen(f i lename)  + 1); 
if  ( ! buf  ) 

return  PG P E R R_N 0 M E M ; 

/* 

* Run  pgpk  with  keyrings  closed.  This  is  for  two  reasons. 

* First,  some  OS's  won't  allow  renaming  and  such  of  open  files 

* (e.g.  MSDOS)  and  so  we  must  close  ours  so  pgpk  can  add  keys. 

* Second,  this  way  when  we  re-open  our  keyrings  we  will  get 

* the  new  ones  with  the  keys  added,  which  may  help  in  further 

* processing  the  input. 

* / 

ma i n C l o s e Ke y r i n g s (1,  0); 
fprintf  (stderr, 

"Copying  key  file  to  \"%s\",  running  pgpk  to  process  it...\n\n",  filename); 
strcpy(buf,  prefix); 
strcat(buf,  filename); 
err  = system(buf); 
pgpMemFree(buf); 

/*  Re-open  keyrings  */ 

(void)mainOpenKeyrings  (ui_arg->env,  ringpool,  0,  Stset); 
u i _a r g -> r i n g s e t = tset; 

if  (err) 
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return  PG P E R R_G E N E R I C ; 
return  0; 


/ * 

* read  the  arguments  passed  to  the  function.  Set  the  flags  according 

* to  the  arguments  received.  Put  encryption  recipients  into  the 

* flags,  leave  files  to  be  processed  in  argv,  and  set  argc  to  the 

* number  of  files  left  in  argv. 

* 

* If  there  is  an  error  processing  the  arguments,  print  an  error  message 

* and  exit. 

* / 

static  void 

mainParseArgs  (struct  PgpUICb  *ui,  struct  UIArg  *ui_arg,  struct  PgpEnv  *env, 

int  *argcp,  char  *argv[],  struct  Flags  *flags) 

£ 

struct  PgpOptContext  opt; 
int  c,  argc  = * a r g c p ; 

pgpOptStart  (Sopt,  argc,  argv); 
argc  = 0 ; 

while  ((c  = pgpOptNext  (Sopt  ) ) !=  EOF)  i 

switch  (c)  £ 


case  0 : 


\0  ' ) f 


case 


case 


case 


case 


if  ( o p t . op  t a r g C 0 ] !=  ' + ' ||  o p t . op  t a r g C 1 d =: 

if  ( f l a g s -> e n c r y p t ) 

flags->recipsHflags->numrecips++]  = 
opt . optarg; 

else 

argvlargc+  + ] = opt. optarg; 

> else  if  ( pg p C o n f i g L i n e P r o c e s s (ui,  ui_arg,  env, 

opt. optarg  + 1, 
PGPENV_PRI_CMDLINE ) ) 
exi  tArgError  ("Unrecognized  option  %s", 
opt  . optarg  ) ; 

break; 

/*  This  accepts  --foo  */ 

/*  --  is  s pe c i a l - c a s ed , so  foo"  won't  do.  */ 

if  ( pg p C o n f i g L i n e P r o c e s s ( u i , ui_arg,  env,  opt. optarg, 

PGPENV_PRI_CMDLINE) ) 

exi tArgError  ( 

"Unrecognized  option  -%s", 
opt. optarg  - 1); 

opt. optarg  = NULL; 
break; 

f l a g s -> doa r mo r = 2; 

pgpenvSetlnt  (env,  PG P E N V_A RMO R , 2, 

PGPENV_PRI_CMDLINE ) ; 

break; 

flags->sepsig  = 2; 
break; 

f lags->conventi onal  = 2; 
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/* 
* * 
* * 
*/ 


case 


case 


case 


case 


case 


case 


case 


case 


case 


case 


case 


case 


case 


break; 

' d ' : 

flags->decrypt  = 2 ; 
break; 

' e • : 

if  (lopt.optarg) 

exi  tArgError  ( 

"-e  option  requires  a recipient  name  argument"); 
flags->recipsCflags->numrecips++3  = opt.optarg; 
opt.optarg  = NULL; 
break; 

' E ' : 

f L a g s -> e n c r y p t = 2; 
break; 

' f ' : 

flags->filtermode  = 2,- 
break; 

' h ' : 

exitUsage  (PGPEXIT_OK); 

/★NOTREACHED*/ 

' m ' : 

flags->moreflag  = 2; 
break; 

'o': 

if  (lopt.optarg) 

exi tArgError  ( 

" — o option  requires  an  output  file  name  argument" ) ; 
flags->outfile  = opt.optarg; 
opt.optarg  = NULL; 
break; 

' q ' : 

ui_arg->arg. verbose  = 0; 
pgpenvSetlnt (env,  PG P E N V_V E R BO S E , 

0,  PGPENV_PRI_CMDLINE ) ; 

break; 

's': 

flags->sign  = 2; 
break; 

' t ’ : 

pgpenvSetlnt  (env,  PG P E NV_T E X TMO D E , 2, 
PGPENV_PRI_CMDLINE) ; 

break; 

' u ' : 

/*  XXX  Check  for  duplicate  args  */ 
if  (lopt.optarg) 

exi tArgError  ( 

"-u  option  requires  a userid  argument"); 
pgpenvSetString  (env,  P G P E N V_M  Y N A M E , opt.optarg, 

PGPENV_PRI_CMDLINE ) ; 

opt.optarg  = 0; 
break; 

' v ' : 

pgpenvSetlnt (env,  PG P E N V_V E RBO S E , 

++ui_arg->arg. verbose,  PGPENV_PRI_CMDLINE); 

break; 

' w ' : 

flags->wipe  = 2; 
break; 
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> 


case  ' z ' : 

if  ( ! opt  . opta  rg  ) 

exi tArgError  ( 

" — z option  requires  a pass  phrase  argument"); 
p g p P a s s C a c h e A d d (passcache,  opt.optarg, 

strlen  (opt.optarg)); 

/*  Record  passphrase  for  -c  */ 

strncpyCphrase,  opt.optarg,  sizeof (phrase)); 

opt.optarg  = 0; 

break; 

default: 

exi tArgError  ("Unrecognized  option  -%c",  c); 


> 

> 

*argcp  = argc; 
return; 


static  s i z e_t 

mainGetPass  (char  *passp,  struct  UIArg  *ui_arg) 

char  passCPASSLEN]; 
char  passZCPASSLENlI; 


fprintf  (stderr,  "You  need  a pass  phrase  to  encrypt  the  file\n"); 
if  (pgpenvGet  Int  ( u i_a rg->a rg . en v , PG P E N V_B A T C H MO D E , NULL,  NULL)) 
return  0; 

do  { 

memset  (pass,  0,  sizeof  (pass)); 
memset  (pass2,  0,  sizeof  ( p a s s 2 ) ) ; 

pg pT t y G e t Pa s s (ui_arg,  pass,  s i z e o f ( p a s s ) ) ; 
fprintf  (stderr,  "Enter  same  pass  phrase  again\n"); 
pgpTtyGetPass  (ui_arg,  pass2,  sizeof (pass2)); 


if  ( ! strcmp  (pass,  pass2)) 
break; 

fprintf  (stderr, 

"Error:  Pass  phrases  were  different. 

> while  (1); 

if  ( ! str  len  (pass))  { 

fprintf  (stderr,  "Encryption  errorXn"); 
return  0; 

> 

memcpy  (passp,  pass,  sizeof  (pass)); 

memset  (pass2,  0,  sizeof  (pass2)); 
memset  (pass,  0,  s i z e o f ( pa s s ) ) ; 


Try  again.  \ n " ) ; 


return  strlen  ((char  *)passp); 


/* 

* Setup  a pipeline  based 
*/ 

static  struct  PgpPipeline 
ma  i n S e t u p P i pe  l i n e (struct 


upon  the  arguments  in  the 
* * 

PgpPipeline  **pipehead. 


flags 
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{ 


struct  PgpEnv  *env,  struct  Flags  *flags, 

struct  Pg p R a nd om C o n t e x t *rng_p,  char  const  *in_name, 

struct  PgpFileRead  *readhead,  struct  UIArg  *ui_arg) 


struct  PgpPipeline  * m o d = NULL,  * * t a i l = Smod; 
struct  PgpConvKey  convkey,  *convkeys  = NULL; 
struct  PgpSigSpec  *si gspec  = NULL; 

struct  PgpLiteralParams  IP,  *literalParams  = & l P ; 
byte  const  * p t r ; 
si ze_t  ten; 


if  ( f I a g s -> mo r e f l a g ) 

literalParams->fi lename 

else 


literalParams->fi  lename 


"_C  0 N S 0 L E " ; 
i n_n  a m e ; 


if  ( f l a g s - > c o n v e n t i o n a l ) { 
s i z e_t  passlen  ; 


/ * Use  passphrase 
if  (phraseCOH) 

passlen  = 

else 


passlen  = 


given  with  -z,  else  ask  for  one  */ 

strlen(phrase); 

mai nGetPass  (phrase,  ui_arg); 


if  (Ipasslen) 

exitCleanup  ( - 1 ) ; 


> 


convkey. 

convkey. 

convkey. 

convkey. 

convkeys 


next  = NULL; 
stri ngToKey  = 0; 
pass  = phrase; 
passlen  = passlen; 
= Sconvkey; 


/ * 

* Check  the  file  to  see  if  this  is  text  or  binary  file.  If 

* it  binary,  then  force  binary  mode  and  check  for 

* compressibility.  If  it  is  not  compressible,  turn  off 


★ 

"k 

compressi 

on,  too. 

k 

I f 

it  is 

a PGP  file 

, ask  the  user  i 

f it  should 

be  treated 

k 

a s 

a PGP 

file.  If 

it  should,  then 

ignore  the 

literal  packet 

k 

type  . 

*/ 

ptr 

= 

pgpFi  l 

eReadPeek 

(readhead,  Slen) 

f 

pgpRandomAddBytes  (rng_p,  ptr,  len); 


i f 


(pgpFi leTypeBinary  (pgpenvGetString 

ptr,  len))  { 

struct  PgpFi  leType  const  * f t ; 


(env,  P G P E N V_L  A N G U A G E , 
NULL,  NULL), 


pgpenvSetlnt  (env,  PG P E N V_T E X TMO D E , 0,  PG P E N V_P R I_F 0 R C E ) ; 


ft  = pgpFileType  (ptr,  len); 
if  (ft  &&  ! f t -> c omp r e s s i b l e ) 

pgpenvSetlnt  (env,  PG P E N V_C OM P R E S S , 0, 
PGPENV_PRI_FORCE ) ; 
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if  ( pg p F i l eTy pe PG P (ptr,  ten))  { 


> 


> 


if  ( ! pg p e n v G e 1 1 n t (ui_arg->arg.env,  P G P E N V_B A T C H M 0 D E , 

NULL,  NULL))  { 
fprintf  (stderr, 

"This  is  a PGP  File.  Treat  it  as  such?  Cy/N]\n"); 
if  ( pgpTtyGetBoo L (0,  stderr)) 

/*  No  Literal  if  this  is  a PGP  msg  */ 
literalParams  = NULL; 

} 


if  (flags->sign)  { 

union  RingObject  *ringobj; 

char  const  *myname  = pgpen vGe t S t r i ng 

int  err,  arg; 


(env,  PGPEN  V_M  Y N A M E , 
NULL,  NULL); 


if  ( ! secretKey)  { 

ringobj  = ringLatestSecret 

if  (Iringobj)  { 

fprintf  (stderr, 

"Cannot  find  a private  key  for  signing:  %s\n", 

myname); 
exitCleanup  ( - 1 ) ; 

} 


(ui_arg->arg . ri ngset, 
myname,  time(NULL), 
PGP_PKUSE_S IGN ) ; 


secretKey  = ringSecSecKey  (ui_arg->arg . ri ngset, 

ringobj,  PG P_PKU S E_S I G N ) ; 
r i n g 0 b j e c t R e L e a s e (ringobj); 
if  (! secretKey)  { 

fprintf  (stderr, 

"Cannot  convert  to  private  key\n"); 
exitCleanup  ( - 1 ) ; 

> 

if  ( ! s e c r e t Ke y-> s i g n ) { 
fprintf  (stderr, 

"Private  Key  cannot  s i g n \ n " ) ; 
exitCleanup  (-1); 

> 


> 


fprintf  (stderr, 

"A  private  key  is  required  to  make  a signature.  \n"); 
err  = pg pT t y U n l o c k S e c k ey  (&ui_arg->arg,  ringobj, 

secretKey); 

if  (err)  { 

fprintf  (stderr,  "Cannot  unlock  private  key\n"); 
exitCleanup  (err); 


arg  = pgpenvGetlnt  (env,  PG P E N V_T E X T MO D E , NULL,  NULL); 
arg  = arg  ? P G P_S I G T Y P E_T E X T : P G P_S I G T Y P E_B I N A R Y ; 
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sigspec  = pgpSigSpecCreate  (env,  secretKey,  arg); 

} 

/*  This  will  find  *ALL*  keys  that  match  *ALL*  recipients  */ 
if  ( f l a g s -> n urn r e c i p s ) { 

struct  RingPooL  *pool  = ringSetPool  (ui_arg->arg.ringset); 
int  i = flags->numrecips; 
i n t e ; 

struct  RingSet  *ri ngset; 
struct  Ringlterator  *ringiter; 
union  RingObject  * r i n g o b j ; 
struct  PgpPubKey  * t e m p ; 

if  ( ! pool)  { 

fprintf  (stderr,  "No  keyrings  to  use\n"  ); 
exitUsage  ( - 1 ) ; 

> 

if  (!  publicKey)  { 

char  const  *companyKey; 


No  encryption  keys 


ri ngset  = ringSetCreate  (pool); 
if  ( ! ringset) 

exitUsage  (ringPoolError  (pool)->error); 
while  ( i -- ) { 


e = r i n g S e t F i 1 1 e r S p e c (ui_arg->arg. ringset, 

ringset, 

flags->recipsliD, 
PGP_PKUSE_ENCRYPT ) ; 

if  ( e = = 0 ) { 


found  for: 


fprintf  (stderr 

% s \ n " , 

flags->recipsCiH) 

exitCleanup(-l) 

> 

if  ( e 

<=  0) 

> 


exitUsage(e); 


if  ( pg p e n vG e t I n t (env,  PG P E N V_E N C R Y PTTO S E L F , 

NULL,  NULL))  { 
char  const  *myname  = 

pg p e n vG e t S t r i n g (env,  PGPENV_MYNAME , 

NULL,  NULL); 

/*  Add  myself  to  the  list  of  recipients  */ 


> 


ringobj  = ringLatestSecret 

(ui_arg->arg . ringset,  myname, 
time(NULL),  P G P_P KU S E_E N C R Y P T ) ; 

if  (iringobj)  { 

fprintf  (stderr, 

"Cannot  find  key:  %s\n", 
myname); 
exitCleanup  (-1); 

> 

if  ( r i n g S e t Add  0 b j e c t (ringset,  ringobj))  { 
fprintf  (stderr, 

"Cannot  add  my  key  to  set\n" ) ; 
exitCleanup  ( - 1 ) ; 

> 
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"No  a 


/ * 

* This  is  our  version  of  "Commercial  Key  Escrow". 


> 


> 


* 

* A company  can  set  the  CompanyKey  in  the  site-wide 

* configuration  file  and  it  will  be  added  to  the 

* recipient  list  for  all  encrypted  messages.  Then 

* again,  the  user  can  override  the  setting  in  their 

* own  config.txt  or  on  the  command  line. 

*/ 


companyKey  = p g p e n v G e t S t r i n g (env,  P G P E N V_C 0 M P A N Y K E Y , 

NULL,  NULL); 

if  (companyKey  &&  *companyKey)  C 

/*  Add  the  company  key  to  the  recipient  list  */ 
e = r i n g S e t F i 1 1 e r S pe c (ui_arg->arg . r i ngset, 

ringset, 
companyKey, 
PGP_PKUSE_ENCRYPT)  ; 


if  ( e <=  0 ) 


> 


exitUsage(e); 


ringSetFreeze  (ringset); 

ringiter  = ringlterCreate  (ringset); 

if  (Iringiter) 

exitUsage  (ringPoolError  (pool)->error); 


while  ((e  = r i n g 1 1 e r N e x t 0 b j e c t (ringiter,  1))  > 0)  { 

ringobj  = ringIterCurrentObject(ringiter,  1); 
if  ( r i n g 0 b j e c t Ty p e (ringobj)  !=  R I NGTYPE_KE Y ) { 
fprintf  (stderr, 

"Got  a ring  object  of  type  %d\n", 
ringObjectType  (ringobj)); 

continue; 

> 

/*  Determine  whether  this  key  is  OK  to  use 
for  encryption  * / 

if  ( r i n g T t y Key 0 KT o E n c ry p t ( S u i _a r g - > a r g , ringset, 

ringobj))  { 

temp  = r i ngKey PubKey  (ringset,  ringobj, 

PGP_PKUSE_ENCRYPT ) ; 

if  (temp)  { 

temp->next  = publicKey; 
publicKey  = temp; 

} 

> 

> 

ringlterDestroy  (ringiter); 
r i ng S e t D e s t r oy  (ringset); 
if  (e  < 0) 

exitUsage(e); 


/*  Could  happen  if  all  pub  keys  turned  out  to  be  untrustworthy  */ 
if  (ipublicKey  & & ! convkeys  & & Isigspec)  C 

fprintf  (stderr, 
ions  were  requestedXn"); 

exitCleanup  ( - 1 ) ; 

> 
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tail  = pg pE n c ry p t P i pe L i ne C r ea t e (tail,  env,  NULL,  rng_p, 

convkeys, 
pub  l i cKey , 
s i g s pe  c , 
literalParams, 
flags->sepsig); 

if  (tail) 

*pipehead  = mod; 
return  tail; 

> 

/* 

* Process  the  flags  that  were  set.  This  builds  the  appropriate 

* pipelines  and  processes  the  input  files. 

*/ 

static  i n t 

mainProcessFlags  (struct  PgpUICb  *ui,  struct  UIArg  *ui_arg, 

struct  PgpEnv  *env,  int  argc,  char  *argvCD, 
struct  Flags  *flags) 

{ 

struct  PgpPipeline  mod; 
struct  PgpPipeline  **tail  = NULL; 
struct  PgpEnv  *tempenv  = NULL; 
int  retval  = PGPERR_0K,  err; 
int  encrypting; 
int  armoring; 

int  filter  = flags->filtermode;  / * Assign  to  0 or  2 * / 

if  ( f l a g s -> c o n v e n t i on  a l &&  f l ags->numrec i ps ) 

exi tArgError  ("Cannot  combine  -c  and  -e  arguments") 

if  (large)  { 

fi  lter  + + ; 

fprintf  (stderr,  "No  files  to  use.  Using  stdi n\n\n 
argc  = - 1 ; 

> 

memset  ( & m o d , 0,  sizeof  (mod)); 
mod. name  = "PGP  Application"; 

rng  = pgpRandomCreate  (); 
if  ( ! rng ) 

exitUsage  ( PG P E R R_N 0M E M ) ; 

encrypting  = ( f l a g s -> n urn r e c i p s ||  f l a g s -> c o n v e n t i on  a l || 

flags->doarmor  ||  flags->sign);  / * Encryption 
armoring  = pgpenvGetlnt  (env,  P G P E N V_A R M 0 R , NULL,  NULL); 


/ * 

* Loop  through  input  files. 
*/ 


for  (;  argc;  argc--,  argv  + +)  -C 
FILE  *input; 

struct  PgpFileRead  *context 
char  n a m e C P A T H_M AX + 1 ] ; 
char  * f n = NULL; 
char  const  *outfile  = NULL; 


NULL; 


apps/ pgp3/ main.c 


# i f d e f 
U e n d i f 


if  (argc  < 0)  { 


> else  f 


assert 

(f  i It 

e r 

8 1); 

argc  = 

i; 

input 

= s t d i 

n; 

input 

= f ope 

n 

(argvCO],  "rb"  ); 

if  ( ! i 

nput ) 

{ 

fprintf  (stderr,  "Cannot  open  input  file  %s\n", 
argvCO]); 

continue; 


if  ( ! tempenv) 

tempenv  = pgpenvCopy  (env); 
if  ( ! tempenv)  { 

retval  = PG P E R R_N0M E M ; 
break; 


context  = pgpFileReadCreate  (input,  ((filter  S 1)  ? 0 : 1 ) ) ; 

if  (!  context)  ( 

fprintf  (stderr,  "pgpFileReadCreate  failed\n"); 

fclose  (input); 

retval  = P G P E R R_N 0 M E M ; 

break; 

> 


MSDOS 


if  ( f l a g s ->d e c ry p t ) 

ui_arg->arg. commits  = 1; 

else 

ui_arg->arg . commits  = -1; 

if  ( enc  rypt i ng  ) { 

char  const  *in_name; 

if  (f  i Iter  & 1 ) 

i n_name  = " s td i n"  ; 

else 

in_name  = argvCOD; 

if  (flags ->outfile) 

outfile  = flags->outfile; 
else  if  (filter)  ( 

outfile  = NULL; 

> else  { 

char  *outname  = argvCO]; 

outname  = fileNameContract(outname); 

fn  = f i l e N a me E x t e n d (outname, 

(armoring  ? " .asc"  : 
(flags->sign  S& 
f l ag s-> s eps i g ) ? ".sig1 

: " - pgp"  ) ) ; 

strncpy  (name,  fn,  sizeof  (name)); 
pgpMem  Free  (fn); 
outfile  = name; 
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> 


tail  = mainSetupPipeline  (Shead,  tempenv, 

flags,  rng,  in_name, 
context,  ui_arg); 

> else  f /*  Decryption  */ 

/*  Choose  an  output  name  */ 

if  (Ifilter  &&  ! u i _a r g -> a r g . p r o t e c t_n a m e ) { 

fn  = fileNameContract  (argvCO]); 
strncpy  (name,  fn,  sizeof  (name)); 
pgpMemFree  (fn); 
ui_arg->arg . outname  = name; 
if  (flags->outfile) 

ui_arg->arg . outname  = flags->outfile; 

> else  if  (filter)  C 

ui_arg->arg. protect_name  = -1;  /*  use  stdout  */ 

> 

if  (!head)  ( 

tail  = Shead; 

if  (filter  S 2)  /*  if  -f  is  used  */ 
tail  = pg pBu f f e r Mod C r e a t e ( 

tail,  SpgpFlexFifoDesc); 
tail  = pgpDecryptPipelineCreate  (tail,  tempenv, 

NULL,  ui, 
ui_arg) ; 


> 


> 


if  ('.head) 

exitCleanup  ( P G P E R R_N  0 M E M ) ; 


if  ( ! t a i l ) ( 

fprintf  (stderr,  "Cannot  Setup  Processing  PipelineXn"); 
exitCleanup  ( - 1 ) ; 


if  (encrypting)  C 

if  (ioutfile)  C 

assert  (filter); 

if  ( ! pg p F i l e W r i t e C r e a t e (tail, 

pgpFi  leWriteOpen 
(stdout,  NULL),  0))  C 

fprintf  (stderr, 

"pgpFi LeWrite  failed\n"); 
head->teardown  (head); 
head  = NULL; 
continue; 

> 

> else  ( 

if  ( ! pg p A r mo r F i l e W r i t e C r e a t e (tail,  openFile, 
(void  *)  S u i _a r g -> a r g , outfile))  C 
fprintf  (stderr, 

"pgpArmorFi  leWri teCreate  fai  l ed  \ n " ) ; 
head->teardown  (head); 
head  = NULL; 
continue; 
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retval  = pgpFileReadPump  (context,  head); 
if  (retval) 

fprintf  (stderr,  "%s\n",  pgperrString  (retval)); 
if  (retval)  { 

err  = pgpFileReadClose  (context,  head); 
if  (err)  { 

fprintf  (stderr,  "%s\n",  pgperrString  (err)); 

> 

> 

pgpFi leReadDestroy  (context); 

if  (encrypting)  ( 

if  (iretval)  ( 

retval  = head->sizeAdvise  (head,  0); 
if  (retval) 

fprintf  (stderr,  "%s\n", 

pgperrString  (retval)); 

} 

head->teardown  (head); 
head  = NULL; 

> 

if  (retval) 

break; 

> 

if  (Iretval  &&  head)  { 

retval  = head->sizeAdvise  (head,  0); 
if  (retval) 

fprintf  (stderr,  "%s\n",  pgperrString  (retval)); 

> 

if  (head) 

head->teardown  (head); 
head  = NULL; 

if  ( r ng  ) 

pgpRandomDestroy  (rng); 
rng  = NULL; 

if  (tempenv) 

pgpenvDestroy  (tempenv); 
tempenv  = NULL; 

return  retval; 

> 

/*  Clean  up  allocated  space  (like  the  pipeline  and  the  rng)  on  exit  */ 
static  void 
mainExit  (void) 

{ 

if  (head) 

h e a d -> t e a r d o w n (head); 
head  = NULL; 

if  (rng) 

pgpRandomDestroy  (rng); 
rng  = NULL; 
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if  (secretKey) 

pgpSecKeyDestroy  (secretKey); 
secretKey  = NULL; 

while  (public  Key)  { 

struct  PgpPubKey  * t e m p = publicKey->next; 
pgpPubKeyDestroy  (publicKey); 
publicKey  = temp; 

> 

if  (ringpool) 

ringPoolDestroy  (ringpool); 
ringpool  = NULL; 

if  (passcache) 

pgpPassCacheDestroy  (passcache)  ; 
passcache  = NULL; 

memset  (phrase,  0,  sizeof  (phrase)); 

> 

i n t 

appMain  (int  argc,  char  *argvll) 

{ 

struct  PgpUICb  ui; 
struct  UIArg  ui_arg; 
struct  Flags  flags; 
struct  PgpEnv  * e n v ; 
struct  RingSet  * t s e t ; 
char  const  * p ; 
int  retval; 


/*  Setup  my  exit  function  to  clean  myself  up  */ 
atexit  (mainExit); 


/* 
u i 
u i 
u i 
u i 
u i 
u i 
u i 


Setup  the  UI  callback  functions  */ 
message  = pgpTtyMessage; 
doCommit  = pgpTtyDoCommit; 
newOutput  = pgpTtyNewOutput; 
needlnput  = pgpTtyNeedlnput; 
sigVerify  = pgpTtySigVerify; 
eskDecrypt  = pgpTtyEskDecrypt; 
annotate  = NULL; 


/*  Setup  the  TTY  UI  argument  */ 

ui_arg . arg . verbose  = 1; 

ui_arg . a rg . f p = stderr; 

ui_arg . a rg . r i ngset  = NULL; 

ui_arg . arg . showpass  = 0; 

ui_arg . arg . commi ts  = -1; 

ui_arg . arg . addKeys  = mainAddKeys; 

u i _a r g . a r g . p r o t e c t_n  a me  = 0; 


/*  Initialize  the  application  from  config  files,  etc.  */ 

retval  = pgpInitApp  (&env,  Sargc,  Sui,  &ui_arg,  E X I T_P R 0 G_PG PM , 0); 

if  (retval)  { 

fprintf  (stderr,  "pgpInitApp  failed:  %d\n",  retval); 
goto  error; 

> 
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/*  Now  initialize  the  values  that  need  initialization  */ 
ui_arg.arg.env  = env; 

ui_arg.arg.passcache  = passcache  = pgpPassCacheCreate  (env); 
ui_arg.arg.verbose  = pgpenvGet I nt ( env,  PG P E NV_V E RBO S E , NULL,  NULL); 

/*  Check  the  exi rati  on  date  on  the  application  */ 
exitExpiryCheck  (env); 

# i f defined(UNIX)  ||  defined(VMS) 

umask(077);  / * Make  files  default  to  private  * / 

# e n d i f 

/*  Grab  the  pass  phrase  from  the  PGPPASS  Env  Var  */ 
p = getenv  ("PGPPASS"); 
if  ( p ) 

pgpPassCacheAdd  (passcache,  p,  strlen  ( p ) ) ; 

/*  XXX  add  PGPPASSFD  here?  */ 

memset  (Sflags,  0,  sizeof  (flags)); 

/*  XXX  This  is  never  freed  */ 

flags. recips  = (char  * * ) m a l l o c (argc  * sizeof  (*(flags.recips))); 

/*  Now,  read  the  argument  list  */ 

mai nParseArgs  (Sui,  &ui_arg,  env,  Sargc,  argv,  &flags); 

ui_arg.arg.showpass  = pgpenvGetlnt  (env,  PG P E NV_S H OW P A S S , NULL,  NULL); 
ui_arg.arg.moref lag  = flags.moreflag; 
ui_arg . arg . pager  = getenv  ("PAGER"); 

if  (Iringpool) 

ringpool  = ringPoolCreate(env); 
if  (Iringpool)  C 

fprintf  (stderr,  "Cannot  create  RingPool\n"); 
retval  = PG P E R R_N 0M E M ; 
goto  error; 

> 

retval  = mainOpenKeyrings  (env,  ringpool,  0,  Stset); 
ui_arg .arg . ringset  = tset; 
if  (retval) 

goto  error; 

/*  Now  process  the  flags  */ 

retval  = mainProcessFlags  (&ui,  &ui_arg,  env,  argc,  argv,  Sflags); 
exitCleanup  (retval); 

error: 


> 


return 


(retval); 


apps/ pgpk/ 


pgpk/ 
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apps/ pgpk/.cvsignore 


.cvsignore 

M a k e f i l e 


■ 


■ 


apps/ pgpk/Makefile.in 


Makefile. in 

n 

ft  apps/pgpk 
ft 

ft  Sid:  Makef  i le  . i n,v  1.3  1 996/1  1 /1  2 01:42:30  mhw  Exp  $ 

ft 

PROG  = pgpk 

INSTALLPROGS  = $(PROG) 

COMMON=. ./common 

LOCALINCLUDES  = -I$(COMMON)  - I $ ( s r c d i r ) / $ ( C 0 M M 0 N ) 

LOCALOBJS=  $ ( C OM M 0 N ) / f i L e . o $ ( C 0 M M 0 N ) / e x i t . o $ ( C 0 M M 0 N ) / k e y r i n g s . o \ 
$(C0MM0N)/initapp.o  $(COMMON)/pgpopt.o 

OBJS  = $(LOCALOBJS)  main.o 

alt::  $ ( PROG  ) 
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makefile.msc 


OB  J S = 

L I B S = 

ma  i n . ob  j 

. .\comlib.lib  . .\.  .\Lib\pgptty.  Lib  . .\.  .\lib\pgplib. Lib  \ 

. .\.  -\lib\bnlib.  Lib 

all: 

pgpk.exe 

pgpk.exe:  $(OBJS)  $(LIBS) 


$ ( C C ) -o  pgpk  $(OBJS)  $(LIBS)  /link  /debug  / d e bu g t y p e : bo t h 

. c . o b j : 

$(CC)  $(CFLAGS)  $(DEBUG)  -17  -I . . \ \ i nc  l ude  \ 

- I . . \ \ i n c l ud e \ pg p -I  . . \ common  -DHAVE_CON F I G_H  -c  $< 

clean: 

del  * . o b j 
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main.c 

/* 

* main.c  --  PGP  Key  Management  Main  Routine! 

* 

* Written  by:  Derek  Atkins  <warlordaMIT.EDU> 

* Mark  H.  Weaver  <mhw3netris.org> 

* Chris  Harman  < c h a rma n a pg p . c om> 

* 

* $ I d : m a i n . c , v 1.67.2.1  1 996/1  1 /1  4 04:09:1  8 cbertsch  Exp  $ 
*/ 


//ifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 

//  e nd  i f 


//include 

//include 

//include 

//include 

//include 


<assert  . h> 
<stdio.h> 
<string.h> 
< t i me  . h > 
<ctype.h> 


//ifdef  HAVE_SYS_PARAM_H 
//include  <sys/pa  ram  . h> 

# e n d i f 

//ifdef  H A V E_S  T D L I B_H 
//include  <stdlib.h> 

//  e n d i f 

//ifdef  H A V E_U  NIST  D_H 
//include  <unistd.h> 

//  e nd  i f 
//ifdef  UNIX 
//include  <sys/stat.h> 
ft  e nd  i f 


//include 
//include 
//include 
//include 
//include 
//include 
//include 
//include 
^include 
//include 
//include 
ft  include 
//include 
//include 
//include 
//include 
//include 
ft  include 
//include 
//include 
//include 
//include 
//include 
ft  include 


"pgp/armor . h" 
"pgp/fi  lemod.h" 
"pgp/fifo.h" 
"pgp/keyspec  . h" 

" pgp/pgpmem . h " 
"pgp/passcach . h" 
"pgp/pgpconf  . h" 
"pgp/pgpenv . h" 
"pgp/pgperr.h" 
"pgp/pgpfi  le.h" 
"pgp/pgpui  . h" 
"pgp/pipeline.h" 
"pgp/pubkey. h" 
"pgp/ random. h" 

" pgp/ randpoo l . h " 

"pgp/ringpub.h" 

"pgp/ringread.h" 

"pgp/userio.h" 

"pgp/usuals.h" 

"pgp/ringui .h" 

" pgp/  r i ngmnt . h " 
"pgp/sigspec.h" 
"pgp/trust.h" 
"pgp/trustpkt . h" 


/ * for  sbrk()  * / 

/ * for  umaskC)  * / 
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//include 

"exi t . h" 

//include 

" f i l e . h " 

//include 

" keyrings,  h" 

//include 

" i n i t a pp  . h " 

//include 

" pgpopt  . h " 

//define 

MAXARGS  2 

struct 

Flags 

C 

char 

argsCMAXARGSd; 

int  a 

rgc; 

char 

const  * o u t f i l e ; 

char 

opt  ; 

>; 

byte 

doarmor; 

static 

struct 

PgpPassCache  *passcache  = NULL 

static 

struct 

RingPool  *ringpool 

= NULL; 

static 

struct 

RingSet  *allkeys  = 

N U L L ; 

static 

struct 

Pg p R a n d om C on t e x t * 

rng  = NULL; 

//define  PASSLEN  256 


static  void 

setOptArgs  (char  const  *args,  struct  P g pO p t C o n t e x t *opt,  struct  Flags  * f l a g s ) 
{ 


> 


while  ( * o p t -> op t a r g &&  strchr  (args, 
flags->argslflags->argc++]  = 


*opt->opta  rg  ) ) 
*(opt->optarg  + +)  ; 


static  void 

setOpt  (int  opt,  struct  Pg p 0 p t C o n t e x t *optp,  struct  Flags  *flags) 
{ 

if  ( ! flags  - > opt)  ( 

flags->opt  = opt; 


> 


i f 


(optp->state  ==  1 &&  o p t p-> o p t a r g ) 
switch  (opt)  ( 
case  1 k 1 : 

setOptArgs  ( " s " , optp,  flags); 
break; 
case  ' l ' : 

setOptArgs  ("l",  optp,  flags); 
break; 
case  ' r ' : 


setOptArgs  ("su",  optp,  flags); 
break; 
case  1 x ' : 


setOptArgs  ("a",  optp,  flags); 
break; 


> 


return; 

} 

exi tArgError  ("Cannot  use  -%c  and  -%c  togetherNn",  flags->opt,  opt); 


static  void 
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mainParseArgs 

{ 


(struct  PgpUICb  *ui,  void  *ui_arg,  struct  PgpEnv  *env, 
int  *argcp,  char  *argv[],  struct  Flags  *flags) 


struct  PgpOptContext  opt; 


int  c , 

argc 

= *argcp; 

pgpOptStart 
a r g c = 0 ; 

(&opt,  argc 

while 

((c  = pgpOptNext 
switch  ( c ) C 
case  0 : 

if  (opt 

else  if 

break; 

optargCO]  !=  1 + 1 ||  opt.optargCID  ==  ' \ 0 ’ ) 

a r g v C a r g c ++ 1 = opt.optarg; 

( pg p C o n f i g L i n e P r o c e s s (ui,  ui_arg,  env, 

opt.optarg  + 1, 
PGPENV_PRI_CMDLINE) ) 
exi tArgError  ("Unrecognized  option  %s", 
opt.optarg); 


case  ' - 


/*  This  accepts  --too  */ 

/*  --  is  s p e c i a l - c a s e d , so  "--too"  won't  do.  */ 

it  ( pg p C o n f i g L i n e P r o c e s s ( u i , ui_arg,  env,  opt.optarg, 

PGPENV_PRI_CMDLINE) ) 

exi  tArgError  ( 

"Unrecognized  option  -%s", 
opt.optarg  - 1); 


opt.optarg 

= NULL; 

break; 

case 

1 a 

/* 

Add  * / 

case 

' c 

/ * 

Check  * / 

case 

' d 

/ * 

Disable  * / 

case 

' e 

/ * 

Edit  * / 

case 

' g 

/* 

Generate  */ 

case 

' k 

/* 

Revo(k)e  * / 

case 

' l 

/ * 

List  * / 

case 

1 r 

/* 

Remove  * / 

case 

1 s 

/* 

Sign  * / 

case 

1 x 

/* 

extract  * / 

setOpt  (c. 

Sopt,  flags) 

break; 

case 

' h 

/* 

Help  * / 

exitUsage  ( PG P E X I T_0 K ) ; 
/ *N0TRE ACHED*/ 


case  'o':  /*  Output  */ 

/*  XXX  check  for  duplicate  args  */ 
if  (lopt.optarg) 

exi tArgError  ( 

"-o  option  requires  a 
flags->outfile  = opt.optarg; 
opt.optarg  = 0; 
break; 


userid  argument"); 


case  ' u ' : /*  Username  (myname)  */ 

/*  XXX  Check  for  duplicate  args  */ 
if  (lopt.optarg) 

exi  tArgError  ( 

" — u option  requires  a userid  argument"); 
pg p e n v S e t S t r i n g (env,  PG P E N V_M Y N AM E , opt.optarg. 
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> 

/ * Two 
static 
mainWr 
{ 


> 


> 


case  1 v 


default 

> 


PGPENV_PRI_CMDLINE ) ; 

opt.optarg  = 0; 
break; 

: /*  Verbose  */ 

p g p e n v S e 1 1 n t ( e n v , PG P E N V_V E R BO S E , 1 + 

pgpenvGetlnt (env,  PGPEN  V_V  E R B 0 S E , 

NULL,  NULL),  PG P E N V_P R I_C M D L I N E ) ; 


break; 


exi tArgError  ("Unrecognized  option  -%c",  c); 


*argcp  = argc; 
return; 


functions  to  write  out  extracted  key  files  */ 
i n t 

teSet  (FILE  *fp,  int  flags,  struct  RingSet  const  *set) 

struct  PgpFile  * p f p = pgpFileWriteOpen  (fp,  NULL); 
int  rslt  = ringSetWrite  (set,  pfp,  NULL,  P G P V E R S I 0 N_3 , 

flags); 

pgpFi leClose(pfp); 
return  rslt; 


/*  Like  mainWriteSet,  but  for  armored  files  */ 
static  int 

mainWriteArmoredSet  (FILE  *fp,  int  flags,  struct  RingSet  const  *set, 
struct  PgpEnv  *env) 

struct  PgpFile  *pfp; 

struct  PgpPipeline  * p p l = NULL; 

int  rslt; 


pfp  = pgpFi LeWriteOpen(fp,  NULL); 

if  ( ! p f p ) t 

fclose(fp); 

return  P G P E R R_N 0 M E M ; 

> 

if  ( ! pg p F i l e W r i t e C r e a t e (&ppl,  pfp,  1))  { 

pgpFi leClose(pfp); 
return  P G P E R R_N 0 M E M ; 

> 

if  ( ! r ng  ) 

rng  = pgpRandomCreate  (); 

if  ( ! pg p A r mo r W r i t e C r e a t e ( Sp p l , env,  S p g pB y t e F i f o D e s c , 

rng,  P G P V E R S I 0 N_2_6 , P G P_A R M 0 R_N 0 R M A L ) ) { 

ppl->teardown(ppl  ); 
return  P G P E R R_N 0 M E M ; 

> 

pfp  = pg p F i l e P i pe l i n e Op e n ( pp  l ) ; 

if  ( ! p f p ) ( 

ppl->teardown(ppl ); 
return  PG P E R R_N0M E M ; 

> 

rslt  = ringSetWrite  (set,  pfp,  NULL,  PG PV E R S I 0N_2_6 , flags); 

pgpFi leClose(pfp); 
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> 


return  rslt; 


U i f 0 

/*  Unused  at  present.  fp  must  be  a seekable  stream.  */ 
static  struct  RingSet  const  * 
mainOpenKeyring  (FILE  * f p,  int  trusted) 

{ 

struct  RingFile  * r i n g ; 
struct  PgpFile  * p f p ; 
int  error  = 0 ; 


> 

U e n d i f 


pfp  = pgpFileReadOpen  (fp,  NULL,  NULL); 

ring  = ringFileOpen  (ringpool,  pfp,  trusted,  Serror); 

if  (error) 

fprintf  (stderr,  "ringFileOpen  returned  %d:  %s\n 
error,  pgperrString  (error)); 


if  (ring) 

return  ringFileSet  (ring); 


return  NULL; 


r 


static  int 

setPassword  (struct  PgpEnv  *env,  struct  PgpSecKey  *seckey,  void  *ui_arg) 

{ 

char  passCPASSLEN]; 
char  pass2CPASSLEN3; 
int  error; 

assert  (!  pgpSecKeylslocked  (seckey)); 
do  { 

memset  (pass,  0,  sizeof  (pass)); 
memset  ( p a s s 2 , 0,  sizeof  (pass2)); 

pgpTtyGetPass  (ui_arg,  pass,  sizeof (pass)); 
fputs  ("Enter  same  pass  phrase  again\n",  stderr); 
pgpTtyGetPass  (ui_arg,  pass2,  sizeof(pass2)); 

if  ( ! strcmp  (pass,  pass2)) 
break; 

fprintf  (stderr, 

"Error:  Pass  phrases  were  different.  Try  again.  \n"); 

> while  ( 1 ) ; 

if  ( ! strlen  (pass)) 
return  0; 


memset  (pass2,  0,  sizeof  (pass2)); 
error  = pg p S e c Key C h a n g e Lo c k (seckey,  env 
memset  (pass,  0,  sizeof  (pass)); 
return  error; 


mg. 


pass,  strlen  (pass)); 


/ * Perform  the 
key s . * / 


maintenance  pass  and  get  trust  info  for  interesting 


static  const  char  checking[3  = "Checking  %d  signatures.  . .\n"; 
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static  i n t 

d oKe y E d i t T r u s t ( u n i o n RingObject  *obj,  struct  RingSet  *set,  int  firsttime, 

FILE  * l o g ) ; / * forward  ref  * / 


/ * 

* Callback  function  for  displaying  sig  progress.  We  just  show  a count  on 

* every  10th  sig  check 
*/ 


static  void 

mainShowSigCheckProgresslvoid  *arg,  struct  Ringlterator  *i ter, 
{ 


> 


int  sigcheckcount  = *(int  *)arg; 

(void)iter; 

(void)checkok; 

++sigcheckcount; 

*(int  *)arg  = sigcheckcount; 
if  (sigcheckcount  % 10  ==  0) 

fprintf  (stderr,  "%6d  \r",  sigcheckcount); 


int  checkok) 


static  int 

mainDoMaint  (void  *ui_arg,  struct  RingSet  *keys,  int  sigcheck, 
struct  RingSet  *sigs) 

{ 

FILE  *fp  = ((struct  PgpTtyUI  *)  ui_arg)->fp; 

int  numsigs; 

struct  RingSet  * d e s t ; 

unsigned  count  = 0; 

int  err; 

int  sigcheckcount; 

U if  0 

union  RingObject  * k e y , * n a m e ; 
s i z e_t  l e n ; 

struct  Ringlterator  * i t e r ; 
int  re; 

char  const  *namestring; 

#end  i f 

int  trust_changed  = 0; 


/*  Check  sigs  as  required  */ 


switch  (sigcheck)  { 
case  1 : 

/*  Only  check  signatures  in  sigs  that  are  not 
marked  as  having  been  checked.  */ 
numsigs  = r i ng Po o l C h e c k C ou n t (sigs,  keys,  0); 
if  (numsigs  > 0) 

fprintf  (fp,  checking,  numsigs); 
sigcheckcount  = 0; 

if  ((err  = r i n g P o o l C h e c k (sigs,  keys,  0,  mainShowSigCheckProgress, 

(void  *)  S s i g c h e c k c o u n t ) ) !=  0) 

fprintf  (stderr,  "Error  %d  checking  signatures\n",  err); 
if  (sigcheckcount  > 0) 

fprintf  (stderr,  "\n"); 

break; 
case  2 : 

/*  Check  all  signatures  as  part  of  a full  maintenance 
pass  * / 
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numsigs  = ringPoolCheckCount  (keys,  keys,  1 ) ; 
if  (numsigs  > 0) 

fprintf  (fp,  checking,  numsigs); 
sigcheckcount  = 0 ; 

if  ((err  = r i ng P o o l C h e c k (keys,  keys,  1,  mainShowSigCheckProgress, 

(void  *)  & s i g c h e c k c o u n t ) ) !=  0) 

fprintf  (stderr,  "Error  %d  checking  signatures'^",  err); 
if  (sigcheckcount  > 0) 

fprintf  (stderr,  "\n"); 

break; 

default: 

fprintf  (fp,  "No  signatures  to  check...  \n"); 

/*  Don't  check  any  sigs  */ 

> 

/*  Loop  around  performing  maintenance  passes  until  no  more 
interesting  keys  are  returned.  */ 

do  ( 

dest  = ringSetCreate  (ringpool); 
if  ( ! d e s t ) 

return  ringPoolError(ringpool)->error; 
fprintf  (fp,  "Computing  validity  of  name/key  bindings... \n"); 
ringMnt  (keys,  dest,  time  ((time_t  *)  NULL)); 

# i f 0 

ri ngSet  Freeze  (dest); 

if  ( pgpenvGet  Int  (((struct  PgpTtyUI  *)  ui_arg)->env,  PG P E N V_B A T C H MO D E , 

NULL,  NULL)) 

count  = 0;  / * ignore  interesting  keys  in  batchmode  * / 

else 

ringSetCount  (dest,  Scount,  1); 
if  (count  > 0)  ( 

iter  = ringlterCreate  (dest); 
if  (liter)  { 

ringSetDestroy  (dest); 

return  ringPoolError(ringpool)->error; 

> 

/*  Ask  the  user  to  define  the  trust  for  each  key  returned  in  dest. 
For  the  new  trust  model,  we  must  locate  the  names  with  undefined 
trust  . 

aaa  May  want  indication  of  why  key  is  interesting  in  future, 
and  switch  based  on  the  reason.  */ 

while  ( r i n g I t e r N e x t 0 b j e c t (iter,  1)  > 0)  { 
key  = ringlterCurrentObject  (iter,  1); 

assert  (key  &&  r i ng 0b j e c t Ty p e (key)  ==  R I N G T Y P E_KE Y ) ; 

#if  0LDTRUST 

fprintf  (fp,  "Trust  in  the  following  key  is  undefined:  \n"); 
ringTtyShowKey  (ui_arg,  key,  keys,  0); 
if  ( d o Ke y E d i t T r u s t (key,  keys,  1,  fp)) 
trust_changed  = 1; 
else 

/*  So  we  don't  ask  again  */ 

r i ngKey Set T rust  (keys,  key,  P G P_K  E Y T R U S T_U  NKN0WN); 

# e l s e 

ringTtyShowKey  (ui_arg,  key,  keys,  0); 
while  ((re  = r i n g I t e r N e x t 0 b j e c t (iter,  2))  > 0 ) C 
name  = ringlterCurrentObject  (iter,  2); 
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it  e n d i f 


if  (name  &&  r i n g 0 b j e c t T y p e (name)  ==  R I N G T Y P E_N A M E ) { 
if  ( r i n g N a me C on f i d e n c eU nd e f i n ed  (keys,  name))  ( 
fprintf  (fp, 

"\nConf idence  in  the  following  name  is  undef  i ned  : \ n"  ) ; 
namestring  = ri ngNameName  (keys,  name,  Slen); 
ringTtyPutString  (namestring,  len,  len+2,  fp, 
putc  ( ' \ n ' , fp); 

if  ( d o Ke y E d i t T r u s t (name,  keys,  1,  fp)) 
trust_changed  = 1; 
else  { 

/*  This  is  required  to  force  'undefined  trust'  to  'no  trust', 
so  we  don't  ask  again  */ 
ringNameSetConf idence  (keys,  name,  0 ) ; 

> 


ringlterDestroy  (iter); 


# e n d i f 

ri ngSetDestroy  (dest); 

> while  (count  > 0 SS  trust_changed); 
return  0 ; 

> 


/ * 

* Makes  sure  that  the  global  <allkeys>  is  loaded, 

* and  returns  an  error  code  or  0 if  successful. 

* If  <canFail>  is  0,  then  an  error  will  cause  it  to  exit. 

*/ 

static  i n t 

l o a d A l l Key s ( s t r u c t PgpEnv  *env,  int  canFail,  int  trusted_only) 
t 

if  (lallkeys)  { 

int  error  = m a i n 0 p e n Ke y r i n g s ( e n v , ringpool,  trusted_only, 

Sallkeys); 


> 


i f 


> 

} 

return  0; 


(error)  { 

fprintf(stderr, 

"mainOpenKeyrings  failed  (%d): 
error,  pgperrString  (error)); 
if  (canFail) 

return  error; 

else 


exitUsage(error); 


% s \ n " , 


/ * 

* Interface  to  loadAllKeys  which  makes  sure  <allkeys>  will  be  reloaded. 

* Sometimes  we  want  to  load  only  untrusted  keyrings  but  <allkeys>  may 

* hold  trusted  ones. 

* / 

static  int 

r e l o a d A l l Ke y s ( s t r u c t PgpEnv  *env,  int  canFail,  int  trusted_only) 
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{ 


> 


if  (allkeys)  { 

ringSetDestroyCal  Ikeys)  ; 
allkeys  = 0; 

} 

return  loadAllKeysCenv,  canFail,  t r u s t ed_o n l y ) ; 


/ * 

* Open  key  rings  and  return  sets  for  pubring  and  secring. 

*/ 

static  void 

mai nOpenPubSec(struct  PgpEnv  *env,  char  const  **pub, 

struct  RingSet  **pubring,  char  const  **sec, 
struct  RingSet  **secring,  FILE  *log) 

{ 

if  (pub  &&  pubring)  ( 

* p u b = pgpenvGetString  (env,  P G P E N V_P U B R I N G , NULL,  NULL); 
if  ( ! * p u b ) t 

if  (log) 

fprintf  (log, 

"Unknown  pubring  file,  assuming  \ " p u b r i n g . pg  p \ " \ n " ) ; 

*pub  = " pubring. pgp"; 

> 

*pubring  = m a i n 0 p e n R i n g f i L e (env,  ringpool,  *pub,  "public", 1); 

> 

if  (sec  &&  secring)  { 

*sec  = pgpenvGetString  (env,  P G P E N V_S E C R I N G , NULL,  NULL); 
if  ( ! * s e c ) { 

if  (log) 

fprintf  (log, 

"Unknown  secring  file,  assuming  \ "secring. pgp\"\n"); 

*sec  = " s e c r i ng  . pg p " ; 

> 

*secri ng  = mainOpenRingfile  (env,  ringpool,  *sec,  " private ",0); 


> 

> 

/ * 

ic 

Searches 

★ 

command  l 

* 

If  <argc> 

★ 

In  either 

★ 

★ 

set. 

★ 

★ / 

Returns  1 

static  int 

s e l e c t Key A r g s ( s t r u c t PgpEnv  *env,  int  argc,  char  *argv[], 

char  const  *ringName,  struct  RingSet  const  *ring, 
struct  RingSet  **set,  int  defAll) 

{ 

int  anykeys  = 0,  i,  result; 


(void)env;  / * Avoid  warning  */ 

if  (argc  <=  0 &&  defAll)  f 
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> 


> else 


> 

return 


*set  = ringSetCopy(ring); 
if  ( ! * s e t ) 

exitUsage(ringPoolError(ringpool)->error); 
anykeys  = 1;  / * XXX:  Not  necessarily,  ring  might  be  empty  * / 

{ 


* s e t = ringSetCreate(ringpool); 
if  ( ! * s e t ) 

exitUsage(ringPoolError(ringpool)->error); 
for  (i  = 0;  i < argc;  i + + ) i 

result  = ringSetFilterSpecCring,  * s e t , argvCiD,  0 ) ; 
if  (result  < 0) 

exitUsage(result); 
else  if  (result  > 0) 
anykeys  = 1 ; 

else 


> 


fprintf(stderr, 

"No  key  named  \"%s\"  in  keyring  \"%s\"\n", 
argvCill,  ringName); 


anykeys; 


/ * 

* This  selects  one  RingObject  from  the  given  immutable  <set>  for  which 

* (*filt)(env,  obj,  arg)  returns  non-zero.  (*print) (env,  file,  obj,  arg) 

* should  print  a label  for  the  appropriate  object  to  file  (with  newline), 

* suitable  for  a menu.  If  there  is  more  than  one  candidate,  and  <print> 

* is  non-null,  the  user  is  presented  with  a menu  to  choose  from.  If 

* there's  more  than  one  candidate  and  <print>  is  null,  or  if  there  are  no 

* candidates,  1 is  returned.  The  object  is  returned  in  <obj>,  or  NULL  if 

* there  was  an  error.  Returns  < 0 for  a library  error,  1 for  other  error, 

* or  0 on  success. 


* 

* The  <print>  function  may  assume  that  the  global  <allkeys>  will  be 

* set  correctly  by  the  time  it  is  called.  This  routine  makes  sure  of 

* that,  the  caller  doesn't  have  to. 

*/ 


static  int 

s e l e c t 0 n e R i n g Ob j ( s t r u c t PgpEnv  *env,  struct  RingSet  *set,  int  level, 

union  RingObject  **obj1,  FILE  *out,  char  const  *header, 
void  * a r g , 

int  ( * f i 1 1 ) ( s t r u c t PgpEnv  *env,  union  RingObject  const  *obj, 

void  * a r g ) , 

void  (*print)(struct  PgpEnv  *env,  union  RingObject  *obj, 

FILE  *file,  void  *arg)  ) 


struct  Ringlterator  * i t e r ; 

union  RingObject  *obj,  * o b j L i s t [ 5 0 II  ; 

int  maxObjs  = sizeof(objList)  / sizeof(objListC03); 

int  numObjs  = 0 ; 

int  notFirst  = 0 ; 

int  result; 

long  choice; 

char  *endNum,  bufC32]; 

int  i ; 


* o b j 1 = NULL; 

iter  = ringlterCreate(set); 
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if  (liter) 

return  ringSetError(set)->error; 


/*  Advance  iter  state  */ 
for  (i=1;  i<level;  + + i ) 

if  ((result  = ringIterNextObject(iter,  i))  < 0) 
return  result; 


for  ( ; ; 


result  = ringIterNextObject(iter,  level); 
if  (result  < 0) 

goto  d e s t r oy And E x i t ; 
else  if  (result  ==  0) 
break; 

if  (numObjs  >=  maxObjs)  { 

fprintf(stderr,  "Too  many  matches;  aborting!  \n"); 
goto  destroyAndError; 

> 

obj  = ringIterCurrentObject(iter,  level); 
assert(obj  ); 

if  (filt(env,  obj,  arg)  ) { 

objListLnumObjs++]  = obj; 
if  (notFirst)  t 

if  (Iprint  ||  lout) 

goto  destroyAndError; 
loadAllKeys(env,  0 , 0); 
i f ( numOb j s ==  2 ) { 

fprintf (out,  "%s\n  1)  ",  header); 

print (env,  objListCOD,  out,  arg); 

} 


fprintf(out,  "%2d)  ",  numObjs); 
print(env,  obj,  out,  arg); 


> 


else 


notFirst  = 1; 


> 

ringlterDestroy(iter); 


if  (numObjs  < 1) 
return  1; 

else  if  (numObjs  ==  1)  f 

*obj1  = objListCOD; 
return  0; 

> 

assert(out); 

fprintf(out,  "Choose  one  of  the  above:  "); 

pg pT t y G e t S t r i n g ( b u f , sizeof(buf),  out); 

choice  = strtol(buf,  SendNum,  10); 

while  ( i s s p a c e ( * e nd N urn  ) ) 
endNum++; 

if  (*endNum  ||  choice  <1  ||  choice  > numObjs)  { 

fprintf(stderr,  "Invalid  choi ce\n"  ) ; 
return  1; 

> 

*obj1  = objListCchoice  - 111; 

return  0; 


destroyAndError  : 
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result  = 1 ; 
destroyAndExi t : 

ri ngl  terDest  roy ( i ter) ; 
return  result; 

> 

/*  A filter  for  s e l e c t 0 n e R i n g 0 b j (above),  which  selects  all  keys  * 
static 

int  keyFiltCstruct  PgpEnv  * e n v , union  RingObject  const  * o b j , void 
{ 

(void)env;  / * Avoid  warnings  * / 

(void)arg; 

return  r i n g 0 b j e c t T y p e ( o b j ) ==  R I N G T Y P E_KE Y ; 

} 

/*  A filter  to  select  the  specified  type  */ 
static 

int  t y p e F i l t ( s t r u c t PgpEnv  *env,  union  RingObject  const  *obj,  void 
{ 

byte  mtype  = * ( b y t e *)arg; 

(void)env;  / * Avoid  warnings  * / 

return  ringObjectType(obj)  ==  mtype; 

> 

/* 

* A filter  for  signatures  that  won't  show  revocations.  We  don't 

* those  out  explicitly  so  it  is  better  not  to  try  to  choose  them. 
*/ 

static 

int  s i g F i l t ( s t r u c t PgpEnv  *env,  union  RingObject  const  *obj,  void 
{ 

(void)env; 

(void)arg; 

if  ( r i n g 0 b j e c t T y p e ( o b j ) ==  R I N G T Y P E_S I G ) f 

int  type  = r i n g S i g T y p e ( a l l k e y s , (union  RingObject 
if  (type  ! = P G P_S I G T Y P E_K E Y_C 0 M P R 0 M I S E && 
type  ! = PGP_SIGTYPE_KEY_UID_REVOKE ) 
return  1;  / * accept  * / 

> 

return  0;  /*  reject*/ 

> 


/* 


* A key  printer  for  s e l e c t 0 n e R i n g 0 b j (above), 

* which  prints  keys  for  a menu. 

*/ 


static  void 
keyPrint(struct 

{ 


PgpEnv  *env,  union  RingObject  *obj, 
FILE  *file,  void  *arg) 


struct  PgpTtyUI  ui; 

(void)env;  / * Avoid  warnings  * / 

(void)arg; 

ui.fp  = file; 

f putc ( ' \ n ' , file); 

assert(allkeys); 


/ 

* a r g ) 


* a r g ) 


print 

* a r g ) 

* ) o b j ) ; 
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> 


ringTtyShowKeyC (void  * ) Sui,  obj,  allkeys,  0); 


/ * 


* A name  printer  for  s e L e c t 0 n e R i ng 0 b j (above), 

* which  prints  keys  for  a menu. 

* / 


static  void 
namePrintCstruct 


PgpEnv  *env,  union  RingObject 
FILE  *file,  void  *arg) 


char  const  *namestring; 

s i z e_t  L e n ; 

struct  PgpTtyUI  ui; 


* o b j , 


> 


(void)env;  / * Avoid  warnings  * / 

(void)arg; 


u i . f p = file; 
f putc(  1 \ n 1 , file); 
assert(allkeys); 

namestring  = ri ngNameName  (allkeys, 
r i n g T t y P u t S t r i n g (namestring,  ten, 
fputs("\n",  file); 

r i n g T t y S h o w S i g s ((void  *)  Sui,  obj. 


obj,  Slen); 

unsigned)  len,  file,  0,  0 ) ; 
allkeys,  2 ) ; 


/ * 


* A s i g 

printer 

for 

s e l e c t 0 n e R i n g 0 b j (above). 

* which 
*/ 

prints 

keys 

for  a 

menu  . 

static  void 
sigPrint(struct 

PgpE 

n v * e n v 

, uni 

on  RingObject  *obj. 

f 

FILE 

* f i l e , 

void 

* a r g ) 

\ 

(void)env; 

/* 

Avoid 

warnings  */ 

(void)arg; 

asserttal  Ikeys); 
f putc ( ' \n  1 , file); 

ringTtyShowSig(obj,  allkeys,  file,  1 ) ; 

> 


static  void 
objPrint(struct 

{ 


PgpEnv  *env,  union  RingObject  *obj, 
FILE  *file,  void  *arg) 


switch  ( r i n g 0 b j e c t Ty pe ( o b j ) ) ( 

case  R I N G T Y P E_K  E Y : 

keyPrint(env,  obj,  file,  arg); 
break; 

case  R I N G T Y P E_N  A M E : 

namePrint(env,  obj,  file,  arg); 
break; 

case  R I N G T Y P E_S I G : 

sigPri nt (env,  obj,  file,  arg); 
break; 


> 


} 
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/ * 

* Add  an  object  with  all  its  children  to  the  dest  key  set. 

* The  src  key  set,  which  controls  which  children  are  taken,  must  be 

* immutable.  dest  must  be  mutable. 

* Return  number  of  objects  added,  or  negative  on  error. 

*/ 


static  i n t 

r i n g S e t Add H i e r a r c h y ( s t r u c t RingSet  *dest,  struct  RingSet  const  *src, 

union  RingObject  *obj) 


{ 


struct  Ringlterator  * i t e r ; 
int  level,  initlevel  ; 
int  nobjs; 
int  err; 


/*  First  add  the  object  */ 

if  ( ( e r r = r i n g S e t Add  0 b j e c t ( d e s t , obj))  < 0) 
return  err; 


iter  = ringlterCreate(src); 
if  (liter) 

return  ringSetError(src)->error; 


> 


nobjs  = 1; 

initlevel=ringIterSeekTo(iter,  obj); 
if  (initlevel  < 0) 

return  initlevel; 
level  = initlevel  + 1; 
while  (level  > initlevel)  { 

union  RingObject  * c h i l d ; 

err  = ringIterNextObject(iter,  level); 

if  (err  < 0)  { 

r i ngl  terDest roy ( i ter) ; 
return  err; 

> 


> 


if  (err  > 0)  { 

child  = ringlterCurrentObjectliter,  level); 
if  ( ! chi  Id) 

return  ringSetError(src)->error; 
if  ( ( e r r = r i n g S e t AddOb j e c t ( d e s t , child))  < 0) 
return  err; 

+ + nobj  s; 

+ + l e v e l ; 

> else  f 

--level; 

> 


ringlterDestroy(iter); 
return  nobjs; 


/* 

* Service 

* and  opt 

* and  its 

* info  on 

* / 

static  int 


routine  for  s e l e c t R i n g 0 b j e c t , below.  This  one  selects  a user  ID 
onally  a signature  from  a RingSet  composed  of  a single  key 
descendants.  See  the  comments  for  s e l e c t R i ng 0b j e c t for  more 
the  parameters. 
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s e L e c t C h i L dO b j e c t ( s t r u c t PgpEnv  *env,  struct  RingSet  *to_select, 

int  selecttype,  char  const  *prep,  FILE  *log, 
union  RingObject  **pobj) 


{ 


struct  RingSet  *to_select2; 

int  err; 

byte  type; 

char  headerC2563; 

unsigned  c o u n t s C R I N G T Y P E_M AX ] ; 

assert  (selecttype==RINGTYPE_NAME 


selecttype==RINGTYPE_SIG); 


r i ng S e t C o u n t Ty p e s ( t o_s e l e c t , counts,  R I N G T Y P E_M A X ) ; 
it  (selecttype  ==  R I N G T Y P E_N A M E ) 
sprintf  (header, 

"Please  select  a user  ID  %s:",  prep); 
else 

sprintf  (header, 

"Please  select  a user  ID  with  a signature  %s:",  prep); 
type  = R I N G T Y P E_N  A M E ; 

err  = s e l e c 1 0 n e R i n g 0 b j ( e n v , to_select,  2,  pobj,  log, 

header,  & t y p e , typeFilt,  namePrint); 

i f (err)  { 

if  (log) 

fprintf  (log, 

"No  user  ID's  selected  %s.\n",  prep); 

ri ngSetDestroy(t o_s  elect); 
return  0; 

> 

/*  Keep  name  and  all  its  children  */ 
if  ( ! ( t o_s e l e c t 2 = r i n g S e t C r e a t e ( r i ng poo  l ) ) ) f 
ringSetDestroy(t o_s  elect); 
return  ringPoolError(ringpool)->error; 

> 

r i ng S e t Ad d H i e r a r c h y ( t o_s e l e c t 2 , to_select,  *pobj); 
ri ngSet  Freeze ( to_se lect2 ) ; 

if  (selecttype  ==  R I NGT Y PE_S I G ) { 

r i n g S e t C o u n t Ty pe s ( t o_s e l e c t 2 , counts,  RINGTYPE_MAX); 
assert ( count sERINGTYPE_KEY-1 ] ==  1); 
assert ( c o u n t s E R I N G T Y P E_N AM E - 1 ] ==  1); 
sprintf  (header, 

"Please  select  a signature  %s:",  prep); 

err  = s e l e c t 0 n e R i n g 0 b j ( e n v , to_select2,  3,  pobj,  log, 

header,  &type,  sigFilt,  sigPrint); 

if  (err)  { 

if  (log) 

fprintf  (log, 

"No  signatures  selected  %s.\n",  prep); 

ri ngSetDestroy(t o_s  e l e c t 2 ) ; 
return  0; 

> 


ringSetDestroy(t  o_s  elect2); 

assert(counts[selecttype-1]  >=  1); 

return  countstselecttype-13;  /*  success  */ 
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/* 

* Selection  routine. 

* Selects  a key,  userid  or 

* signature  depending  on  the  selecttype  parameter,  a RINGTYPE_  value. 

* Returns  pointer  to  the  object  in  *pobj.  Prep  is  a prepositional 

* clause  like  "to  be  removed".  Returns  0 if  no  keys  selected,  negative 

* on  error.  If  objects  are  selected  returns  the  number  of  objects  at 

* that  level,  e.g.  if  a user  ID  is  selected  it  returns  the  number  of 

* user  ID's  on  that  key;  if  a signature  is  selected  it  returns  the 

* number  of  sigs  on  that  user  ID.  This  will  always  be  at  least  1. 

*/ 

static  i n t 

s e l e c t R i n g 0 b j e c t ( s t r u c t PgpEnv  *env,  int  argc,  char  **argv,  char  const  *pub, 

struct  RingSet  const  *pubring,  int  selecttype, 

char  const  *prep,  FILE  *log,  union  RingObject  **pobj) 

{ 

struct  RingSet  *to_select  = NULL,  *to_select2  = NULL; 

char  namebufC256]; 

char  headerC256D; 

s i z e_t  name l en ; 

int  anykeys  = 0; 

int  err; 

unsigned  c oun t s C R I NGT Y PE_M AX ] ; 

/ * 

* Protect  headerCD  from  being  overfilled  by  the  sprintf  1 s to  it. 

* prep  is  only  set  within  the  program  to  small  strings,  so  this 

* should  never  happen. 

* / 

assert  (strlen(prep)  < 100); 

if  (argc  ==  0)  f 

assertC  log) ; 
fprintf  (log, 

"A  user  ID  is  required  to  select  the  key  you  want  %s.\n\ 

Enter  the  key's  user  ID:  ",  prep); 

namelen  = pgpTtyGetString  (namebuf,  sizeof  (namebuf),  log); 
argv  = (char  **)pgpMemAlloc(sizeof(char  *)); 
argvCOH  = namebuf; 
argc  = 1 ; 

> 

/*  Set  up  for  return  */ 

ringSetCountTypes(pubring,  counts,  R I N G T Y P E_M A X ) ; 


anykeys  = selectKeyArgs  (env,  argc,  argv,  pub,  pubring,  St o_ select,  0); 
if  (anykeys)  { 

ringSetFreeze(t o_s  elect); 
if  (selecttype  ==  R I N G T Y P E_N AM E ) 
sprintf  (header, 
ith  a user  ID  % s : " , prep); 
else  if  (selecttype  ==  R I NG T Y P E_S I G ) 
sprintf  (header. 


Please 

select 

a key 

else 

Please 

select 

a key 

else 

Please 

select 

a key 

sprintf  (header, 
s : " , p r e p ) ; 

anykeys  = ! s e l e c t On e R i n g 0 b j (env,  to_select,  1,  pobj,  log, 

header,  NULL,  keyFilt,  keyPrint); 
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} 

if  (!  anykeys ) { 
if  (Log) 

fprintf  (Log, 

No  keys  seLected  %s.\n",  prep); 

ringSetDestroy(to_seLect); 
return  0 ; 

> 

/*  Add  key  and  aLL  its  chiLdren  to  a new  ringset  caLLed  to_seLect  */ 
to_seLect2  = ringSetCreate(ringpooL); 
if  (it  o_s  e L e c t 2 ) { 

ringSetDestroy(t  o_s  e L e c t ) ; 

return  ringPooLError(ringpooL)->error; 

} 

r i ng S e t Ad d H i e r a r c h y ( t o_s e L e c t 2 , to_seLect,  *pobj); 
ri  ngSetDestroy (t o_s  e L e c t ) ; 
to_seLect  = to_seLect2; 
ringSetFreeze(t o_s  e L e c t ) ; 

/*  HandLe  signature  and  user  ID  seLection  */ 
if  (seLecttype  !=  R I NGT Y P E_KE Y ) ( 

err  = s e L e c t C h i L dO b j e c t ( e n v , to_se  Lect,  seLecttype, 

prep.  Log,  pobj); 
ringSetDestroy(t o_s  e L e c t ) ; 
return  err; 

> 

ri  ngSetOestroy(t o_s  e L e c t ) ; 

assert(counts[seLecttype-1]  > = 1); 

return  count s[ se Lee t type-1 ];  / * success  * / 


static  i n t 

doKeyAdd  (struct  PgpEnv  *env,  int  arge,  char  *argvCH,  struct  PgpTtyUI  *ui_arg) 
{ 

struct  RingSet  *pubring  = NULL,  *secring  = NULL; 

struct  RingSet  *newpub  = NULL,  *newsec  = NULL; 

struct  RingSet  *tmpring,  *keyfiLe  = NULL; 

struct  Ri nglterator  * i t e r ; 

char  const  *pub,  *sec; 

int  needwri tesec-0; 

int  newkeys  = 0; 

int  err  = 0; 


mainOpenPubSec(env,  &pub,  Spubring,  Ssec,  Ssecring,  stderr); 


#i  f 0 


ft  e L s e 


ft  e n d i f 


if  (large)  { 


fprintf 
/*  BUG. 
key f i L e 


(stderr,  "No  input  fiLes  --  reading  from  s t d i n \ n " ) ; 

This  won't  work,  requires  fseek/fteLL  */ 

= mainOpenKeyring  (stdin,  0 ) ; 


fprintf  (stderr,  "No  key  f i L e specified  for  addition\n"); 
goto  cLeanup; 


> eLse  white  (arge--)  ( 

struct  RingSet  *temp; 
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FILE  * f p ; 

struct  PgpFile  * p f p ; 
struct  RingFile  * r i n g ; 


"\nAdding 


> 


fprintf  (stderr,  "Opening  ringfile  \ " % s \ " . . . \ n " , argvCOH); 
fp  = fopen  (argvCO],  " r b " ) ; 

ptp  = pgpFileReadOpen  (fp,  NULL,  NULL);  / * chain  errors  * / 
/*  We  will  never  close  this  ringfile  */ 

ring  = ringFileOpen  (ringpool,  pfp,  0,  Serr);  / * chain  * / 
temp  = r i n g S e t C o py ( r i ng F i l e S e t ( r i ng  ) ) ; /*  chain  */ 

if  ( ! temp)  { 

fprintf  ( stderr,  "Unable  to  open  file  \"%s\"\n", 
argvCOd); 


> else  { 


keys:\n\n"); 


> 

fprintf 
a r g v + + ; 


fprintf  (stderr, 

r i ngT t yKeyVi ew ( ( vo i d *)ui_arg,  NULL,  temp,  argvCOH, 

newkeys++; 

if  (keyfile)  f 

struct  RingSet  * t r i n g ; 

tring  = ringSetUnion(keyfile,  temp); 
ringSetDestroy(keyfi  le); 
ringSetDestroy(temp); 
keyfile  = tring; 

> else 

keyfile  = temp; 

(stderr,  " \ n " ) ; 


0); 


if  ( ! newkeys)  { 

fprintf  (stderr,  "No  keys  to  add\n"); 
goto  cleanup; 

} 


/*  Add  keys  in  keyfile  to  copy  of  pubring/secring  as  appropriate  */ 
newpub  = ringSetCreate(ringpool); 
newsec  = ringSetCreate(ringpool); 
if  ( ! newpub  ||  Inewsec)  { 

err  = P G P E R R_N 0 M E M ; 
goto  cleanup; 

> 

ringSetAddSet(newpub,  pubring); 
ringSetAddSet (newsec,  secring); 
ringSetDestroy(pubring)  ; 
ringSetDestroy(secring); 
pubring  = secring  = NULL; 


ringSetFreeze(keyfi  le); 

iter  = ringlterCreate(keyfile); 

if  (liter)  { 

err  = ringPoolError(ringpool)->error; 
goto  cleanup; 

> 

while  ( r i n g 1 1 e r N e x t 0 b j e c t ( i t e r , 1)  > 0)  { 

union  RingObject  *obj  = ringIterCurrentObject(iter,  1); 
assert(obj  ); 

assert  ( r i ng Ob j e c t Ty pe  (obj)  ==  R I NG T Y P E_KE Y ) ; 


106 


apps/ pgpk/ main.c 


> 


/*  Treat  secret  keys  differently  from  public  */ 
if  ( r i n g Key  I s S e c ( key f i l e , obj))  { 
struct  RingSet  * t r i n g ; 
struct  RingSet  * t r i n g 2 ; 
union  RingObject  * s e c o b j ; 
struct  Ringlterator  * i t e r s e c ; 
i n t level; 


/*  Create  tring  holding  just  this  key  and  children  */ 
tring  = ringSetCreate(ringpool); 
tring2  = ringSetCreate(ringpool); 
if  (String  ||  !tring2)  { 

err  = ringPoolError(ringpool)->error; 
ringSetDestroy(tring); 
ringSetDestroy(tring2); 
goto  cleanup; 

> 

ringSetAddHierarchy(tring,  keyfile,  obj); 
ringSetFreeze(tring); 


/*  Make  tring2  which  holds  tring  minus  signatures  */ 
r i ng S e t Add S e t ( t r i ng 2 , tring); 
itersec  = ringlterCreate(tring); 

whi  le  C(level  = ringIterNextObjectAnywhere(itersec))>0) 
union  RingObject  *iterobj; 

iterobj  = ringIterCurrentObject(itersec,level) 
if  ( r i n g Ob j e c t Ty p e ( i t e r ob j ) ==  R I N G T Y P E_S I G ) 
ringSetRem0bject(tring2,  iterobj  ); 


> 


{ 


/ * Add  set  minus  sigs  to  secret  keyring  * / 
ringSetAddSetCnewsec,  t r i n g 2 ) ; 

/*  Make  another  copy  of  tring,  this  one  minus  secret  */ 

ringSetAddSet(tring2,  tring); 

ringlterRewindlitersec,  1); 

r i n g 1 1 e r N e x t 0 b j e c t ( i t e r s e c , 1); 

secobj  = NULL; 

while  ( r i n g 1 1 e r N e x t 0 b j e c t ( i t e r s e c , 2)  > 0)  { 

secobj  = ringlterCurrentObjectlitersec,  2); 
if  ( r i n g 0 b j e c t Ty p e ( s e c o b j ) ==  R I NGT Y P E_S E C ) 
break; 

> 

assert  (secobj); 
ringlterDestroy(itersec); 
ringSetRem0bject(tring2,  secobj  ) ; 
ringObjectRelease(secobj ); 


/*  Add  set  without  secret  to  pubring  */ 
ringSetAddSet(newpub,  tring2); 
ringSetDestroy(tring2); 
ringSetDestroy(tring); 


needwri tesec  = 1; 

> else  { 

/*  Add  to  public  keyring  */ 

r i n g S e t Add H i e r a r c h y ( n e w pu b , keyfile,  obj); 
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ringlterDestroyCi ter); 
ringSetDestroyCkeyfi l e ) ; 
keyfile  = NULL; 
ringSetFreeze(newpub); 
ringSetFreeze(newsec); 

if  ( ! p g p e n v G e 1 1 n t (env,  P G P E N V_F 0 R C E , NULL,  NULL))  { 

if  ( p g p e n v G e 1 1 n t (env,  P G P E N V_B  A T C FI  M 0 D E , NULL,  NULL))  { 
fprintf  (stderr, 

"Use  tforce  to  add  keys  in  batchmode\n\ 

Key  addition  cancelled. \n"); 

goto  cleanup; 

> 

if  (needwritesec) 
fprintf  (stderr, 

"Do  you  want  to  add  these  keys  to  keyrings  \"%s\"  and\n"\ 

"\"%s\"  (y/N)?  ",  pub,  sec); 

else 

fprintf  (stderr, 

"Do  you  want  to  add  these  keys  to  keyring  \"%s\"  (y/N)?  ",  pub); 

if  ( ! p g pT t y G e t B o o l ( 0 , stderr))  ( 

fprintf  (stderr,  "Key  addition  cancelled. \n"); 
err  = 0 ; 
goto  cleanup; 

> 

> 

/*  Do  maintenance  pass  on  new  rings.  */ 

reloadAl IKeys  (env,  0,  1);  /*  no  untrusted  keyrings  */ 

tmpring  = ringSetUnion(allkeys,  newpub); 
ringSetDestroy(allkeys); 

allkeys  = r i n g S e t U n i o n ( t mp r i n g , newsec); 
ringSetDestroy(tmpring); 

err  = mainDoMaint  ((void  *)  ui_arg,  allkeys,  1,  newpub); 
if  (err  < 0) 

goto  cleanup; 

mainRingNewSet  (pub,  P G P_W R I T E T R U S T_P U B , newpub); 
newpub  = 0;  /*  Don't  destroy  it  */ 

if  (needwritesec)  { 

mainRingNewSet  (sec,  P G P_W R I T E T R U S T_S E C , newsec); 
newsec  = 0;  /*  Don't  destroy  it  */ 


fprintf  (stderr, 

"Keys  added  successfully. \n"); 
err  = 0; 

cleanup: 

if  (pubring) 

ringSetDestroy(pubring); 
if  (secring) 

ringSetDestroy(secring); 
if  (newpub ) 

ringSetDestroy(newpub); 
if  (newsec) 

ringSetDestroy(newsec); 
if  (keyfile) 

ringSetDestroy(keyfi  le); 
return  err; 

> 
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static  i n t 
doKeyExtract 


(struct  PgpEnv  *env,  struct 
struct  PgpTtyUI  *ui_arg) 


struct  RingSet  *pubring  = NULL; 
struct  RingSet  * k e y f i l e = NULL; 
char  const  * p u b ; 

byte  doarmor  = flags->doarmor; 
i n t err; 


Flags  * f l a g s , 


int  argc,  char  *argv[]. 


> 


(void)  ui_arg; 

/ * Check  the  command-line  args  for  armor  * / 
if  ( ! doarmor  &&  flags->argc  SS  strchr  ( f l a g s -> a r g s , 'a')) 

doarmor++; 

mainOpenPubSec(env,  & p u b , &pubring,  NULL,  NULL,  stderr); 
if  (ipubring)  t 

fprintf  (stderr,  "No  keys  in  pubring\n"); 
return  0; 

> 

err  = selectKeyArgs  (env,  argc,  argv,  pub,  pubring,  Skeyfile,  0); 
if  (err  < 0) 

return  err; 
if  (err  ==  0)  C 

fprintf  (stderr,  "No  keys  were  selected  for  extraction.  \n"); 
return  0; 

> 

ringSetFreeze  (keyfile); 
ringSetDestroy(pubring); 


if  ( f l a g s -> o u t f i l e && 

pg pT t y C h e c k 0 v e r w r i t e ((void  *)  ui_arg,  f l a g s -> o u t f i l e ) ) 
return  PG P E R R_N0_F I L E ; 
if  (doarmor)  C 


FILE 

* f p 

i f ( 

! f p) 

err 

= ma 

> else 

if  (flags 

F I LE 

* f p 

i f ( 

! f p ) 

err 

= ma 

> else 

err 

= ma 

= f l a g s - > o u t f i l e ? f o p e n ( f l a g s - > o u t f i l 


return  PGPERR_N0_FILE; 

inWri teArmoredSet  (fp,  0,  keyfile,  env) 
->outfile)  { 

= fopen(flags->outfile,  " w b " ) ; 

return  PG P E R R_N 0_F I L E ; 
inWriteSet  ( f p , 0,  keyfile); 

inWriteSet  (stdout,  0,  keyfile); 


e,  "wa" 
stdout 


) 


> 

ringSetDestroy(keyfi  le); 
return  err; 


static  int 

keygenProgress  (void  *arg,  int  c) 

{ 

(void)arg;  / * make  the  compiler  happy  */ 
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putc  ( c , stderr) 
fflush  (stderr); 
return  0 ; 


/*  Optional 
static  int 
doKeyGenerate 
{ 


Arguments:  name  keybits  */ 

(struct  PgpEnv  *env,  int  argc,  char  *argv[],  void  *ui_arg) 


struct  RingSet  * p u b r i n g = NULL,  * s e c r i n g = NULL; 
struct  RingSet  *newpub  = NULL,  * n e w s e c = NULL; 
struct  PgpKeySpec  *keyspec  = NULL; 

struct  PgpSecKey  *seckey  = NULL,  *subseckey  = NULL; 
struct  PgpPkAlg  const  * p k a l g , *subkalg; 

char  const  * p u b = NULL,  *sec  = NULL;  / * make  the  compiler  happy  * / 

char  * n a m e = NULL,  namebufH2563; 

s i ze_t  namelen  = 0; 

unsigned  keybits  = 0; 

int  keytype ; 

unsigned  entropy; 

int  error  = 0; 

unsigned  len; 

char  bufC20d; 

fprintf  (stderr. 

Choose  the  type  of  your  public  key:\n"\ 

1)  DSA/ElGamal  - New  for  PGP  3!  Separate  signing  and  encryption  keys \n"  \ 

2)  RSA  - Compatible  with  old  versions  of  PGP\n"\ 

3)  RSA  pair  - Separate  signing  and  encryption  using  RSA\n"\ 

Choose  1,  2,  or  3:  "); 

len  = pgpTtyGetString  (buf,  sizeof(buf),  stderr); 
if  ( ! I e n ) { 

fprintf  (stderr,  "No  key  type  was  chosen\n"); 
error  = - 1 ; 
goto  cleanup; 

> 

keytype  = atoi(buf); 
switch  (keytype)  { 
case  1 : 

pkalg  = pg p P k a l g By N umbe r ( PG P_PKA LG_D S A ) ; 
subkalg  = pg p P ka l g By N umbe r ( PG P_PKA LG_E LG  AM A L ) ; 
break; 

pkalg  = pg pP ka l gBy Numbe r ( PG P_PKA LG_R S A ) ; 
subkalg  = 0; 
break; 

pkalg  = pgpPka l gBy Numbe r ( PG P_PKA LG_RS A ) ; 
subkalg  = pg p P k a l g By N u m b e r ( PG P_P K A L G_R S A ) ; 
break; 

/*  Allow  unforeseen  key  types  */ 
pkalg  = pgpPkalgByNumber(keytype); 
subkalg  = 0; 
break; 

} 

if  (ipkalg)  { 

fprintf  (stderr,  "No  legal  key  type  was  chosen\n"  ) ; 
error  = - 1 ; 


case  2 


case 


default 
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goto  cleanup; 


/*  Need  to  get  userid,  keysizes,  etc.  */ 
it  (argc)  { 

name  = argvlO] ; 
namelen  = strlen  (name); 
a r g v + + ; 
argc  — ; 

> 

if  (argc)  { 

keybits  = atoi  (argvCOO); 

argv++; 

argc--; 


if  (Ikeybits)  f 
f pu  t s ( 

"\nPick  your  p u b l i c / p r i v a t e keypair  key  size:\n\ 

\ n * * * * * TEMPORARY  LABELS,  TO  BE  DETERMINED  LATER!!  *****\n\n\ 

Commercial  grade,  probably  not  currently  breakable\n\ 
High  commercial  grade,  secure  for  many  years\n\ 
\"Military\"  grade,  secure  for  the  forseeable  future\n\ 
Archival  grade,  slow,  highest  securi ty\n\ 

4,  or  enter  desired  number  of  bits:  ",  stderr); 
fflush  (stderr)  ; 

len  = pgpTtyGetString  (buf,  sizeof(buf),  stderr); 
if  ( ! I e n ) L 

fprintf  (stderr,  "Keygen  error\n"); 
error  = - 1 ; 
goto  cleanup; 


1 ) 

768 

bits- 

2) 

1024 

bits- 

3) 

2048 

b i t s - 

4) 

3072 

bits- 

Choose 

1,  2, 

3 , or 

keybits 

switch 


atoi  (buf) 


( keyb i 

t s ) 

case 

1 : 

keybits  = 

768; 

case 

2 : 

keybits  = 

1024 

case 

3 : 

keybits  = 

2048 

case 

4 : 

keybits  = 

3072 

default: 

if  ( keybi 

t s < 

'Minimum  key  size  is  512  bits\n") 


> 

i f 


"Maximum  key  size  is  4096  bits\n") 


break; 

; break; 

; break; 

; break; 

512)  { 
fprintf  (stderr, 

error  = - 1 ; 
goto  cleanup; 


(keybits  > 4096)  { 

fprintf  (stderr, 

error  = -1; 
goto  cleanup; 


break; 


i f ( 


"\nYou  need 


! name  ) C 

name  = namebuf; 
f pu  t s ( 

a user  ID  for  your  public 


key.  The  desired  form  for  this\n\ 
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user  ID  is  your  name,  followed  by  your  E-mail  address  enclosed  in\n\ 

<angle  brackets>,  if  you  have  an  E-mail  address . \n\ 

For  example:  John  Q.  Smith  < 1 2 3 4 5 . 6 7 8 9 a c o m p u s e r v e . c o m > \ n \ 

Enter  a user  ID  for  your  public  key:  ",  stderr)  ; 

fflush  (stderr); 

namelen  = pg pT t y G e t S t r i n g (namebuf,  sizeof  (namebuf),  stderr); 

> 

if  ( ! namelen)  C 

fprintf  (stderr,  "Keygen  error\n"); 
error  = -1; 
goto  cleanup; 

> 

/*  Open  the  existing  keyrings  */ 

mainOpenPubSecCenv,  & p u b , Spubring,  & s e c , Ssecring,  stderr); 

/*  Copy  pubring  and  secring  */ 

newpub  = ringSetCreate  (ringpool)  ; 

r i n g S e t Add S e t (newpub,  pubring); 

ringSetDestroy(pubring); 

newsec  = ringSetCreate  (ringpool); 

r i n g S e t Ad d S e t (newsec,  secring); 

ringSetDestroy(secring); 

if  ( ! newpub  ||  inewsec)  { 

error  = P G P E R R_N 0 M E M ; 
goto  cleanup; 

> 

/*  Generate  Randomness  */ 
if  ( ! rng) 

rng  = p g p R a n d o m C r e a t e ( ) ; 

/*  Need  to  ask  for  randomness  */ 

entropy  = pgpSecKeyEntropy  (pkalg,  keybits); 

if  (subkalg) 

entropy  +=  pgpSecKeyEntropy  (subkalg,  keybits); 
pgpTty RandAc cum  (ui_arg,  entropy); 

/*  Generate  the  SecKey  */ 

seckey  = pgpSecKeyGenerate  (pkalg,  keybits,  rng,  k e y g e n P r o g r e s s , 

NULL,  Serror); 

pgpRandomS t i r (rng); 
if  (!  seckey  &&  lerror) 

error  = PG P E R R_N0M E M ; 
if  (error) 

goto  cleanup; 

/*  Need  to  lock  the  SecKey  */ 
fprintf(stderr,  "\n\ 

You  need  a pass  phrase  to  protect  your  %s  private  key.\n\ 

Your  pass  phrase  can  be  any  sentence  or  phrase  and  may  have  many\n\ 
words,  spaces,  punctuation,  or  any  other  printable  characters  . \ n", 

(subkalg  ? "signature"  : "RSA")); 

error  = setPassword  (env,  seckey,  ui_arg); 
if  (error) 

goto  cleanup; 
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/*  Generate  the  keyring  objects  */ 

keyspec  = pg pKe y S pe c C r e a t e (env); 
if  ( ! keyspec)  { 

error  = PG P E R R_N OM E M ; 
goto  cleanup; 

> 


error  = ri ngCreateKeypa 

if  (error) 

goto  cleanup; 


r (env, 
newpub. 


s e c k e y , 
newsec) 


keyspec,  name,  namelen,  rng. 


/*  Make  subkey  if  requested  */ 
if  (subkalg)  f 

/*  Generate  the  subseckey  */ 

subseckey  = pgpSecKeyGenerate  (subkalg,  keybits,  rng, 

keygenProgress,  NULL,  Serror); 

pgpRandomStir  (rng); 
if  ('.subseckey  &&  lerror) 

error  = P G P E R R_N 0 M E M ; 
if  (error) 

goto  cleanup; 

/*  Need  to  lock  the  encryption  SubSecKey  */ 
fprintf (stderr,  "\n\ 

You  also  need  a pass  phrase  to  protect  your  encryption  private  key  . \ n\ 

Your  pass  phrase  can  be  any  sentence  or  phrase  and  may  have  many\n\ 
words,  spaces,  punctuation,  or  any  other  printable  characters. \n"); 

error  = setPassword  (env,  subseckey,  ui_arg); 
if  (error) 

goto  cleanup; 


error  = ringCreateSubkeypai r (env,  seckey,  subseckey,  keyspec, 

rng,  newpub,  newsec)  ; 

if  (error) 

goto  cleanup; 


/*  Freeze  the  sets  */ 
ringSetFreeze  (newpub); 
ringSetFreeze  (newsec); 

/*  Write  out  newpub  and  newsec  */ 

mai  nRi  ngNewSet  (sec,  P G P_W R I T E T R U S T_S E C , newsec); 
m a i n R i n g N e w S e t (pub,  P G P_W R I T E T R U S T_P U B , newpub); 
newsec  = newpub  = 0;  /*  Don't  destroy  these  */ 


cleanup: 

i f 

i f 

i f 

i f 

i f 


(newpub) 

ringSetDestroy  (newpub); 
(newsec) 

ringSetDestroy  (newsec); 
(seckey) 

pgpSecKeyDes t roy  (seckey); 
(subseckey) 

pgpSecKeyDestroy  (subseckey); 
(keyspec) 
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pgpKeySpecDestroy  (keyspec); 
putc  ('\n',  stderr); 
if  ( ! error) 

fprintf  (stderr, 

"Keypair  created  successful  ly.  \n\ 

Public  Key  written  to  %s\n\ 

Private  Key  written  to  %s\n",  pub,  sec); 

return  error; 

> 


static 
d o Ke  y D 

{ 


#i  f 0 
# e n d i f 


i n t 

sable  (struct  PgpEnv  *env,  int  argc, 
struct  PgpTtyUI  *ui_arg) 

struct  RingSet  * p u b r i n g = NULL; 
struct  RingSet  * k e y s = NULL; 
char  const  * p u b ; 
union  RingObject  * o b j ; 

struct  Ringlterator  * i t e r ; 

int  disabled; 

int  d o n e_s om e t h i ng  = 0; 

int  err; 

(void)  u i _a  r g ; 


char  *argv[]. 


ma  i nOpenPubSec ( env,  &pub,  Spubring,  NULL,  NULL,  stderr); 
if  (!  pubring)  { 

fprintf  (stderr,  "No  keys  in  pubring\n"); 
return  0 ; 

> 

# i f 0 

selectKeyArgs  (env,  argc,  argv,  pub,  pubring,  & k e y s , 0 ) ; 
ringSetFreeze  (keys); 

//else 

/*  Select  object  to  remove  */ 

err  = s e l e c t R i n g 0 b j e c t ( e n v , argc,  argv,  pub,  pubring,  R I N G T Y P E_KE Y , 

"to  disable  or  enable",  stderr,  Sobj); 

keys  = pubring; 
if  (err  <=  0)  { 

return  0; 

> 

assert(ringObjectType(obj)  ==  R I N G T Y P E_K E Y ) ; 

# e n d i f 

disabled  = ringKeyDisabled  (keys,  obj); 
fprintf  (stderr,  "\n"); 
ringKeyPrint  (stderr,  keys,  obj,  1); 
fprintf  (stderr,  "\n"); 
if  (disabled)  { 

fprintf  (stderr,  "Re-enable  this  key?  (y/N)  "); 
if  ( pgpTtyGetBoo l (0,  stderr))  { 

ringKeyEnable  (pubring,  obj); 
done_somet h i ng  = 1; 

fprintf  (stderr,  "\nKey  re-enabled. \n"); 

} 

> 
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> 


else  { 

fprintf  (stderr,  "Disable  this  key?  (y/N)  "); 

if  ( pg pT t y G e t B o o l (0,  stderr))  ( 

ringKeyDisable  (pubring,  obj); 
d o n e_s ome t h i n g = 1; 

fprintf  (stderr, "\nKey  disabled. \n"); 

> 

> 

ringSetDestroy  (keys); 

/*  Uncomment  if  disabled  keys  cannot  participate  in  trust  computation 
if  ( d o n e_s ome t h i ng ) { 

reloadAllKeys  (env,  0,  1);  C*  no  untrusted  keyrings  * ] 
return  mainDoMaint  ((void  *)  ui_arg,  allkeys,  2,  allkeys); 

> 

*/ 

return  0; 


static  int 
doKeyCheck 

{ 


(struct  PgpEnv  *env,  struct 
struct  PgpTtyUI  *ui_arg) 


Flags 


struct  RingSet  *pubring  = NULL; 
struct  RingSet  * k e y s ; 
char  const  * p u b ; 


★flags. 


int  argc. 


char  *argv[]. 


(void)flags; 

mainOpenPubSec(env,  &pub,  Spubring,  NULL,  NULL,  stderr); 


if  (Ipubring)  { 

fprintf  (stderr,  "No  keys  in  pubring\n"); 
return  0; 

> 

reloadAllKeys  (env,  0,  1);  /*  no  untrusted  keyrings  */ 

fprintf  (stderr,  "\n"); 
if  (argc  > 0)  f 

s e l e c t Key A r g s (env,  argc,  argv,  pub, 

pubring,  Skeys,  0); 
ringSetFreeze  (keys); 

r i ngTtyKeyVi ew  ((void  *)  ui_arg,  keys,  allkeys,  NULL,  3); 
ringSetDestroy  (keys); 

> else  f 

int  err  = mainDoMaint  ((void  *)  ui_arg,  allkeys,  2,  NULL); 
if  (err  < 0)  ( 

ringSetDestroy(pubring); 
return  err; 

> 

ringTtyKeyView  ((void  *)  ui_arg,  allkeys,  allkeys,  NULL,  4); 

> 

ringSetDestroy(pubring); 
return  0; 

> 


static  int 
doKeyList  (struct 
struct 


{ 


PgpEnv  *env,  struct 
PgpTtyUI  *ui_arg) 


Flags  *flags,  int  argc. 


char  *argv[]. 
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/ * struct  RingSet  *pubring  = NULL;  * / 
struct  RingSet  *keys; 
char  const  * p u b = NULL; 
i n t Lis  t_mod  e = 0 ; 

/ * mai nOpenPubSec (env,  & p u b , Spubring,  NULL,  NULL,  stderr);  * / 

LoadAllKeys  (env,  0,  0 ) ; 

selectKeyArgs  (env,  argc,  argv,  pub,  allkeys,  &keys,  1); 

/ * ringSetDestroy(pubring);  * / 

ri ngSet  Freeze  (keys); 

if  (f  lags->argc  > 0 &&  f l a g s - > a r g s C 0 ] ==  'l') 

list_mode  = 2;  /*  verbose  */ 

fprintf  (stderr,  " \ n " ) ; 

ringTtyKeyView  ((void  *)  ui_arg,  keys,  allkeys,  NULL,  list_mode); 

ringSetDestroy  (keys); 
return  0; 


/ * 

* Give  the  user  an  opportunity  to  edit  the  trust  of  object  obj. 

* Return  1 if  he  changes  it,  0 if  he  does  not. 

* firsttime  means  that  we  have  not  previously  had  a trust  value  for 

* this  key,  which  changes  the  wording  of  the  questions  somewhat. 

* If  OLDTRUST  is  1,  obj  should  be  a key,  else  it  should  be  a name. 

* The  key  and/or  name  should  have  been  printed  just  before  this  routine 

* is  called. 

*/ 

static  i n t 

d oKe y E d i t T r u s t ( u n i o n RingObject  *obj,  struct  RingSet  *set,  int  firsttime, 

FILE  * l og  ) 

{ 

#if  OLDTRUST 


byte  keytrust; 

//else  /*  ! OLDTRUST  */ 

word16  oldtrust; 
unsigned  long  conf value; 

# e n d i f /*  OLDTRUST  */ 

unsigned  long  trustcode; 
int  len; 

char  bufC8];  / * enough  for  7 digit  response  * / 


if  (firsttime)  { 

fprintf  (log, 

"Do  you  want  to  change  your  estimate  of  this  key  owner's  r e l i a b i l i t y \ n " \ 

"as  an  introducer  of  other  keys  (y/N)?  "); 

if  (!pgpTtyGetBool(0,  log))  T 
fprintf  (log, 

"No  changes  made.Nn"); 

return  0; 

> 

fprintf  (tog, 

" \ n " \ 

"Make  a determination  in  your  own  mind  whether  this  key  actually\n"\ 
"belongs  to  the  person  whom  you  think  it  belongs  to,  based  on  a v a i l a b l e \ n " \ 
"evidence.  If  you  think  it  does,  then  based  on  your  estimate  of \n"\ 

"that  person's  integrity  and  competence  in  key  management,  answer\n"\ 

"the  following  questionin'' ); 
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> else 


# i f OLDTRUST 

fprintf  (Log, 

"\nWould  you  trust  this  key  owner\n"\ 

"to  act  as  an  introducer  and  certify  other  people's  public 
"(1=1  don't  know.  2 = No.  3=Usually.  4=Yes,  always.)  ? "); 
len  = pgpTtyGetString  (buf,  2,  log); 
if  ( ! I e n ) C 

fprintf  (log, 

"No  changes  made  . \ n"  ) ; 

return  0 ; 

> 


trustcode  = atoi(buf); 
switch  (trustcode)  { 
case  1 : 

keytrust  = PGP_KE YTRUST_UNKNOWN; 
break; 

case  2 : 

keytrust  = PG P_KE Y T RU S T_N E V E R ; 
break; 

case  3 : 

keytrust  = PG P_KE YT R U S T_M A RG I N A L ; 
break; 

case  4 : 


keytrust  = P G P_K  E Y T R U S T_C  OMPLETE; 
break; 

default  : 


fprintf  (log, 

"Unrecognized  response.  \n"); 

fprintf  (log, 
"No  changes  made.Xn"); 

return  0; 


> 


r i ng Ke y S e t T r u s t ( s e t , obj,  keytrust); 

//else 


keys  to  you?\n"\ 


fprintf  (tog, 

"\nDescri be  the  confidence  you  have  in  this  person  as  an  introducer.\n"\ 

"What  are  the  odds  that  this  key  owner  is  going  to  be  wrong  about\n"\ 

"a  key  which  he  has  signed  as  an  i ntroducer?\n" ) ; 
if  (Ifirsttime)  C 

oldtrust  = r i n g N a m e C o n f i d e n c e (set,  obj); 
i f (oldtrust==PGP_TRUST_INFINITE) 
fprintf  (log, 

"(Currently  he  is  listed  as  having  essentially  zero  chance"\ 

" of  being  wrong. )\n"); 

else  if  ( o l d t r u s t = = 0 ) 
fprintf  (log, 

"(Currently  he  is  listed  as  not  having  any  confidence  as  an  introducer.  )\n"); 

else  C 

int  d = oldtrust-PG  P_T  R U S T_D  ECADE-PG  P_T  R U S T_0  C T A V E ; 
i n t i ; 

unsigned  long  l; 
fprintf  (log, 

"(Currently  he  is  listed  as  having  a one  in  "); 

d -=  d % P G P_T  R U S T_D  E C A D E ; 

i = d / P G P_T  R U S T_D  E C A D E ; 

l = ringTrustTo!nt(oldtrust  - d); 
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if  ( i ) 

fprintf(log. 

"%lu%0*u",  l 

else 

fprintf(log. 

" % l u " , l ) ; 

fprintf 

(log. 

" chance  of 

being  wrong. 

fprintf  (Log, 

"Enter  a number  from  1 to  2 million"); 
if  (ifirsttime) 

fprintf  (log, 

",  or  hit  return  to  leave  unchanged."); 
fprintf  (log, 

"\nHe  will  be  wrong  one  time  in:  "); 

len  = pgpTtyGetString  (buf,  sizeof(buf),  log); 
if  ( ! len)  { 

fprintf  (log, 

"No  changes  made . \n"  ) ; 

return  0; 

> 


# e n d i f 
> 


trustcode  = strtoul (buf , NULL,  0); 
confvalue  = ringlntToTrust(trustcode); 
ringNameSetConfidence(set,  obj,  confvalue); 

return  1;  /*  made  a change  */ 


/ * Helper  routine  for  doKeyEdit,  when  the  key  being  edited  is  someone  else's  * / 
static  i n t 

doKeyEdi tOthers(struct  PgpEnv  *env,  struct  Flags  *flags,  union  RingObject  *obj, 

const  char  *pub,  struct  RingSet  *pubring,  const  char  *sec, 
struct  RingSet  *secri ng,  struct  PgpTtyUI  *ui_arg) 

( 

# i f ! OLDTRUST 

struct  RingSet  * t r i n g ; 
union  RingObject  *name; 

# e n d i f 

i n t err; 

(void)  flags; 

(void)  pub; 

(void)  sec; 

(void)  secring; 


# i f OLDTRUST 

(void)  env; 

(void)  ui_arg; 

err  = doKeyEditTrust(obj,  pubring,  0,  stderr); 

//else 

/*  New  trust  model  works  on  a per  user  ID  basis.  Must  select  one.  */ 
tring  = ringSetCreate(ringpool); 
if  ( ! t r i ng  ) •( 

return  ringPoolError(ringpool)->error; 

> 

r i n g S e t Ad d H i e r a r c h y ( t r i ng , pubring,  obj); 
ringSetFreeze(tring); 
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err  = s e l e c t C h i l d Ob j e c t ( e n v , tring,  R I NGTYPE_N AME , "to  edit", 

Sname) ; 

ringSetDestroy(tring); 
if  (err  < 0 ) 

return  err; 

fprintf  (stderr,  "\n"); 
ui_arg->fp  = stderr; 

ringTtyShowKey(ui_arg,  obj,  pubring,  0); 
ringObjectReleaseCobj ) ; 


U e nd  i f 


"Public 


err  = doKeyEdi tTrust (name. 

pubring,  0, 

stderr); 

if  (err 

< 0) 

return  err; 

if  (err 

= = 0) 
return  0; 

/ * 

No  changes 

made  * / 

fprintf 

(stderr. 

keyring 

updated . \n" ); 

reloadAllKeys  (env,  0,  1 ) ; 

err  = mainDoMaint  ((void  *)  ui_arg,  allkeys,  0,  NULL); 
ringSetDestroy(pubring) ; 
ringSetDestroy(secring); 
return  err; 


/ * 

* Helper  routine  for  d o K e y E d i t S e l f , to  change  a pass  phrase. 

* If  parent  is  non-NULL,  it  is  a subkey  pass  phrase. 

* secobj  is  the  object  getting  its  pass  phrase  changed,  with  seckey 

* having  been  made  from  it. 

* / 

static  int 

d o Ke y C h a n g e Pa s s p h r a s e ( s t r u c t PgpEnv  *env,  struct  PgpTtyUI  *ui_arg, 
struct  RingSet  *set,  struct  PgpSecKey  *seckey, 
union  RingObject  *secobj,  union  RingObject  *parent) 

{ 

w o r d 3 2 validity; 
union  RingObject  *newsecobj; 
struct  PgpKeySpec  *keyspec  = NULL; 
int  err; 


fprintf  (stderr,  "\n"); 
if  ( ! r ng  ) 

rng  = pgpRandomCreate  (); 
err  = setPassword  (env,  seckey,  ui_arg); 
if  (err  < 0 ) 

return  err; 

keyspec  = pgpKeySpecCreate  (env); 
if  (!  keyspec ) 

return  PGPERR_N0MEM; 

/*  We  need  to  make  this  keyspec  just  like  the  existing  one  */ 
/*  XXX  This  could  be  put  into  the  ABI  */ 
pgpKeySpecSetCreation(keyspec, 

ringKeyCreation(al Ikeys,  secobj  ) ); 
pgpKeySpecSetVersion(keyspec,  PGPVERSIO  N_2_6 ) ; 
validity  = ringKeyExpiration(allkeys,  secobj); 
if  (validity  ! = 0)  { 


stderr. 
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validity  -=  ringKeyCreation(allkeys,  secobj); 
validity  / = 3600*24; 

> 

pgpKeySpecSetValidityCkeyspec,  validity); 

newsecobj  = ringCreateSec  (set,  parent,  seckey,  keyspec, 

seckey->pkAlg); 

pgpKeySpecDestroy(keyspec); 
if  ( ! newsecobj ) 

return  ringSetError(set)->error; 
return  0; 

> 


/*  Helper  routine  for  doKeyEdit,  when  the  key  being  edited  belongs  to  us  */ 
static  i n t 

d o Ke y E d i t S e l f ( s t r u c t PgpEnv  *env,  struct  Flags  *flags,  union  RingObject  *obj, 
const  char  *pub,  struct  RingSet  *pubring,  const  char  *sec, 
struct  RingSet  *secring,  struct  PgpTtyUI  *ui_arg) 

{ 

union  RingObject  *subobj; 

struct  RingSet  *pubset=NULL,  *secset=NULL; 
struct  PgpSigSpec  *sigspec  = NULL; 

struct  PgpSecKey  *seckey  = NULL,  *subkey  = NULL; 
int  needwri tesec=0,  needuri tepub=0; 
int  err  = 0; 

(void)flags;  /*  make  the  compiler  happy  */ 

loadAllKeysCenv,  1,  0); 


pub  = pg p e n v G e t S t r i ng  (env,  PG P E NV_P U B R I N G , NULL,  NULL); 
if  ( ! pub ) { 

fprintf  (stderr, 

"Unknown  pubring  file,  assuming  \ " pu b r i n g . pg p \ " \ n " ) ; 
pub  = " pubring. pgp"; 

> 

pubring  = mainOpenRingfile  (env,  ringpool,  pub,  "public",  1); 

/*  Create  copies  of  pub  and  secret  sets  */ 
secset  = ringSetCreate  (ringpool); 
pubset  = ringSetCreate  (ringpool); 
if  (Isecset  ||  ipubset)  f 

err  = ringPoolError(ringpool)->error; 
goto  cleanup; 

> 

ringSetAddSet(secset,  secring); 
ringSetAddSet(pubset,  pubring); 


seckey  = ringSecSecKey(allkeys,  obj,  0); 
fprintf  (stderr, 

"\nYou  need  a pass  phrase  to  unlock  your  private  key.\n"); 
ui_arg->ringset  = allkeys; 

err  = pgpTtyUnlockSeckey  (ui_arg,  obj,  seckey); 
if  (err  < 0) 

goto  cleanup; 


i f 

"\nUse  this 


! r i n g Ke y A x i oma t i c ( a l l k ey s , obj))  { 
fprintf  (stderr, 

key  as  an  ultimately-trusted  introducer  (y/N)?  "); 
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if  ( pg  pT  t y G e t Bo  o l (0,  stderr)  ) -C 

ringKeySetAxiomatic  (allkeys,  obj); 
fprintf  (stderr, 

"\nKey  has  been  marked  as  having  ultimate  confidence.  \n"); 

needwri tepub  = 1 ; 

> 

> 

fprintf  (stderr, 

"\nDo  you  want  to  add  a new  user  ID  (y/N)?  "); 
if  ( pg pT t y G e t Bo o l (0,  stderr))  { 

union  RingObject  *nameobj; 
char  namebufC256]; 
int  namelen; 

fprintf  (stderr, 

"Enter  the  new  user  ID:  "); 

namelen  = pgpTtyGetString  (namebuf,  sizeof  (namebuf),  stderr); 
if  ( ! name  l en  ) { 

fprintf  (stderr, 

"No  name  entered. \n"); 

goto  cleanup; 

> 

nameobj  = ringCreateName  (secset,  obj,  namebuf,  namelen); 
if  ( ! nameob  j ) { 

err  = ringSetError(secset)->error; 
goto  cleanup; 

} 

ringSetAddObject(pubset,  nameobj  ); 

/*  Setting  key  axiomatic  sets  name  trust  as  well  */ 
ringKeySetAxiomati c (pubset,  obj  ) ; 


fprintf  (stderr, 

'Make  this  user  ID  the  primary  user  ID  for  this  key  (y/N)? 

if  ( pg pT t y G e t Bo o l ( 0 , stderr))  { 

ringRaiseName(secset,  nameobj); 
ringRaiseName(pubset,  nameobj); 

> 


>; 


sigspec  = pg p S i g S pe c C r e a t e (env,  seckey, 

PGP_SIGTYPE_KEY_POSITIVE); 

if  ( ! rng) 

rng  = pgpRandomCreateO; 
if  (Isigspec  ||  ! rng)  { 

err  = PG P E R R_N0M E M ; 
goto  cleanup; 

> 

err  = ringSignObject  (pubset,  nameobj,  sigspec,  rng); 
pgpSigSpecDestroy(sigspec); 
sigspec  = NULL; 
if  (err  < 0 ) 

goto  cleanup; 

needwri tesec  = needwri tepub  = 1; 


subobj  = ringKeySubkey(allkeys,  obj); 
if  (subobj) 

fprintf  (stderr, 

\nDo  you  want  to  change  your  signature  key  pass  phrase  (y/N)?  "); 
else 
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fprintf  (stderr, 

\nDo  you  want  to  change  your  pass  phrase  ( y / N ) ? "); 
if  ( pg pT t y G e t Boo l ( 0 , stderr))  { 

err  = d oKey C h a n g e Pa s s p h r a s e ( e n v , ui_arg, 

seckey,  obj. 


if  (err  < 0 ) 

goto  cleanup; 
needwri  tesec  = 1; 


> 


s e c s e t , 
NULL); 


if  (subobj  & & ringKeylsSecCsecset,  subobj))  { 
fprintf  (stderr, 

"\nDo  you  want  to  change  your  encryption  key  pass  phrase  (y/N)?  "); 

if  ( pg pT t y G e t Bo o l ( 0 , stderr))  ( 
fprintf  (stderr, 

"\nYou  need  a pass  phrase  to  unlock  your  private  encryption  key.\n"); 

subkey  = ringSecSecKey(allkeys,  subobj,  0 ) ; 
assert(subkey) ; 

err  = pgpTtyUnlockSeckey  (ui_arg,  obj,  subkey); 
if  (err  < 0 ) 

goto  cleanup; 

err  = d o Ke y C h a n g e Pa s s p h r a s e ( e n v , ui_arg,  secset, 

subkey,  subobj,  obj); 


if  (err  < 0) 


> 


> 


goto 

needwri tesec 


cleanup; 
= 1; 


/*  Write  out  new  results  */ 
if  (needwri tesec)  { 

ringSetFreeze  (secset); 

mai nRi ngNewSet  (sec,  P G P_W R I T E T R U S T_S E C , secset); 
secset  = 0;  / * Don't  destroy  this  * / 

fprintf  (stderr, 

"Private  keyring  updated.  \n"); 

> 

if  (needwri tepub)  ( 

ringSetFreeze  (pubset); 

mainRingNewSet  (pub,  PG P_W R I T E T R U S T_P U B , pubset)  ; 
pubset  = 0;  / * Don't  destroy  this  * / 

fprintf  (stderr, 

"Public  keyring  updated.  \n"); 

> 

cleanup: 

if  (seckey) 

pgpSecKeyDestroy(seckey); 
if  (subkey) 

pgpSecKeyDestroy(subkey); 
if  (pubset) 

ringSetDestroy(pubset); 
if  (secset) 

ringSetDestroy(secset); 
if  (pubring) 

ringSetDestroy(pubring); 
if  (secring) 

ringSetDestroy(secring); 
return  err; 
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> 


static  i n t 

doKeyEdit  (struct  PgpEnv  *env,  struct 
struct  PgpTtyUI  *ui_arg) 


Flags 


★flags. 


i n t a r g c , 


struct  RingSet  * p u b r i n g = NULL,  *secri ng  = NULL; 

union  RingObject  * o b j ; 

char  const  *pub,  * s e c ; 

char  const  *prep  = "to  edit"; 

i n t err; 


char  *argv[]. 


(void)flags;  / * make  the  compiler  happy  * / 

ma i n 0 p e n Pu b S e c ( e n v , Spub,  Spubring,  Ssec,  Ssecring,  stderr); 

if  (Ipubring  j|  ! secring)  ( 

fprintf  (stderr,  "No  keys  in  pubring  or  secring\n"); 
return  0; 


> 


l o a d A l l Ke y s ( e n v , 1,  0); 


/*  Select  object  to  sign  */ 

err  = s e l e c t R i n g 0 b j e c t ( e n v , argc,  argv,  pub, 

prep,  stderr,  & o b j ) ; 


if  (err  <=  0) 

return  err; 


pu  b r i n g , 


R I N G T Y P E_K  E Y , 


fprintf  (stderr,  "\n"); 

ringKeyPrint  (stderr,  pubring,  obj,  1); 
fprintf  (stderr,  "\n"); 


> 


if  ( r i n g Ke y I s S e c ( a l l k e y s , obj)) 

return  d oKey E d i t S e l f ( e n v , 

sec. 


else 


flags,  obj,  pub,  pubring, 
secring,  u i _a  r g ) ; 


return  d oKe y E d i t 0 t h e r s ( e n v , 

sec. 


flags,  obj,  pub,  pubring, 
secring,  ui_arg); 


/ * 

* This  handles  key,  user  ID  (with  -ru),  or  signature 
*/ 

static  i n t 

doKeyRemove  (struct  PgpEnv  *env,  struct  Flags  *flags, 
struct  PgpTtyUI  *ui_arg) 


C 


struct  RingSet  *pubring  = 
struct  RingSet  *secring  = 
struct  RingSet  *keyfile  = 
union  RingObject  *obj; 
char  const  *pub,  *sec; 
int  numseckeys  = 0; 
int  err  = 0; 
int  removelevel; 
const  char  *prep  = "to  be 


N U L L ; 

N U L L ; 

NULL,  *seckeyfile  = 


removed"; 


(with  -rs)  removal. 


int  argc,  char  *argv[]. 


N U L L ; 


123 


apps/ pgpk/ main.c 


const  char  *typename; 


i n t 

removed  = 0 ; 

/ * 

Distinguish  what 

we  are  to  remove 

*/ 

i f 

(f  lags->argc  && 

strchr(flags->args. 

' s ' ) ) { 

remove  level 

= R I N G T Y P E_S I G ; 

/ * 

signature  * / 

typename  = 

"signature"; 

} e 

Ise  if  (flags->argc  &&  s t rch r ( f lags- 

>args,  ' u ' ) ) 

removelevel 

= R I N G T Y P E_N  AME; 

/* 

user  id  * / 

typename  = 

"user  ID"; 

> else  { 

removelevel 

= RINGTYPE_KEY; 

/* 

key  * / 

> 

typename  = 

" key  " ; 

/* 

Open  pub  and  sec 

key  rings  */ 

ma  i 

nOpenPubSec(env, 

Spub,  Spubring, 

&sec,  Ssecring, 

i f 

(Ipubring)  f 

fprintf  (stderr. 

i n 

pubring\n"); 

goto  cleanup; 

loadAllKeys(env,  1, 

0); 

/* 

Select  object  to 

remove  * / 

fprintf  (stderr,  "\n"); 

err  = s e l e c t R i n g 0 b j e c t ( e n v , argc,  argv,  pub,  pubring,  removelevel, 

prep,  stderr,  & o b j ) ; 

it  (err  < = 0) 

goto  cleanup; 


/*  err  holds  number  of  possible  objects  at  that  level  */ 
if  (removelevel  ==  R I N G T Y P E_N A M E &&  err  ==  1)  { 

err  = 0 ; 

fprintf  (stderr. 

Selected  key  has  only  one  user  ID,  can't  be  selected  %s\n",  prep); 

goto  cleanup; 

> 


/*  Confirm  removal  */ 
fprintf (stderr, 

"\nThe  following  %s  has  been  selected  %s:\n",  typename,  prep); 
objPrint(env,  obj,  stderr,  NULL); 

/*  See  if  key  is  on  private  ring  too  */ 

numseckeys  = secring  ? ringSetlsMemberlsecring,  obj)  : 0 ; 

if  (numseckeys)  { 

fprintf (stderr, 

"\nThis  %s  is  also  present  in  the  private  keyring. \n",  typename); 

fprintf(stderr, 

"Removing  it  will  remove  it  from  both  the  public  and  private  k e y r i n g s . \ n " \ 
"Do  you  want  to  remove  it  from  both  keyrings  ( y / N ) ? "); 

> else  { 

fprintf  (stderr, 

"\nAre  you  sure  you  want  this  %s  %s  (y/N)?  ",  typename,  prep); 

} 

if  (!pgpTtyGetBool(0,  stderr))  { 
fprintf  (stderr, 

"Removal  cancelled.  \n"); 
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err  = 0 ; 
goto  cleanup; 

> 

tprintf  (stderr,  "\n"); 

/*  Perform  removal,  but  don't  write  back  yet  */ 
keyfile  = ringSetCreate  (ringpool); 
if  (Ikeyfile)  { 

err  = ringPoolError(ringpool)->error; 
goto  cleanup; 

} 

err  = ringSetAddSetlkeyfile,  pubring); 
if  (err  < 0) 

goto  cleanup; 

err  = ringSetRemObjectlkeyfile,  obj); 
if  (err  < 0) 

goto  cleanup; 
ringSetFreeze  (keyfile); 
removed  = 1 ; 

if  (numseckeys)  f 

/*  Remove  from  private  key  ring,  don't  write  back  yet  */ 
seckeyfile  = ringSetCreate  (ringpool); 
if  (Iseckeyfile)  { 

err  = ringPoolError(ringpool)->error; 
goto  cleanup; 

> 

err  = ringSetAddSet(seckeyfile,  secring); 
if  (err  < 0) 

goto  cleanup; 

err  = ringSetRemObject(seckeyfile,  obj); 
if  (err  < 0) 

goto  cleanup; 

ringSetFreeze  (seckeyfile); 

> 

ringObjectRelease(obj  ); 

/*  Write  out  results  */ 

ma  i n R i n g N e w S e t (pub,  P G P_W  R I T E T R 1)  S T_P  U B , keyfile); 
keyfile  = NULL;  /*  Don't  destroy  this  */ 

if  (err  < 0 ) t 

fprintf  (stderr, 

"Error  - unable  to  update  key  file!\n"); 

goto  cleanup; 

> 

if  (numseckeys)  C 

mainRingNewSet  (sec,  P G P_W R I T E T R U S T_S E C , seckeyfile); 
seckeyfile  = NULL;  / * Don't  destroy  this  * / 

if  (err  < 0)  f 

fprintf  (stderr, 

"Error  - unable  to  update  private  key  file!\n"); 

goto  cleanup; 

> 

> 

/*  success  */ 
err  = 0; 

cleanup: 

if  (seckeyfile) 
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ringSetDestroyCseckeyfi  l e ) ; 
if  ( key f i L e ) 

ringSetDestroyCkeyfi  le); 
if  ( pu  b r i n g ) 

ringSetDestroy(pubring); 
if  (secring) 

ringSetDestroy(secring); 

/*  If  no  error  and  something  was  removed,  do  a maintenance  pass. 

This  causes  the  (new)  public  keyring  to  be  reopened  and  re-read, 
but  gives  us  the  correct  community  of  keys  to  be  validated.  */ 

if  (err  ==  0 SS  removed)  { 

/*  Close  and  write  out  current  keyrings  before  reopening  */ 

ringSetDestroy(allkeys); 

allkeys  = 0; 

mainCloseKeyrings(1,  1); 
reloadAllKeys  (env,  0,  1); 

err  = mainDoMaint  ((void  *)  ui_arg,  allkeys,  0,  NULL); 
fprintf  (stderr, 

"This  %s  has  now  been  removed  from  the  public  key  ring.\n",  typename); 

if  (numseckeys)  { 

fprintf  (stderr, 

"This  %s  has  also  been  removed  from  the  private  key  ring.  \ n",  typename); 

} 

} 

return  err; 


/ * 

* Issue 
*/ 

static  int 
doKeySign  (struct 
struct 

{ 


signature  on  a userlD 


PgpEnv  *env,  struct  Flags  *flags,  int  argc,  char  *argv[], 
PgpTtyUI  *ui_arg) 


RingSet  *pubring  = NULL; 

RingSet  *newpub  = NULL; 

RingSet  * t m p r i n g ; 

Ringlterator  * i t e r ; 

PgpSigSpec  *sigspec  = NULL; 
PgpSecKey  *secretKey  = NULL; 

*obj=NULL,  *ringobj  = 


to  be  signed"; 


NULL; 


struct 
struct 
struct 
struct 
struct 
struct 

union  RingObject 
char  const  *pub; 
int  level; 
int  err; 

const  char  *prep 
byte  key i d L 8 ] ; 
byte  pkalg; 

int  sigtype  = PG P_S I G T Y P E_KE Y_G E N E R I C ; 
char  const  *myname  = pg p e n vG e t S t r i n g (env, 

(void)flags; 


P G P E N V_M  Y N A M E , 
NULL,  NULL) 


/*  Open  pub  key  ring  */ 

mainOpenPubSec(env,  &pub,  Spubring,  NULL,  NULL,  stderr); 
if  (Ipubring)  { 
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fprintf  (stderr, 
"No  keys  in  pubri ng\n"  ) ; 

return  0; 

> 

L oadA L L Keys ( env,  1,  0); 


"Cannot 


/*  Find  secret  key,  make  sure  it  signs  */ 

ringobj  = r i n g L a t e s t S e c r e t (allkeys,  myname,  time(NULL), 

PGP_PKUSE_SIGN) ; 


if  (! ringobj)  f 

fprintf  (stderr, 

find  private  key  suitable  for  signing:  %s\n",  myname); 
ringSetDestroy(pubring); 
return  0; 


> 


secretKey  = r i n g S e c S e c Ke y (allkeys,  ringobj,  PG P_PKU S E_S I G N ) ; 
if  ( ! secretKey)  { 

fprintf  (stderr,  "Cannot  convert  to  private  key\n"); 
ringSetDestroy(pubring) ; 
return  0 ; 

> 

if  (!secretKey->sign)  { 

fprintf  (stderr,  "Private  Key  is  not  a signature  key\n"); 

ringSetDestroy(pubring); 

return  0; 

> 

/*  Data  to  check  for  duplicate  sigs  below  */ 
memcpy(keyid,  secretKey->keyID,  sizeof(keyid)); 
pkalg  = secretKey->pkAlg; 


/*  Select  object  to  sign  */ 

err  = s e l e c t R i n g 0 b j e c t ( e n v , argc,  argv,  pub, 

prep,  stderr,  & o b j ) ; 


if  (err  <=  0) 

return  err; 


pubri ng , 


R I N G T Y P E_N  AM  E , 


/*  Make  sure  it  doesn't  already  have  a sig  on  it  from  this  key  */ 
iter  = ringlterCreate(pubring); 
level  = ringIterSeekTo(iter,  obj); 
if  (level  < 0)  { 

ringSetDestroy(pubring); 
return  level; 

> 

+ + l e v e l ; 

while  (ringIterNextObject(iter,  level)  > 0)  { 
byte  sigidH8]; 
byte  sigpkalg; 

union  RingObject  *sig  = r i n g 1 1 e r C u r r e n t 0 b j e c t ( i t e r , level); 
assert(sig); 

if  ( r i ng 0 b j e c t Ty p e ( s i g ) !=  R I N G T Y P E_S I G ) 
continue; 

ringSigID8(pubring,  sig,  Ssigpkalg,  sigid); 
if  ( s i g p ka  l g = = p ka l g && 

memcmp ( s i g i d,  keyid,  s i z eof ( s i g i d ) ) ==0  &8 
r i n g S i g Ty p e ( p u b r i n g , sig)  ==  sigtype)  ( 

/*  Duplicate  */ 
fprintf  (stderr, 

"User  ID  is  already  signed  by  your  private  key\n"); 

ringlterDestroy(iter); 


127 


apps/ pgpk/ main.c 


ringSetDestroy(pubring); 
return  0 ; 


> 

ringlterDestroy(iter); 


/*  Confirm  signature  */ 
objPrint(env,  obj,  stderr,  NULL); 
fprintf(stderr, 

" \ n \ n " \ 

"READ  CAREFULLY:  Based  on  your  own  direct  first-hand  knowledge,  are\n"\ 
"you  absolutely  certain  that  you  are  prepared  to  solemnly  certify  that\n"\ 
"the  above  public  key  actually  belongs  to  the  user  specified  by  the\n"\ 
"above  user  ID  (y/N)?  "); 


if  ( ! pg pT t y G e t Bo o l ( 0 , stderr))  C 
fprintf  (stderr, 

"Key  sign  operation  cance  l led  . \n"  ) ; 

ringSetDestroy(pubring); 
return  0 ; 

> 

fprintf  (stderr, 

"\nYou  need  a pass  phrase  to  unlock  your  private  key.\n"); 
ui_arg->ringset  = allkeys; 

err  = pgpTtyUnlockSeckey  (ui_arg,  ringobj,  secretKey); 
r i ng 0 b j e c t R e l e a s e (ringobj); 
if  (err)  C 

fprintf  (stderr,  "Cannot  unlock  private  key\n"); 

ringSetDestroy(pubring); 

return  0 ; 

> 


/*  Actually  do  the  signature  */ 

sigspec  = pgpSigSpecCreate  (env,  secretKey,  sigtype); 

if  ( ! sigspec)  C 

ringSetDestroy(pubring); 
return  P G P E R R_N 0 M E M ; 

> 

newpub  = ringSetCreate  (ringpool); 

if  ( ! newpub)  { 

pgpSigSpecDestroy(sigspec); 
ringSetDestroy(pubring); 
return  P G P E R R_N OM E M ; 

> 

ringSetAddSet  (newpub,  pubring); 

ringSetDestroy(pubring); 

pubring  = NULL; 


if  ( ! rng) 

rng  = pgpRandomCreate  (); 

err  = ringSignObject  (newpub,  obj,  sigspec,  rng); 
pgpSigSpecDestroy(sigspec); 
ringSetFreeze(newpub); 
if  (err  < 0 ) 
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return  err; 

/*  Do  maintenance  pass  */ 

fprintf  (stderr,  "\n"); 

reloadALLKeys  (env,  0,  1 ) ; 

tmpring  = ringSetUnion(allkeys,  newpub); 

ringSetDestroy(allkeys); 

allkeys  = tmpring; 

err  = mainDoMaint  ((void  *)  ui_arg,  allkeys,  1,  allkeys); 
if  (err  < 0 ) 

return  err; 

/*  Write  out  results  */ 

mainRingNewSet  (pub,  P G P_W  R IT E T R U S T_P U B , newpub); 
newpub  = NULL;  / * Don't  destroy  this  * / 

fprintf  (stderr, 

"Key  signature  certificate  added. \n"); 
return  0; 

> 

/ * 

* Return  true  if  a key  has  been  revoked. 

*/ 

static  int 

ma i nKey Revoked  (struct  RingSet  const  *set,  union  RingObject  *obj) 

{ 

struct  Ringlterator  * i t e r ; 
byte  keyidC8],  keypkalg; 
int  level; 

assert  (ringObjectType(obj)  ==  R I N G T Y P E_K E Y ) ; 
ringKeyID8(set,  obj,  &keypkalg,  keyid); 

iter  = ringlterCreate(set); 
level  = ringIterSeekTo(iter,  obj); 
i f ( level  < 0)  { 

ringlterDestroy(iter); 
return  level; 

> 

++level; 

while  ( r i n g 1 1 e r N e x t 0 b j e c t ( i t e r , level)  > 0)  { 
byte  sigidC8H; 
byte  sigpkalg; 
int  sigtype; 

union  RingObject  *sig  = r i n g 1 1 e r C u r r e n t Ob j e c t ( i t e r , 
assert(sig); 

if  (ringObjectType(sig)  !=  R I N G T Y P E_S I G ) 
continue; 

r i n g S i g I D 8 ( s e t , sig,  Ssigpkalg,  sigid); 
if  ( m em c mp ( k e y i d , s i g i d , s i z e o f ( k ey i d ) ) ! =0  || 

sigpkalg  !=  keypkalg) 
continue; 

sigtype  = ringSigType(set,  sig); 
if  (sigtype  ==  PG P_S I GT Y P E_KE Y_C 0M P R 0M I S E ) l 
ringlterDestroy(iter); 
return  1;  /*  yes,  it  is  revoked  */ 

> 

> 


level); 
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ringlterDestroy(iter); 

return  0;  /*  no,  it  is  not  revoked  */ 


/ * 

* Given  a userlD  signature,  return  true  if  it  has  been  revoked. 

* aaa  Better  to  worry  more  about  validity  here? 

* / 

static  i n t 

ma  i nS  i gRevoked  (struct  RingSet  const  *set,  union  RingObject  *obj) 
{ 

struct  Ringlterator  * i t e r ; 
byte  keyidC8D,  pkalg; 
int  level; 

assert  (ringObjectType(obj)  ==  R I N G T Y P E_S I G ) ; 
ringSigID8(set,  obj,  Spkalg,  keyid); 

/*  Prepare  to  iterate  */ 
iter  = ringlterCreate(set); 
if  (liter) 

return  P G P E R R_N 0 M E M ; 
level  = ringIterSeekTo(iter,  obj); 
if  (level  < 0)  { 

ringlterDestroy(iter); 
return  level; 

> 


> 


/*  Loop  over  all  sigs  on  the  name  */ 
r i n g 1 1 e r R e w i nd ( i t e r , level); 

while  ((level  = r i n g 1 1 e r N e x 1 0 b j e c t (iter,  level))  > 0)  { 

union  RingObject  *sig  = r i n g 1 1 e r C u r r e n t Ob j e c t ( i t e r , 

byte  sigpkalg,  s i g i d C 8 3 ; 

assert(sig); 

if  ( r i n g 0 b j e c t Ty pe ( s i g ) !=  R I N G T Y P E_S I G ) 

continue; 

ringSigID8(set,  sig,  Ssigpkalg,  sigid); 
if  ( s i g p ka  l g = = p ka  l g && 

memcmp ( s i g i d,  keyid,  s i z e o f ( s i g i d ) ) = = 0 ) { 
int  type  = ringSigType(set,  sig); 
if  (type  ==  P G P_S I GTYPE_KEY_UI D_REV0KE ) f 
ringlterDestroy(iter); 
ringObjectRelease(sig); 
return  1;  / * revocation  found  * / 

> 

> 


> 

ringlterDestroy(iter); 

return  0;  / * no  revocation  found  * / 


/ * 

* Revoke  a key  or  a signature 

* / 

static  int 

doKeyRevoke  (struct  PgpEnv  *env,  struct 
struct  PgpTtyUI  *ui_arg) 


Flags  *flags,  int  argc,  char 


level); 


*argvC], 
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struct  RingSet  * p u b r i n g = NULL; 

struct  RingSet  * n e w p u b = NULL; 

struct  RingSet  *tmpring  = NULL; 

struct  Ringlterator  * i t e r ; 

struct  PgpSigSpec  *sigspec  = NULL; 

struct  PgpSecKey  *secretKey  = NULL; 

union  RingObject  *obj=NULL,  *seckeyobj  = NULL; 

char  const  * p u b ; 

i n t level; 

i n t err; 

const  char  *prep  = "to  be  revoked"; 
int  revokelevel; 
int  sigtype; 

/*  Distinguish  what  we  are  to  revoke  */ 

if  (f lags->argc  &&  strchrlf  lags->args/  ' s ' ) ) { 

revokelevel  = R I N G T Y P E_S I G ; /*  signature  on  a name  */ 

sigtype  = PG P_S I G T Y P E_KE Y_U I D_R E VOKE ; 

> else  { 

revokelevel  = R I NGT Y P E_KE Y ; /*  key  */ 
sigtype  = PG P_S I GT Y P E_KE Y_C OM P ROM  I S E ; 

> 


/*  Open  pub  key  ring  */ 

mainOpenPubSecCenv,  & p u b , Spubring,  NULL,  NULL,  stderr); 

if  (Ipubring)  f 

fprintf  (stderr, 

"No  keys  in  p u b r i n g \ n " ) ; 

return  0; 

> 

LoadAllKeysCenv,  1,  0); 

/*  Select  object  to  sign  */ 

err  = s e l e c t R i n g 0 b j e c t ( e n v , argc,  argv,  pub,  pubring,  revokelevel, 

prep,  stderr,  Sobj); 

if  (err  <=  0)  { 

ringSetDestroy(pubring); 
return  err; 

> 


/*  Display  it  for  him  */ 
o b j P r i n t ( e n v , obj,  stderr,  NULL); 

if  (revokelevel  ==  R I N G T Y P E_KE Y ) { 

/*  Make  sure  it  is  our  key  */ 
seckeyobj  = obj; 

secretKey  = ringSecSecKey  (allkeys,  obj,  0); 
if  (secretKey  ==  NULL)  { 
fprintf  (stderr, 

"You  don't  have  the  private  key  corresponding  to  that  key\n"); 

ringSetDestroy(pubring); 
return  0; 

> 

/*  Make  sure  it  hasn't  already  been  revoked.  */ 
if  ( ma i n Key R e vo k e d ( p u b r i ng , obj))  { 
fprintf  (stderr, 

"That  key  has  already  been  revoked\n"); 

ringSetDestroy(pubring); 
return  0; 
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> 

> else  { 

/*  Make  sure  we  have  a secret  key  for  this  sig  */ 
byte  keyidC8II,  pkalg; 

r i ng S i g I D8 ( pub r i ng , obj,  Spkalg,  keyid); 
seckeyobj  = ringKeyById8(allkeys,  pkalg,  keyid); 
if  (seckeyobj  ==  NULL)  ( 
fprintf  (stderr, 

"\nYou  don't  have  any  key  information  for  that  s i g na t u r e . \ n " ) ; 

ringSetDestroy(pubring); 
return  0 ; 

> 

secretKey  = r i n g S e c S e c Ke y (allkeys,  seckeyobj,  PG P_PKU S E_S I G N ) ; 
if  ( ! secretKey)  ( 

fprintf  (stderr, 

"\nYou  don’t  have  the  private  key  which  made  that  signature.  \n")  ; 

ringSetDestroy(pubring); 
return  0 ; 

> 

/*  Make  sure  it  hasn't  already  been  revoked  */ 
if  ( ma i n S i g R e vo ke d ( pu b r i n g , obj))  C 
fprintf  (stderr, 

"That  signature  has  already  been  revoked. \n"\ 

"Are  you  sure  you  want  to  add  another  revocation  certificate  (y/N)?  "); 

if  ( i pgpTtyGetBoo  l ( 0,  stderr))  ( 
fprintf  (stderr,  "\ 

Signature  revocation  cancel  led  . \ n"); 

ringSetDestroy(pubring); 
return  0; 


if  ( ! s e c r e t Ke y-> s i g n ) ( 
fprintf  (stderr. 

Private  key  is  not  a signature  key\n"); 

ringSetDestroy(pubring); 
return  0; 


/*  Confirm  signature  */ 
if  (revokelevel  ==  R I N G T Y P E_K  E Y ) { 
fprintf(stderr. 


" Vn"  \ 

"Do  you  want  to  permanently  revoke  your  public  key\n"\ 
"by  issuing  a secret  key  compromise  certificate  on  this 
> else  { 


fprintf(stderr, 

" \ n " \ 

"Do  you  want  to  revoke  this  signature  (y/N)?  "); 

> 


key 


(y/N  ) ? 


if  (!  pgpTtyGetBoo  l ( 0,  stderr))  { 
fprintf  (stderr, 

"Revoke  cancelled.  \n") ; 

ringSetDestroy(pubring); 
return  0; 
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if  (revokelevel  ==  R I NG T Y P E_S I G ) { 

/*  Get  parent  of  signature  object  to  receive  new  sig  */ 
iter  = ringlterCreate(pubring); 
if  (iter  ==  NULL)  i 

ringSetDestroy(pubring)  ; 
return  P G P E R R_N 0 M E M ; 

> 

Level  = ringIterSeekTo(iter,  obj); 
assertC  Level  > 0 ) ; 

obj  = ringIterCurrentObject(iter,  LeveL-1); 

assert (obj  ); 

ringlterDestroy(iter); 

> 

fprintf  (stderr, 

"\nYou  need  a pass  phrase  to  unlock  your  private  key.\n"); 
ui_arg->ri ngset  = allkeys; 

err  = pgpTtyUnlockSeckey  (ui_arg,  seckeyobj,  secretKey); 
r i n g Ob j e c t R e l e a s e (seckeyobj); 
if  (err)  { 

fprintf  (stderr,  "Cannot  unlock  private  key\n"); 

ringSetDestroy(pubring); 

return  0; 

> 

fprintf  (stderr,  "\n"); 

/*  Actually  do  the  signature  */ 

sigspec  = pgpSigSpecCreate  (env,  secretKey,  sigtype); 
if  ( ! sigspec)  { 

ringSetDestroy(pubring); 
return  P G P E R R_N  0 M E M ; 

> 

newpub  = ri ngSetCreate  (ringpool); 
if  ( ! newpub)  f 

pgpSigSpecDestroy(sigspec); 
ringSetDestroy(pubring); 
return  P G P E R R_N 0 M E M ; 

> 

ringSetAddSet  (newpub,  pubring); 
ringSetDestroy(pubring); 
pubring  = NULL; 

if  ( ! rng) 

rng  = pgpRandomCreate  (); 

err  = ringSignObject  (newpub,  obj,  sigspec,  rng); 
pgpSigSpecDestroy(sigspec); 
ringSetFreeze(newpub); 
if  (err  < 0) 

return  err; 

/*  Do  maintenance  pass  */ 
reloadAllKeys  (env,  0,  1 ) ; 

tmpring  = ringSetUnion(allkeys,  newpub); 
ringSetDestroy(al  Ikeys); 
allkeys  = tmpring; 

err  = mainDoMaint  ((void  *)  ui_arg,  allkeys,  1,  allkeys); 
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if  (err  < 0 ) 

return  err; 

/*  Write  out  results  */ 

mainRingNewSet  (pub,  P G P_W R I T E T R U S T_P U B , newpub); 
newpub  = 0;  / * Don't  destroy  this*/ 

fprintf  (stderr, 

"Key  revocation  certificate  added. \n"); 
return  0 ; 

> 


static  int 

ma  i n P r o c e s s F l a g s (struct  Flags  *flags,  struct  PgpEnv  *env,  int  argc, 

char  *argvCD,  PgpTtyUI  *ui_arg) 

{ 

switch  (flags->opt)  { 
case  ' a ' : 

return  doKeyAdd  (env,  argc,  argv,  ui_arg); 
break; 

return  doKeyCheck  (env,  flags,  argc,  argv,  ui_arg); 
break; 

return  doKeyDisable  (env,  argc,  argv,  ui_arg); 
break; 

return  doKeyGenerate  (env,  argc,  argv,  ui_arg); 
break; 

return  doKeyRevoke  (env,  flags,  argc,  argv,  ui_arg); 
break; 


case  ' c 


case  ' d 


case  g 


case  ' k 


case  ' l 1 : 

return  doKeyList  (env,  flags,  argc,  argv,  ui_arg); 
break; 
case  ' r 1 : 

return  doKeyRemove  (env,  flags,  argc,  argv,  ui_arg ) ; 
break; 

return  doKeySign  (env,  flags,  argc,  argv,  ui_arg); 
break; 

return  doKeyExtract  (env,  flags,  argc,  argv,  u i _a  r g ) ; 
break; 


case  e 


default: 


return  doKeyEdit  (env,  flags,  argc,  argv,  ui_arg); 
break; 

exi  tUsage(O); 


/*  NOTREACHED  */ 
return  0; 


/*  Clean  up  allocated  space  (like  the  pipeline  and  the  rng)  on  exit  */ 
static  void 
mainExit  (void) 

{ 

if  (passcache) 
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pg p Pa s s C a c h e D e s t r oy  (passcache); 
passcache  = NULL; 

if  (ringpool) 

ringPoolDestroy  (ringpool)  ; 
ringpool  = NULL; 

if  (rng) 

pgpRandomDestroy  (rng); 
rng  = NULL; 

return; 

> 


i n t 

appMain  (int  argc,  char  *argv[]) 
{ 

struct  PgpUICb  ui; 
struct  PgpTtyUI  ui_arg; 
struct  Flags  flags; 
struct  PgpEnv  * e n v ; 
int  retval; 

atexit(mainExit); 


/ * 
u i 
u i 
u i 
u i 
u i 
u i 
u i 


Setup  the  UI  callback  functions  */ 
message  = pg pT t y M e s s a g e ; 
doCommit  = pgpTtyDoCommit; 
newOutput  = pgpTtyNewOutput; 
needlnput  = pgpTtyNeedlnput; 
sigVerify  = pgpTtySigVerify; 
eskDecrypt  = pgpTtyEskDecrypt; 
annotate  = NULL; 


/*  Setup  the  TTY  UI  argument  */ 

ui_arg. verbose  = 1; 

ui_arg . f p = stdout; 

ui_arg . ri ngset  = NULL; 

ui_arg . showpass  = 0; 

ui_arg .commits  = -1; 


/*  Initialize  the  application  from  config  files,  etc.  */ 

retval  = pgpInitApp  (Senv,  Sargc,  &ui,  &ui_arg,  E X I T_P  R 0 G_PG  P K , 1); 

if  (retval)  f 

fprintf  (stderr,  "pgpInitApp  failed:  %d\n",  retval); 
goto  error; 

> 

/*  Now  initialize  the  values  that  need  initialization  */ 
u i _a  rg.env  = env; 

ui_arg. passcache  = passcache  = pgpPassCacheCreate  (env); 

/*  Check  the  exiration  date  on  the  application  */ 
e x i t E x p i r y C h e c k (env); 

#if  d e f i n e d ( U N I X ) ||  d e f i n ed ( VM S ) 

umask(077);  /*  Make  files  default  to  private  * / 

# e n d i f 
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memset  (Sflags,  0,  sizeof  (flags)); 

mainParseArgs  (Sui,  Sui_arg,  env,  Sargc,  argv,  Sflags); 

/ * 

* Set  variables  which  may  have  been  set  on  the  command  line. 

* / 

ui_arg . showpass  = pgpenvGetlnt  (env,  PG P E N V_S H 0 W P A S S , NULL,  NULL); 
flags,  doarmor  = pgpenvGetlnt  (env,  PGPENV_ARM0R,  NULL,  NULL); 

/*  Open  the  keyrings  and  process  the  flags  */ 
ringpool  = ringPoolCreate  (env); 
if  ( ! ringpool ) { 

fprintf  (stderr,  "Cannot  create  RingPoolXn"); 
retval  = PG P E R R_N 0M E M ; 
goto  error; 

> 

retval  = mainProcessFlags  (Sflags,  env,  argc,  argv,  Sui_arg); 
if  (retval)  C 

fprintf  (stderr,  "Error:  %s\n",  pgperrString  (retval)); 

> 

if  (allkeys)  { 

ringSetDestroy(al Ikeys) ; 
allkeys  = 0; 

> 


error: 


> 


return  retval; 


sigvrfy/ 


apps/sigvrly/ 
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.cvsignore 


M a k e f i L e 
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Makefile. in 

# 

# apps  / sigvrfy 

# 

# $ I d : Makefi  Le.in,v  1.3  1 996/1  1 /1  2 01:42:32  mhw  Exp  $ 

# 

P R 0 6 = sigvrfy 

0 B J S = sigvrfy. o 

all::  $ ( PROG ) 
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makefile.msc 

0 B J S = sigvrfy. obj 

L I B S = . . \ com L i b . I i b . . \ \ L i b \ p g p 1 1 y . L i b . .\.  .\Lib\pgpLib.  lib  \ 

. .\. .\Lib\bnlib.  Lib 

all:  sigvrfy.exe 

sigvrfy.exe:  $(0BJS) 

$(CC)  -o  sigvrfy  $(0BJS)  $(LIBS)  /link  /debug  / d e bug t y pe  : bo t h 

. c . ob  j : 

$(CC)  $(CFLAGS)  -11  -I  . . \ . . \ i nc lude  - 1 . . \ \ i n c l u d e \ p g p \ 

-I . . \common  - D H A V E_C 0 N F I G_H  -c  $< 

clean: 

del  * . ob  j 
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sigvrfy.c 


/ * 

* sigvrfy.c  --  Verify  a Separate  Signature  on  a file.  A subset 

* of  dectest. 


* Written  by:  Derek  Atkins  < w a r l o r d S)M  I T . E D U > 

* 


* $ I d : s 

* / 

i gvrf y . c,v  1.20  1 996/1  1 /I  2 

//include 

<stdio.h> 

//include 

"pgp/fi lemod.h" 

#i nc lude 

"pgp/pipeline.h" 

/^include 

"pgp/pgpenv . h" 

//include 

"pgp/pgperr . h" 

//include 

"pgp/pgpfi le . h" 

//include 

"pgp/pgpui . h" 

//include 

"pgp/ringpub.h" 

# i n c l ud  e 

"pgp/ringread.h" 

# i nc l ude 

" pgp/ s i gpi pe . h " 

# i nc  l ude 

"pgp/userio.h" 

static  void 

usage  (char  *whoami) 

printf  ("usage:  %s  sigfile  textfile\n",  whoami); 


static  i n t 

openPumpFile  (char  const  *f i lename,  struct  PgpPipeline  *head) 

{ 

FILE  * i n p u t ; 

struct  PgpFileRead  * c t x ; 
int  error  = 0 ; 

input  = fopen  (filename,  "rb"); 
if  ( ! input)  f 

printf  ("Cannot  open  file  %s  for  readingXn",  filename); 
return  - 1 ; 

> 

ctx  = pgpFileReadCreate  (input,  1 ) ; 
if  ( ! ctx)  { 

printf  ("pgpFileReadCreate  failed\n"); 
return  - 1 ; 

> 

error  = p g p F i l e R e a d P urn p (ctx,  head); 
if  (error)  C 

printf  ( " pg p F i l e R e a d Pump  returned  %d:  %s\n",  error, 
pgperrString  (error)); 
return  error; 

> 

pgpFileReadDestroy  (ctx); 
return  0; 

> 
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i n t 

main  (int  argc,  char  *argvCl) 

{ 

struct  PgpUICb  ui; 
struct  PgpTtyUI  ttyui; 

struct  PgpPipeline  *sighead  = NULL,  *texthead  = NULL; 

struct  PgpEnv  * e n v ; 

struct  RingPooL  * p o o l ; 

struct  RingFile  *pubring; 

struct  RingSet  const  *ri ngset  = NULL; 

FILE  *pubffile; 

struct  PgpFile  *pubfile; 

char  *sigfile  = NULL,  * t e x t f i l e = NULL; 
int  error,  a rg; 


env  = pgpenvCreate  (); 

/*  Parse  the  arguments  */ 
for  (arg  = 1;  arg  < argc;  arg++)  { 
if  (sigfile  ==  NULL)  f 

sigfile  = a r g v [ a r g 1 ; 

> else  if  (textfile  ==  NULL)  C 

textfile  = argvtarg]; 

> else  f 

usage  (argvCO]); 
return  - 1 ; 


if  (Itextfile  &&  Isigfile)  { 
usage  (argvCO]); 
return  -1; 

> 


pool  = ringPoolCreate(env); 
if  ( ! poo  L ) { 

printf  ("Cannot  create  RingPool\n"); 
return  -1; 

> 


pubffile  = fopen(" pubring,  pgp",  "rb"); 

pubfile  = pgpFileReadOpen  (pubffile,  NULL,  NULL); 

if  (pubfile)  C 

pubring  = ringFileOpen(pool,  pubfile,  1,  Serror); 
if  (error)  ■( 

printf  ( " r i ng F i l eOpen  returned  %d:  %s\n", 
pgperrString(error)  ); 


> 


i f 

> else  { 


(pubring) 

ri ngset 


ringFi  leSet(pubring); 


> 


printf  ("Cannot  open  pubring.pgp\n"); 


error. 


u i 
u i 
u i 
u i 
u i 
u i 
u i 


message  = pgpTtyMessage; 
doCommit  = pgpTtyDebugCommit; 
newOutput  = pgpTtyNewOutput; 
needlnput  = pgpTtyNeedlnput; 
sigVerify  = pgpTtySigVerify; 
eskDecrypt  = pg pT t y E s k D e c ry p t ; 
annotate  = pgpTtyDebugAnnotate; 
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1 1 y u i 
1 1 y u i 
1 1 y u i 
t tyu  i 
t tyu  i 


verbose=3; 
fp  = stdout; 
ringset  = ringset; 
showpass  = 0; 
env  = env; 


if  ( ! pgpSi gnatureVeri f yCreate  (Stexthead,  Ssighead,  env, 

NULL,  0,  0,  Sui,  Sttyui)) 
printf  ("Cannot  create  decryption  pipeline\n"); 
return  - 1 ; 

> 


error  = openPumpFile  (sigfile,  sighead); 
if  (error) 

goto  cleanup; 

error  = openPumpFile  (textfile,  texthead); 
cleanup: 

si ghead->teardown  (sighead); 
t e x t h e a d-> t e a r d o w n (texthead); 


> 


return  error; 


NULL, 
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config.h.in 

/ * 

* config.h  --  Configuration  for  PGPlib.  This  file  contains 

* the  configuration  information  for  PGP,  and  it  should  be 

* included  in  all  PGP  source  files. 

* 

* Sid:  config.h. in, v 1.7  1996/11/12  01:42:21  mhw  Exp  $ 

* / 

/*  Define  to  empty  if  the  compiler  does  not  support  'const'  variables.  */ 
#undef  const 

/*  Define  to  'long'  if  < s y s / t y p e s . h > doesn't  define.  */ 

//undef  of  f_t 

/*  Define  to  'unsigned'  if  < s y s / t y p e s . h > doesn't  define.  */ 

//undef  siz  e_t 

/*  Define  if  you  have  the  ANSI  C header  files.  */ 

//define  STD  C_H  E A D E R S 0 

/*  Checks  for  various  specific  header  files  */ 

//define  H A V E_F  C N T L_H  0 
//define  H A V E_L I M I T S_H  0 
//define  H A V E_S T D A R G_H  0 
//define  H A V E_S T D L I B_H  0 
//define  H A V E_U N I S T D_H  0 
//define  H A V E_S Y S_I 0 C T L_H  0 
//define  H A V E_S Y S_T I M E_H  0 
//define  H A V E_S Y S_T I M E B_H  0 
//define  H A V E_S Y S_P A R A M_H  0 

/*  Check  if  <sys/time.h>  is  broken  and  //includes  <time.h>  wrong  */ 

# d e f i n e TIME  WITH  SYS  TIME  0 


/*  Checks  for  various  functions  */ 
tfdefine  H A V E_G E T H RT I M E 0 
tfdefine  H A V E_C L0 C K_G E TT I M E 0 
//define  H A V E_C  L 0 C K_G  E T R E S 0 
//define  H A V E_G  E T T I M E 0 F D A Y 0 
//define  H A V E_G  E T I T I M E R 0 
//define  H A V E_S  E T I T I M E R 0 
//define  HAVE  FTIME  0 


/ * Define  "UNIX" 
//if  defined  (unix) 
# i f n d e f UNIX 
//define  UNIX  1 
# end i f 
//end  i f 


if  we  are  on  UNIX  and  "UNIX"  is  not  already  defined  */ 
| | definedl unix)  | | defined  ( unix ) 
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' 


' 


' 
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config. guess 

ft  ! / b i n / s h 

ft 

ft  $Id:  config. guess, v 1.3. 2.1  1996/11/14  04:09:19  cbertsch  Exp  $ 

ft 

ft  Attempt  to  guess  a canonical  system  name. 

ft  Copyright  (C)  1992,  93,  94,  95,  1996  Free  Software  Foundation,  Inc. 

ft 

ft  This  file  is  free  software;  you  can  redistribute  it  and/or  modify  it 
ft  under  the  terms  of  the  GNU  General  Public  License  as  published  by 
ft  the  Free  Software  Foundation;  either  version  2 of  the  License,  or 
ft  (at  your  option)  any  later  version. 

ft 

ft  This  program  is  distributed  in  the  hope  that  it  will  be  useful,  but 
ft  WITHOUT  ANY  WARRANTY;  without  even  the  implied  warranty  of 
ft  MERCHANTABILITY  or  FITNESS  FOR  A PARTICULAR  PURPOSE.  See  the  GNU 
ft  General  Public  License  for  more  details. 

ft 

ft  You  should  have  received  a copy  of  the  GNU  General  Public  License 
ft  along  with  this  program;  if  not,  write  to  the  Free  Software 

ft  Foundation,  Inc.,  59  Temple  Place  - Suite  330,  Boston,  MA  02111-1307,  USA. 

# 

ft  As  a special  exception  to  the  GNU  General  Public  License,  if  you 
ft  distribute  this  file  as  part  of  a program  that  contains  a 
ft  configuration  script  generated  by  Autoconf,  you  may  include  it  under 
ft  the  same  distribution  terms  that  you  use  for  the  rest  of  that  program. 

ft  Written  by  Per  Bothner  <bothneracygnus.com>. 

ft  The  master  version  of  this  file  is  at  the  FSF  in  / h o m e / g d / g n u / l i b . 

ft 

ft  This  script  attempts  to  guess  a canonical  system  name  similar  to 
ft  config. sub.  If  it  succeeds,  it  prints  the  system  name  on  stdout,  and 
ft  exits  with  0.  Otherwise,  it  exits  with  1. 

ft 

ft  The  plan  is  that  this  can  be  called  by  configure  scripts  if  you 
ft  don't  specify  an  explicit  system  type  (host/target  name). 

ft 

ft  Only  a few  systems  have  been  added  to  this  list;  please  add  others 
ft  (but  try  to  keep  the  structure  clean). 
ft 

ft  This  is  needed  to  find  uname  on  a Pyramid  OSx  when  run  in  the  BSD  universe. 
ft  (ghazianoc.rutgers.edu  8/24/94.) 

if  (test  -f  /.attbin/uname)  >/dev/null  2 > S 1 ; then 

PATH  = $PATH  : / . attbi n ; export  PATH 
f i 

UNAME_MACHINE= ' (uname  -m)  2>/dev/null'  ||  U N A M E_M A C H I N E = u n k n o w n 
UNAME_RELEASE= '( uname  -r)  2>/dev/null'  | | U N AM E_R E LE A S E = u n kn o w n 
UNAME_S YSTEM= '( uname  -s)  2>/dev/null'  |j  UNAME_SYSTEM=unknown 
U N AM E_V E R S I 0 N= ' ( u n a me  -v)  2>/dev/null'  ||  U N A M E_V E R S I 0 N = u n k n o w n 

trap  ' rm  -f  dummy. c dummy. o dummy;  exit  1'  1 2 15 

ft  Note:  order  is  significant  - the  case  branches  are  not  exclusive. 

case  "${UNAME_MACHINE> : $ { U N A M E_S Y S T E M > : $ { U N AM E_R E L E A S E > : $ { U N A M E_V E R S I 0 N > " i n 
alpha:OSFl  : C VX ] * : * ) 

ft  After  1.2,  0SF1  uses  " V 1 . 3 " for  uname  -r. 


146 


config/ config.  guess 


# After  4.x,  0SF1  uses  "X4.x"  for  uname  -r. 

echo  a Lpha-dec-osf ' echo  $ { U N AM E_R E L E A S E > | sed  -e  ' s / A C VX ] / / ' ' 

exit  0 ; ; 
alpha:0SF1  :*:*) 

ft  1.2  uses  "1.2"  for  uname  -r. 
echo  alpha-dec-osf${UNAME_RELEASE> 
exit  0 ; ; 

21064:Windows_NT : 5 0 : 3 ) 

echo  a t p h a -d e c - w i n n t 3 . 5 
exit  0 ; ; 

Amiga*:UNI X_Sy s t em_V : 4 . 0 : * ) 
echo  m68k-cbm-sysv4 
exit  0 ; ; 

amiga:NetBSD:*:*) 

echo  m68k-cbm-netbsd${UNAME_RE LEASE} 

exit  0 ; ; 

arm:RISC*:1  .L012]*:*|arm:riscix:1  .L012II*:*) 
echo  arm-acorn-riscix${UNAME_RELEASE} 
exit  0 ; ; 

Pyramid*:OSx*:*:*) 

if  test  "'(/bin/universe)  2>/dev/nuLL'"  = att  ; then 
echo  py r a m i d-py r a m i d- s y s v 3 

else 

echo  py r a m i d-py r a m i d-b s d 
f i 

exit  0 ; ; 

sun4*  : SunOS : 5 . * : * ) 

echo  sparc-sun-solari s2  1 echo  $ { U N AM E_R E LE A S E } | s e d -e  's/CA. ]*//'' 

exit  0 ; ; 

i86pc:SunOS:5.*:*) 

echo  i 3 8 6- u n kno w n- s o l a r i s 2 ' e c h o $ t U N AM E_R E LE A S E } | s e d -e  ' s / C A .]*//'  1 
exit  0 ; ; 
sun4*:SunOS:6*:*) 

ft  According  to  config. sub,  this  is  the  proper  way  to  canonicalize 
ft  SunOS6.  Hard  to  guess  exactly  what  SunOS6  will  be  like,  but 
U it's  likely  to  be  more  like  Solaris  than  SunOS4. 

echo  s pa r c-s un-s o l a r i s 3 ' e c h o $ { U N AM E_R E L E A S E > | s e d -e  's/CA.  ]*//'' 
exit  0 ; ; 
sun4* : SunOS : * : *) 

case  '"/usr/bin/arch  -k'"  in 
Series*|S4*) 

UNAME  RELEASE^  ' uname  -v ' 


e s a c 

ft  Japanese  Language  versions  have  a version  number  like  '4.1.3-JL'. 
echo  sparc-sun-sunos ' echo  $ { U N AM E_R E L E A S E } | s ed  -e  1 s /-/_/' ' 
exit  0 ;; 
sun3*:SunOS:*:*) 

echo  m68k-sun-sunos${UNAME_RELEASE> 
exit  0 ; ; 

atari*:NetBSD:*:*) 

echo  m68k-atari-netbsd${UNAME_RELEASE> 
exit  0 ; ; 
sun3*:NetBSD:*:*) 

echo  m68k-sun-netbsd${UNAME_RELEASE> 

exit  0 ; ; 

mac68k:NetBSD:*:*) 

echo  m68k-app l e-net b s d $ { U N AM E_R E LEASE} 

exit  0 ; ; 
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RISC* : ULTRIX : * : *) 

echo  mips-dec-uLtrix$CUNAME_RELEASE> 

exit  0 ; ; 

VAX* : ULTRIX* : * : *) 

echo  vax-dec-ultrix${UNAME_RELEASE) 
exit  0 ;; 
mi ps : * : 4*  : UMIPS ) 

echo  mi ps-mi ps-r i s cos4sysv 
exit  0 ; ; 
mips:*:5*:RISCos) 

echo  mips-mips-riscos${UNAME_RELEASE> 

exit  0 ; ; 

Night_Hawk:Powe  r_U  NIX:*:*) 

echo  powe rpc-ha r r i s-powe run  i x 
exit  0 ; ; 
m88k : CX/UX : 7* : * ) 

echo  m88 k- h a r r i s - c x ux 7 
exit  0 ; ; 
m88k:*:4*:R4*) 

echo  m8 8 k-mo t o r o l a -s y s v4 
exit  0 ; ; 
m88k:*:3*:R3*) 

echo  m8 8 k-mo t o r o L a - s y s v3 

exit  0 ; ; 

AViiON:dgux:*:*) 

ft  DG/UX  returns  AViiON  for  all  architectures 
UNAME_PROCESSOR= ' uname  -p ' 

if  C $UNAME_PROCESSOR  = mc88100  -o  $ U N A M E_P R 0 C E S S 0 R = mc88100  1 ; 
if  [ $ { T A R G E T_B INARY_INTERFACE>x  = m88kdguxelfx  \ 

-o  $ C T A R G E T_B INARY_INTERFACE>x  = x 3 ; then 
echo  m88k-dg-dgux$CUNAME_RELEASE> 

else 

echo  m88k-dg-dguxbcs${UNAME_RELEASE> 
f i 

else  echo  i 5 86-dg-d g u x $ { U N AM E_R E LE A S E > 
f i 

exit  0 ; ; 

M 8 8 * : D o l p h i n 0 S : * : * ) ft  DolphinOS  (SVR3) 
echo  m88k-do l ph i n-sys v3 
exit  0 ; ; 

M88* : * : R3* : * ) 


ft  Delta  88k  system  running  SVR3 
echo  m8 8 k-mo t o r o l a- s y s v 3 
exit  0 ; ; 

XD88*:*:*:*)  # Tektronix  XD88  system  running  UTekV  (SVR3) 
echo  m8 8 k- t e k t r on i x- s y s v3 
exit  0 ; ; 

T e k 43  C 0-9  H C 0-9  ] : UT  e k : * : * ) ft  Tektronix  4300  system  running  UTek  (BSD) 
echo  m6 8 k- t e k t r o n i x-b s d 
exit  0 ; ; 

*:  IRIX*:*:*) 


echo  mips-sgi-irix 
exit  0 ;; 

????????:  AIX?  : Cl  20  . 1 :2) 
echo  romp-ibm-aix 
exit  0 ; ; 
i [ 3 4 0 8 6 : A I X : * : * ) 

echo  i386-ibm-aix 
exit  0 ; ; 


echo  $TUNAME_RELEASE> | sed  -e  ' s / - /_/ g ' ' 

ft  AIX  2.2.1  or  A I X 2.1.1  is  RT/PC  AIX. 
ft  uname  -m  gives  an  8 hex-code  CPU  id 
ft  Note  that:  echo  'uname  -s'1"  gives 


'AIX 


then 
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* : AIX  : 2 : 3 ) 

if  grep  bos325  /usr/include/stdio.h  >/dev/null  2 > & 1 ; then 
sed  's/A  //'  <<  EOF  >dummy.c 

#include  < s y s / s y s t e m c f g . h > 


EOF 


m a i n ( ) 

if  (! power_pc( ) ) 

ex i t ( 1 ) ; 

puts("powerpc-ibm-aix3.2.5"); 
e x i t ( 0 ) ; 

> 

${CC-cc>  dummy. c -o  dummy  \ 

&&  ./dummy  &&  rm  dummy. c dummy  \ 

&&  exit  0 

rm  -f  dummy. c dummy 
echo  r s 60 00- i bm-a i x 3 . 2 . 5 

elif  grep  bos324  /usr/include/stdio.h  >/dev/null  2>&1;  then 
echo  r s 6000- i bm-a i x 3 . 2 . 4 

else 

echo  r s6000-i bm-a i x3 . 2 
f i 

exit  0 ; ; 

* : AIX : * : 4) 

if  /usr/sbin/lsattr  -EHl  procO  | grep  POWER  >/dev/null  2>&1;  then 
I BM_A  RCH  = rs6000 

else 

I BM_A  RCH=powerpc 
f i 

if  C -x  /usr/bin/oslevel  0 ; then 
I BM_R  E V = ' /usr/bin/oslevel  1 

else 

I BM_R  E V = 4 . $fUNAME_RE LEASE} 
f i 

echo  $ f I B M_A  R C H } - i bm-a i x$f IBM_REV> 

exit  0 ; ; 

* : A I X : * : * ) 

echo  r s 6000- i bm-a i x 

exit  0 ; ; 

ibmrt:4.4BSD:*| romp-ibm:BSD:*) 
echo  r o m p - i bm - b s d 4 . 4 
exit  0 ; ; 

i bm r t : * B S D : * | r omp- i bm : B S D : * ) # covers  RT/PC  NetBSD  and 

echo  r omp- i bm- b s d $ { U N AM E_R E LE A S E > # 4.3  with  uname  added  to 

exit  0 ;;  # report:  romp-ibm  BSD  4.3 

*:B0SX:*:*) 

echo  r s 60 00-bu  l l -bo s x 

exit  0 ;; 

DPX/2?00:B.0.S. :*:*) 

echo  m6 8 k-bu l l - s y s v 3 
exit  0 ; ; 

9000/L34D?? :4.3bsd: 1 .*:*) 
echo  m68k-hp-bsd 
exit  0 ; ; 

hp300 : 4 . 4BS D : * : * | 9 0 0 0 / [ 3 4 0 ? ? : 4 . 3 b s d : 2 . * : * ) 

echo  m68 k- h p-b s d4 . 4 

exit  0 ; ; 

9000/C34783?? : HP-UX  :*:*) 
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EOF 


case  "${UNAME_MACHINE>"  in 

9000/31  ? ) H P_A  RCH  = m68000  ;; 

9000/ [ 340 ? ? ) HP_ARCH=m68k  ;; 

9000/7??  | 9000/8?C679D  ) H P_A R C H = h p p a 1 . 1 ;; 

9000/8??  ) H P_A  RCH  = hppa1  .0  ;; 

e s a c 

HPUX_REV= ' echo  $ { U N A M E_R E L E A S E > | s e d -e  ' s / [ A . 1 * . I OB  0 * / / ' ' 
echo  ${HP_ARCH>-hp-hpux${HPUX_REV> 
exit  0 ; ; 

3050*:HI-UX:*:*) 


sed  's/A  //'  <<  EOF  >dummy.c 

#include  <unistd.h> 
i n t 

main  ( ) 

{ 


> 


Long  cpu  = sysconf  (_S C_C P U_V E R S I 0 N ) ; 

/*  The  order  matters,  because  C P U_I S_H P_M C 6 8 K erroneously  returns 
true  for  C P U_P A_R I S C 1 _0 . C P U_I S_P A_R I S C returns  correct 
results,  however.  */ 
if  ( CPU_IS_PA_RISC  (cpu)) 

{ 

switch  (cpu) 


case  CPU_PA_RISC1_0 : 
case  CPU_PA_RISC1_1 : 
case  CPU_PA_RISC2_0 : 
default:  puts  ("hppa 


puts  ("hppal .0-hitachi-hiuxwe2"); 
puts  ("hppal .1-hitachi-hiuxwe2"); 
puts  ("hppa2.0-hitachi-hiuxwe2"); 
hitachi-hiuxwe2");  break; 


break; 

break; 

break; 


> 


else  if  ( CPU_IS_HP_MC68K  (cpu)) 
puts  ("m68k-hitachi-hiuxwe2"); 
else  puts  ("unknown-hitachi-hiuxwe2"); 
exit  ( 0 ) ; 


$-(CC-cc>  dummy. c -o  dummy  &&  ./dummy  &&  rm  dummy. c dummy  &&  exit  0 

rm  -f  dummy. c dummy 

echo  u n k n o w n - h i t a c h i - h i u x w e 2 

exit  0 ;; 

9000/7? ?: 4 . 3bsd  :*:  * | 9 0 0 0 / 8 ? C 7 9 H : 4 . 3 b s d : * : * ) 
echo  hppa 1 . 1 -hp-bsd 
exit  0 ; ; 

9000/8??:4.3bsd:*:*) 

echo  h ppa 1 . 0- h p- b s d 
exit  0 ;; 

hp7? ? : OS  FI  : * : * | hp8?C79D:0SF1  :*:*  ) 

echo  h ppa 1 . 1 - h p-o s f 
exit  0 ; ; 

hp8??:0SF1 :*:*) 

echo  h ppa 1 . 0- h p-o s f 
exit  0 ; ; 

parisc*:Lites*:*:*) 

echo  h ppa 1 . 1 - h p- l i t e s 
exit  0 ;; 

C 1 * : C o n v e x 0 S : * : * | c o n v e x : C on v e x 0 S : C 1 * : * ) 

echo  c 1 - c o n v e x - b s d 
exit  0 ;; 

C2* : ConvexOS  : * : * | c o n v e x : C o n v e x 0 S : C 2 * : * ) 

if  getsysinfo  -f  scalar_acc 
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then  echo  c32-convex-bsd 
else  echo  c 2 - c on v e x-b s d 
f i 

exit  0 ;; 

C34* : ConvexOS  :*:  * | c o n v e x : C o n v e x 0 S : C 34 * : * ) 
echo  c34-convex-bsd 
exit  0 ;; 

C38* : ConvexOS * | convex : ConvexOS : C38* :* ) 

echo  c38-convex-bsd 

exit  0 ; ; 

C 4* : C on v e x 0 S : * : * | c o n v e x : C o n v e x 0 S : C 4 * : * ) 
echo  c4-convex-bsd 
exit  0 ; ; 

CRAY *X-MP  : *:*:*) 

echo  xmp-cray-unicos 

exit  0 ; ; 

C RAY* Y-MP : *:*:*) 

echo  ymp-cray-uni cos$CUNAME_RELEASE> 
exit  0 ; ; 

CRAY*C90:*:*:*) 

echo  c90-c ray-uni c o s $ { U N AM E_R E L E A S E > 
exit  0 ; ; 

CRAY  — 2:*:*:*) 

echo  cray2-cray-uni cos 
exit  0 ; ; 

hp3C0-93C053:NetBSD:*:*) 

echo  m68k-hp-netbsd$CUNAME_RE LEASE} 
exit  0 ; ; 

iC34J86:BSD/386:*:*  | *:BSD/0S:*:*) 

echo  $CUNAME_MACH I N E > - u n k n o w n - b s d i $ { U N A M E_R E L E A S E > 
exit  0 ; ; 

*:  FreeBSD:*:*) 

echo  $ { U N AM E_M A C H I N E > -u n kn o w n- f r e e b s d ' e c h o \ 

$CUNAME_RELEASE> | sed  -e  ' s / t -(□.*//'  ' 

exit  0 ; ; 

*:NetBSD:*:*) 

echo  $ { U N AM E_M A C H I N E > -u n k no w n-n e t b s d ' e c h o \ 

$CUNAME_RELEASE> | sed  -e  ' s / L -_J . * / \ . / 1 ' 

exit  0 ; ; 
i * : CYGWIN*  : *) 

echo  i 386-unknown-cygw i n32 
exit  0 ; ; 
p* : CYGWIN* : * ) 

echo  po w e r p c l e-u n kn o wn- c y g w i n 3 2 

exit  0 ; ; 

* : G N U : * : * ) 

echo  'echo  $ { U N AM E_M A C H I N E > | s ed  -e  1 s ,/.*$,, 1 ' -un known-gnu ' e c ho  \ 

${UNAME_RELEASE> | sed  -e  's,/.  *$,,'' 

exit  0 ; ; 

*:  Linux:*:*) 

# The  BFD  linker  knows  what  the  default  object  file  format  is,  so 

# first  see  if  it  will  tell  us. 

I d_h e l p_s t r i ng = ' l d --help  2 > & 1 ’ 

if  echo  " $ l d_h e l p_s t r i n g " | grep  >/dev/null  2>&1  \ 

"supported  emulations:  e l f_i C 34 5 ] 86 " ; then 
echo  " $ { U N A M E_M A C H I N E > -u n kn o wn- l i n u x " ; exit  0 
elif  echo  " $ l d_h e l p_s t r i n g " | grep  >/dev/null  2>&1  \ 

"supported  emulations:  iC345]86linux";  then 
echo  " S { UN AME_M  A C H I N E > -un known- l i nuxa ou t " ; exit  0 
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elif  echo  " $ L d__h  e L p_s  t r i n g " | grep  >/dev/nuLL  2>81  \ 

"supported  emulations:  i[345086coff";  then 
echo  " $ { UN  AM E_M A C H I N E >-un known- l i nux co f f " ; exit  0 

elif  echo  " $ l d_h e l p_s t r i n g " | grep  >/dev/null  2 > & 1 \ 

"supported  emulations:  m68kelf";  then 
echo  " $ { U N AM E_M A C H I N E > -u n kn o w n - l i n u x " ; exit  0 
elif  echo  " $ l d_h e l p_s t r i n g " | grep  >/dev/null  2 > & 1 \ 

"supported  emulations:  m68klinux";  then 
echo  " $ { U N AM E_M A C H I N E > -u n kn o w n- l i n ux a o u t " ; exit  0 
elif  test  " $ ■(  U N A M E_M  A C H I N E > " = "alpha"  ; then 
echo  a l pha-unknown- l i nux  ; exit  0 
else 

# Either  a pre-BFD  a. out  linker  (linuxoldld) 

U or  one  that  does  not  give  us  useful  --help. 

//  Gcc  wants  to  distinguish  between  linuxoldld  and  linuxaout. 
test  ! -d  / u s r / l i b / l d s c r i p t s / . \ 

88  echo  "${UNAME_MACH I N E > - u n k n o w n - l i nuxo Id  Id"  88  exit  0 
//  Determine  whether  the  default  compiler  is  a. out  or  elf 
cat  >dummy  . c <<E0  F 
mainlargc,  argv) 
int  argc; 
char  *argv[]; 

# i f d e f ELF 

printf  ("%s-unknown-linux\n",  argvCIO); 

//else 

printf  ("%s-unknown-linuxaout\n",  argvMO); 
tfe  n d i f 

return  0; 

> 

EOF 

${CC-cc>  dummy. c -o  dummy  2>/dev/null  \ 

88  ./dummy  " $ { U N A M E_M A C H I N E > " \ 

88  rm  dummy. c dummy  \ 

88  exit  0 

rm  -f  dummy. c dummy 

f i ; ; 

# ptx  4.0  does  uname  -s  correctly,  with  DYNIX/ptx  in  there.  earlier  versions 

# are  messed  up  and  put  the  nodename  in  both  sysname  and  nodename. 

iC34086:DYNIX/ptx:4*:*) 

echo  i 386-sequent-sy s v4 

exit  0 ; ; 

i C 34 ] 86 : * : 4 . * : * | i [34086: SYSTE  M_V : 4 . * : * ) 

if  grep  Novell  /usr/include/link.h  >/dev/null  2>/dev/null;  then 
echo  $ { U N A M E_M  ACHINEO-uni v e l - s y s v $ { U N A M E_R E L E A S E > 

else 

echo  ${UNAME_MACHINE>-unknown-sysv${UNAME_RELEASE> 
f i 

exit  0 ;; 

i [34086 : * : 3 . 2 : * ) 

if  test  -f  /usr/options/cb.name;  then 

U N AM E_R E L= ' s e d -n  's/.*Version  //p1  < / u s r / o p t i o n s / c b . n a m e ' 

echo  $ { UN  AM  E_M A C HINE)-unknown-i sc$UNAME_REL 
elif  /bin/uname  -X  2>/dev/null  >/dev/null  ; then 

U N AM E_R E L= 1 ( / b i n / u n a me  -X|egrep  Release|sed  -e  's/.*=  //')' 
(/bin/uname  -X|egrep  i80486  >/dev/null)  88  U N AM E_M A C H I N E= i 486 
(/bin/uname  -X|egrep  ' A Ma c h i n e . * Pe n t i urn  ' >/dev/null)  \ 

88  U N A M E_M  ACHINE  = i 586 

echo  $ ( U N A M E M A C H I N E > - u n k n o w n - s c o $ U N A M E REL 


152 


config/ config.  guess 


else 

echo  $ -C  U N A M E_M ACHINE>-unknown-sysv32 
f i 

exit  0 ; ; 

Intel  :Mach:3*:*) 

echo  i 3 8 6-u n kno w n-ma c h 3 
exit  0 ; ; 
paragon:*:*:*) 

echo  i 8 6 0- i n t e l -o s f 1 

exit  0 ; ; 

i 860  : * : 4 . * : * ) # i 860-SVR4 

if  grep  Stardent  /usr/include/sys/uadmin.h  >/dev/null  2 > & 1 ; then 

echo  i 860- s t a r d e n t - s y s v$ f U N AM E_R E L E A S E > U Stardent  Vistra  i860-SVR4 
else  # Add  other  i860-SVR4  vendors  below  as  they  are  discovered. 

echo  i 86 0-u n k n o w n- s y s v$ { U N AM E_R E L E A S E > # Unknown  i860-SVR4 

f i 

exit  0 ; ; 

mini*:CTIX:SYS*5:*) 
ft  "miniframe" 

echo  m6801 0-con ve rgent-sysv 

exit  0 ; ; 

M680C23400:*:R3VC567]*:*) 

test  - r /sysV68  & & echo  'm68k-motorola-sysv'  & & exit  0 ;; 

3[34]??:*:4. 0:3.0  | 3 E 3 4 ] ? ? , * : * : 4 . 0 : 3 . 0 ) 

uname  -p  2>/dev/null  | grep  86  >/dev/null  \ 

&8  echo  i486-ncr-sysv4.3  &8  exit  0 ; ; 

3C343??:*:4.0:*  | 3 L 3 4 ] ? ? , * : * : 4 . 0 : * ) 

uname  -p  2>/dev/null  | grep  86  >/dev/null  \ 

&&  echo  i486-ncr-sysv4  &&  exit  0 ;; 
m68OC2340O:LynxOS:2.C23]*:*) 

echo  m68k-lynx-lynxos$tUNAME_RELEASE> 

exit  0 ; ; 

mc68030:UNIX_Syst  em_V : 4 . * : * ) 
echo  m6 8 k-a t a r i - s y s v 4 
exit  0 ; ; 

iC34]86:Lynx0S:2.E23D*:*) 

echo  i 386-lynx-lynxos$fUNAME_RELEASE> 

exit  0 ; ; 

TSUNAMI : LynxOS : 2 . C233* : *) 

echo  sparc-lynx-lynxos${UNAME_RELEASE> 
exit  0 ; ; 

rs6000:Lynx0S:2.E233*:*) 

echo  rs6000- lynx- l ynxos$ TUN AME_RE LEASE} 
exit  0 ; ; 

RM* : SINIX-* : * : *) 

echo  m i p s - s n i - s y s v 4 

exit  0 ; ; 

*:SINIX-*:*:*) 

if  uname  -p  2>/dev/null  >/dev/null  ; then 

U N A M E_M A C H I N E = ' ( u n a m e -p)  2>/dev/null' 
echo  $ { U N A M E_M  ACHINE>-sni-sysv4 

else 

echo  n s 3 2 k- s n i - s y s v 
f i 

exit  0 ; ; 

mc68*:A/UX:*:*) 

echo  m68k-apple-aux${UNAME_RELEASE> 

exit  0 ; ; 

R3000:*Syst  em_V* : * : * ) 
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e s a c 


i f l 
else 
f i 

exit 


-d  /usr/nec  ];  then 

echo  mips-nec-sysv${UNAME_RELEASE> 

echo  mi ps-unknown-sysv$-CUNAME_RELEASE> 


//echo  '(No  uname  command  or  uname  output  not  recognized.)'  1>&2 

//echo  " $ C U N A M E_M  ACHINE) : $ { U N A M E S Y S T E M > : $ { U N A M E R E L E A S E > : $ { U N A M E VERSION}"  1>&2 


cat  >dummy.c  <<E0F 
//  i f d e f _SEQUENT_ 
ft  include  <sys / types . h> 
ft  include  < s y s / u t s n a m e . h > 
ft  e nd  i f 
main  ( ) 

{ 

ft  it  defined  ( sony  ) 
ft  i f defined  (MIPSEB) 

/*  BFD  wants  "bsd"  instead  of  "newsos".  Perhaps  BFD  should  be  changed, 
I don't  know....  * / 
printf  ( "mi ps-sony-bsd\n" ) ; exit  (0); 
ft  e l s e 

//include  < s y s / p a r a m . h > 

printf  ("m68k-sony-newsos%s\n", 

#ifdef  NEWS0S4 
" 4 " 

//else 

MM 

# e n d i f 

) ; exit  (0); 

ft  e n d i f 
//end  i f 

//if  defined  ( arm)  &&  defined  ( acorn)  &&  defined  ( unix) 

printf  ("arm-acorn-riscix");  exit  (0); 
ft  e n d i f 

ft  if  defined  (hp300)  &&  idefined  (hpux) 
printf  ( " m6 8 k- h p-b s d \ n " ) ; exit  (0); 
ft  e n d i f 


//if  defined  (NeXT) 

ft  if  Idefined  ( ARCHITECTURE ) 

//define  ARCHITECTURE "m68k" 

//end  i f 

int  version; 

version=' (hostinfo  | sed  -n  's/.*NeXT  Mach  \(C0-9U*\).*/\1/p')  2>/dev/null'; 

printf  ( "%s-next-nextstep%s\n",  ARCHITECTURE , version  = = 2 ? "2"  : "3"); 

exit  ( 0 ) ; 
ft  end  i f 


//if  defined 
ft  if  defined 
printf  ( " 
ft  else 

ft  if  defined 
printf  (" 


(MULTIMAX)  ||  defined  (n16) 
( UMAXV) 


ns32k-encore-sysv\n"); 

exit 

(0)  ; 

( CMU) 

ns32k-encore-mach\n"); 

exit 

(0)  ; 
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tt  else 

printf  ("ns32k-encore-bsd\n");  exit  (0); 
tt  e n d i f 
tt  e n d i f 
tt  e n d i f 


tt  if  defined  ( 386BSD ) 

printf  ("i386-unknown-bsd\n");  exit  (0); 
#end  i f 

#if  defined  (sequent) 

# i f defined  ( i 3 8 6 ) 

printf  ("i386-sequent-dynix\n");  exit  (0); 
ft  e n d i f 

#if  defined  (ns32000) 

printf  ("ns32k-sequent-dynix\n");  exit  (0); 
#end  i f 
//end  i f 


ft  i f defined  (_SEQUENT_) 
struct  utsname  un; 

uname(Sun); 


if  (strncmpCun.version,  "M2",  2)  == 
printf  ("i386-sequent-ptx2\n"); 

> 

if  (strncmpCun.version,  "VI",  2)  == 
printf  ("i386-sequent-ptx1  \ n " ) ; 

> 

printf  ("i386-sequent-ptx\n");  exit 


0)  ( 

exit  ( 0 ) ; 

0)  t /*  XXX  is  VI  correct?  */ 
exit  ( 0 ) ; 

(0)  ; 


ft  e n d i f 


#if  defined  (vax) 

#if  Idefined  (ultrix) 

printf  ("vax-dec-bsd\n");  exit  (0); 
ft  else 

printf  ("vax-dec-ultrix\n");  exit  (0); 
ft  e nd  i f 
ft  e n d i f 


#if  defined  (alliant)  &&  defined  (i860) 
printf  ("i860-alliant-bsd\n");  exit  (0); 
ft  e n d i f 


exit  ( 1 ) ; 

> 

EOF 

${CC-cc)  dummy. c -o  dummy  2>/dev/null  &&  ./dummy  &&  rm  dummy. c dummy  &&  exit  0 
rm  -f  dummy. c dummy 

ft  Apollos  put  the  system  type  in  the  environment. 

test  -d  /usr/apollo  88  { echo  ${ISP>-apoLLo-${SYSTYPE>;  exit  0;  > 
ft  Convex  versions  that  predate  uname  can  use  g e t s y s i n f o ( 1 ) 
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if  C -x  /usr/convex/getsysinfo  ] 
then 

case  'getsysinfo  -f  cpu_type'  in 
cl*) 

echo  c 1 - c o n v e x -b s d 
exit  0 ; ; 

c 2 * ) 

if  getsysinfo  -f  scalar_acc 
then  echo  c32-convex-bsd 
else  echo  c2-convex-bsd 
f i 

exit  0 ; ; 
c 3 4 * ) 

echo  c34-convex-bsd 
exit  0 ; ; 
c38*  ) 

echo  c 38- c o n v e x - b s d 
exit  0 ; ; 

c 4 * ) 

echo  c 4- c o n v e x-b s d 

exit  0 ; ; 

e s a c 


//echo  '(Unable  to  guess  system  type)' 
exit  1 


1 > & 2 
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config.sub 

ft  ! / b i n / s h 

ft 

ft  $ I d : config.sub,v  1.3. 2.1  1996/11/14  04:09:19  cbertsch  Exp  $ 
ft 

ft  Configuration  validation  subroutine  script,  version  1.1. 

# Copyright  (C)  1991,  1992,  1993,  1994,  1995  Free  Software  Foundation,  Inc. 

# This  file  is  (in  principle)  common  to  ALL  GNU  software. 

# The  presence  of  a machine  in  this  file  suggests  that  SOME  GNU  software 

# can  handle  that  machine.  It  does  not  imply  ALL  GNU  software  can. 

ft 

# This  file  is  free  software;  you  can  redistribute  it  and/or  modify 

ft  it  under  the  terms  of  the  GNU  General  Public  License  as  published  by 
ft  the  Free  Software  Foundation;  either  version  2 of  the  License,  or 
ft  (at  your  option)  any  later  version. 
ft 

ft  This  program  is  distributed  in  the  hope  that  it  will  be  useful, 
ft  but  WITHOUT  ANY  WARRANTY;  without  even  the  implied  warranty  of 
ft  MERCHANTABILITY  or  FITNESS  FOR  A PARTICULAR  PURPOSE.  See  the 
ft  GNU  General  Public  License  for  more  details. 

ft 

ft  You  should  have  received  a copy  of  the  GNU  General  Public  License 
ft  along  with  this  program;  if  not,  write  to  the  Free  Software 
ft  Foundation,  Inc.,  59  Temple  Place  - Suite  330, 
ft  Boston,  MA  02111-1307,  USA. 

ft  As  a special  exception  to  the  GNU  General  Public  License,  if  you 

# distribute  this  file  as  part  of  a program  that  contains  a 

ft  configuration  script  generated  by  Autoconf,  you  may  include  it  under 
ft  the  same  distribution  terms  that  you  use  for  the  rest  of  that  program. 

ft  Configuration  subroutine  to  validate  and  canonicalize  a configuration  type. 
ft  Supply  the  specified  configuration  type  as  an  argument. 

ft  If  it  is  invalid,  we  print  an  error  message  on  stderr  and  exit  with  code  1. 
ft  Otherwise,  we  print  the  canonical  config  type  on  stdout  and  succeed. 


ft  This  file  is  supposed  to  be  the  same  for  all  GNU  packages 
ft  and  recognize  all  the  CPU  types,  system  types  and  aliases 
ft  that  are  meaningful  with  *any*  GNU  software. 

ft  Each  package  is  responsible  for  reporting  which  valid  configurations 
ft  it  does  not  support.  The  user  should  be  able  to  distinguish 
ft  a failure  to  support  a valid  configuration  from  a meaningless 
ft  configuration. 


ft  The  goal  of  this  file  is  to  map  all  the  various  variations  of  a given 
ft  machine  specification  into  a single  specification  in  the  form: 
ft  CPU_TYPE-MANUFACTURER-OPERATING_S  YSTEM 

ft  It  is  wrong  to  echo  any  other  type  of  specification. 


i f [ 
then 


f i 


x $ 1 — x D 

echo  Configuration  name  missing.  1>&2 
echo  "Usage:  $0  C PU-M F R-0 P S Y S " 1 > & 2 
echo  "or  $0  ALIAS"  1 > & 2 

echo  where  ALIAS  is  a recognized  configuration 
exit  1 


type  . 


1 >&2 


ft 


First  pass  through  any 


local  machine  types. 
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case  $ 1 


i n 

★local*) 


echo 

exit 


$1 

0 


*) 


e s a c 

# Separate  what  the  user  gave  into  CPU-COMPANY  and  OS  (if  any). 

ba s i c_ma c h i n e = ' e c h o $1  | sed  ' s /- C A- ]*$//'  ' 

if  [ $basic_machine  !=  $1  ] 

then  os=' echo  $1  | sed  's/. 

else  os=;  fi 


###  Let's  recognize  common  machines  as  not  being  operating  systems  so 
###  that  things  like  config.sub  d e c s t a t i on-3 1 00  work.  We  also 
###  recognize  some  manufacturers  as  not  being  operating  systems,  so  we 
tttttt  can  provide  default  operating  systems  below, 
case  $os  in 

-sun*os*) 

# Prevent  following  clause  from  handling  this  invalid  input. 

a r 

-dec*  | -mips*  | -sequent*  | -encore*  | -pc532*  | -sgi*  | -sony*  | \ 
-att*  | -7300*  | -3300*  | -delta*  | -motorola*  | -sunC234D*  | \ 

-unicorn*  | -ibm*  | -next  | -hp  | -isi*  | -apollo  | -altos*  | \ 
-convergent*  | -ncr*  | -news  | -32*  | -3600*  | -3100*  | -hitachi*  |\ 
-c[123]*  | -convex*  | -sun  | -crds  | -omron*  | -dg  | -ultra  | -tti*  | \ 
-harris  | -dolphin  | -highlevel  | -gould  | -cbm  | -ns  | -masscomp  ) 

o s = 

basic  machine=$1 


a r 

- h i u x * ) 

os=-h i uxwe2 


a a 

- s c o4 ) 

os=-sco3.2v4 

basi c_mach i ne= 1 echo  $1  | sed  -e  ' s / 86- . * / 86-u n k n o w n / ' 1 

- s c o 3 . 2 . [4-9]*) 

os= 1 echo  $os  | sed  -e  ' s / s c o 3 . 2 . / s c o 3 . 2 v / ' ' 
b a s i c_ma c h i n e = ' e c h o $1  | sed  -e  ' s / 86- . * / 8 6-u n kn o w n / ' 1 


/ A 

-sco3 . 2vC4-9]*) 

# Don't  forget  version  if  it  is  3.2v4  or  newer. 

ba s i c_ma c h i n e= ' e c h o $1  | sed  -e  ' s / 86- . * / 8 6-u n k n o w n / ' ' 


-SCO*) 

os=-sco3 . 2v2 

basi c_machi ne= ' echo  $1  | sed  -e  ' s / 86- .* /86-un known /'  ' 


os=-isc2.2 

basi c_machi ne= 'echo  $1  | sed  -e  ' s / 86- .*/ 86-u n known /' ' 


A A 

- c l i x * ) 

basi c_ma  chine  = clipper-intergraph 


- i s c * ) 
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basi c_machi ne= ' echo  $1  | sed  -e  ' s /86- .* /86-un known /'  ' 

/ A 

-lynx*) 

os=-lynxos 

a a 

-pt  X*  ) 

basic_machine='echo  $1  | sed  -e  ' s / 86- . * / 86- s eq u e n t / ' ' 

A A 

-w i ndowsnt* ) 

os=' echo  $os  | sed  -e  1 s/wi ndowsnt/wi nnt  / ' ' 

A A 

e s a c 

ft  Decode  aliases  for  certain  CPU-COMPANY  combinations, 
case  $ba s i c_ma c h i ne  in 

ft  Recognize  the  basic  CPU  types  without  company  name. 

ft  Some  are  omitted  here  because  they  have  special  meanings  below. 

tahoe  | iC345D86  | i860  | m68k  | m68000  | m88k  | ns32k  | arm  \ 

| armeClb]  | pyramid  \ 

| tron  | a29k  | 580  | i960  | h8300  | hppal.O  | hppal.1  \ 

| alpha  | we32k  | ns16k  | clipper  | spare  l i te  | i 370  | sh  \ 

| powerpe  | powerpe  le  | sparc64  | 1 750a  | dsp16xx  \ 

| mips64  | mipsel  \ 

| pdpll  | mips64el  | mips64orion  | m i p s 6 4o r i o n e l \ 

| spare) 

basi c_ma  chine  = $basi c_ma  chi ne-unknown 

A A 

ft  Object  if  more  than  one  company  name  word. 

* - * - * ) 

echo  Invalid  configuration  \ ' $ 1 \ ' : \ 

machine  \ ' $ b a s i c__m  a c h i n e \ 1 not  recognized  1 > & 2 

exit  1 

A A 

ft  Recognize  the  basic  CPU  types  with  company  name. 

vax-*  | tahoe-*  | i C345D86  — * | i 860-*  | m68k-*  | m68000-*  | m88k-*  \ 

| spare-*  | ns32k-*  | fx80-*  | arm-*  | c C 1 2 3 D * \ 

| mips-*  | pyramid-*  | tron-*  | a29k-*  | romp-*  \ 

| rs6000-*  | power-*  \ 

| none-*  | 580-*  | cray2-*  | h8300-*  | i960-*  | xmp-*  | ymp-*  \ 

| hppal.O-*  | hppal.1-*  | alpha-*  | we32k-*  | cydra-*  | ns16k-*  \ 

| pn-*  | npl-*  | xpslOO-*  | clipper-*  | orion-*  | sparclite-*  \ 

| pdpll-*  | sh-*  | powerpe-*  | powerpe  le-*  | sparc64-*  \ 

| mips64-*  | mipsel-*  \ 

| mips64el-*  | m i p s 6 4 o r i o n -*  | m i p s 6 4 o r i o n e l - * ) 

A A 

ft  Recognize  the  various  machine  names  and  aliases  which  stand 
ft  for  a CPU  type  and  a company  and  sometimes  even  an  OS. 

3 b 1 | 7300  | 7300-att  | att-7300  | pc7300  | safari  | unixpc) 

basi c_machi ne=m68000-att 

A A 

3b*  ) 

basi c_ma  chine  = we32k-att 

A A 

alliant  | fx80) 

basi c_ma  chine  = fx80-alliant 

A A 

altos  | altos3068) 

basic  ma c h i n e = m6 8 k-a  1 1 o s 
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am29k ) 

ba  s i c_ma  chi ne=a29k-none 
os=-bsd 

/ r 

amda  h l ) 

ba  s i c_ma  chine  = 580-amdahl 
os=-sys v 
/ / 

ami ga  | ami ga-*) 

ba  s i c_ma  chi ne  = m68k-cbm 

r f 

ami gados ) 

b a s i c_ma  chine  = m68k-cbm 
os=-amigados 

r r 

amigaunix  | amix) 

ba  s i c_ma  chi ne  = m68k-cbm 
os=-sysv4 

F F 

a po  L l o 6 8 ) 

ba  s i c_ma  chine  = m68k-apollo 
os=-sysv 

F F 

balance) 

ba  s i c_ma  chi ne  = ns32k-sequent 
os  = -dyn  i x 

F F 

convex-cl  ) 

ba  s i c_ma  chi ne=c1-convex 
os=-bsd 

F F 

convex-c2) 

ba  s i c_ma  chine  = c2-convex 
os=-bsd 

/ F 

convex-c32) 

basi c_machine=c32-convex 
os=-bsd 

F F 

convex-c34) 

basi c_m  achi ne  = c34-convex 
o s = -b  s d 


convex-c38) 

basi c_ma  chine=c38-convex 
os=-bsd 

F F 

cray  | ymp ) 

basi c_ma  chine  = ymp-cray 
os=-uni cos 

F F 

c r a y 2 ) 

basi c_ma  chine  = cray2-cray 
os--un i cos 

F F 

crds  | unos ) 

basi c_ma  chi ne  = m68k-crds 

da30  | da30-* ) 
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basi c_machi ne=m68k-da30 

decstation  | d e c s t a t i o n-3 1 00  | pmax  | pmax-*  | 

d e c 3 1 00  | decstatn) 

basi c_ma  chine  = mips-dec 

/ r 

delta  | 3300  | motorola-3300  | mo t o r o l a -d e l t a 
| 3 3 00-motorola  | d e 1 1 a -mo t o r o l a ) 
basi c_ma  chi ne  = m68k-motorola 

delta88)W 

basi c_ma  chi ne  = m88k-motorola 
os=-sysv3 

f r 

dpx20  | dpx20-* ) 

basi c_ma  chine  = rs6000-bul  l 
os=-bosx 

/ r 

dpx2*  | dpx2*-bull) 

basi c_machi ne  = m68k-bul  l 
os=-sysv3 


/ r 

ebmon29k) 


basi c_ma  chi ne  = a29k-amd 
os=-ebmon 

e l x s i ) 

r f 

basi c_ma  chine  = elxsi-elxsi 
o s = - b s d 

encore 

r r 

| umax  | mmax) 
basi c_ma  chi ne  = ns32k-encore 

f x2800) 

r r 

basi c_ma  chine  = i860-alliant 

g e n i x ) 

/ r 

basi c_m  achi ne  = ns32k-ns 

g m i c r o ) 

/ r 

basi c_ma  chine  = tron-gmicro 
os^-sysv 

h 3 0 5 0 r * 

/ / 

| h i u x * ) 

basi c_ma  chine  = hppa1  .1-hitachi 
os=-h i uxwe2 

h8300hms ) 

basi c_machi ne=h8300-hi tachi 
os=-hms 
/ / 

harri s) 

basi c_machi ne=m88k-harri s 
os=-sysv3 

hp300-*  ) 

basi c_ma  chi ne  = m68k-hp 
hp300bsd ) 


pm i n | \ 


\ 
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ba  s i c_ma  chine  = m68k-hp 
o s = -b  s d 

a r 

hp300hpux  ) 

ba  s i c_ma  chine  = m68k-hp 
os=-hpux 

hp9k2C0-9:C0-9]  | hp9k31 C 0-93  ) 
basi c_ma  chi ne=m68000-hp 

hp9k3C2-9DC0-9]  ) 

ba  s i c_ma  chi ne  = m68k-hp 

hp9k7[0-9]C0-9H  | hp7C0-93 CO-9]  | hp9k8C0 

ba  s i c_ma  chine  = hppa1  .1-hp 

hp9k8C0-9]C0-9]  | h p8 1 0-9  ] C 0-9 3 ) 
ba  s i c_ma  chine  = hppa1  .0-hp 

/ A 

i 3 7 0 - i b m * | i b m * ) 

ba  s i c_ma  chine=i370-ibm 
o s = -m v s 

a r 

U I'm  not  sure  what  "Sysv32"  means.  Should  this 
i C345386v32) 

bas i c_machi ne= 1 echo  $1  | sed  -e  ' 

os=-sys v32 

i H345386v4*) 

basi c_machi ne= 1 echo  $1  | sed  -e  ' 

os=-sysv4 

i C345386v) 

basi c_machi ne= ' echo  $1  | sed  -e  1 

os^-sysv 

iC345386sol2) 

ba s i c_ma c h i n e = ' e c h o $1  | sed  -e  ' 

os=-solaris2 

/ r 

iris  | iris4d) 

basi c_ma  chine  = mips-sgi 
case  $os  in 
- i r i x * ) 

A A 

*) 

o s = - i r i x 4 

A A 

e s a c 

A A 

i s i 6 8 | i s i ) 

basi c_ma  chi ne  = m68k-i si 
os=-sys v 

A A 

m88k-omron*) 

basi c_ma  chine  = m88k-omron 

A A 

magnum  | m3230) 

basi c_ma  chine  = mips-mips 


-937  | hp8C0-937) 


be  sysv3.2? 
s/86.*/86-unknown/'  ' 

s/86.*/86-unknown/'  ' 

s/86.*/86-unknown/'  ' 

s/86.*/86-unknown/'  ' 
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o s = - s y s v 


a a 

merlin) 

b a s i c_ma  chi ne=ns32k-utek 
os=-sysv 


mini  frame) 

ba  s i c_ma  chi ne  = m68000-convergent 

/ A 

mi p s 3 * -* ) 

basi c_machi ne= ' echo  $ba s i c_ma c h i ne  | sed  -e 


m i p s 3 * ) 


a a 

basi c_machine= ' echo  $ ba s i c_ma c h i n e \ 

| sed  -e  's/mips3/mi 


A A 

nc  r3000  ) 

basi c_ma  chine  = i486-ncr 
os=-sysv4 


A A 

news  | news700  | news800  | news900) 
basi c_m  achi ne  = m68k-sony 
os=-newsos 


A A 

newslOOO) 

basi c_ma  chi ne  = m68030-sony 
os=-newsos 


A A 

news-3600  | rise-news) 

basi c_ma  ch i ne  = mi ps-sony 
os=-newsos 

A A 

next  | m*-next  ) 

basi c_ma  chi ne  = m68k-next 
case  Sos  in 

-nextstep*  ) 


A A 

-n  s 2 * ) 


os=-nextstep2 


* ) 


os=-nextstep3 


e s a c 

nh3000 ) 

basi c_ma  chine  = m68k-harris 
os=-cxux 

n h C 4 5 U 0 0 0 ) 

basi c_ma  chine  = m88k-harris 
os=-cxux 

A A 

nindy960) 

basi c_ma  chine  = i960-intel 
os=-n i ndy 

n p 1 ) 

basi c_ma  chine  = np1-gould 


's/mips3/mips64/' ' 


ps64/'  '-unknown 
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f r 

pa-hitachi) 

ba  s i c_ma  chine  = hppa1  .1-hitachi 
os=-h i uxwe2 
/ / 

paragon) 

ba  s i c_ma  chine  = i860-intel 
os  = -os  f 

p bd ) 

ba  s i c_ma  chi ne  = sparc-tti 


pbb ) 

p c 5 3 2 | 

Pentium 


ba  s i c_ma  chine  = m68k-tti 
p c 5 3 2 -*  ) 

b a s i c_ma  chi ne=ns32k-pc532 
|'p5  | p 6 ) 

ft  We  don't  have  specific  support  for  the 

ft  Intel  Pentium  (p6)  followon  yet,  so  just  call  it  a Penti 
basic  machine=i586-intel 


Pentium-*  | p5-*  | p6-*) 

ft  We  don't  have  specific  support  for  the 

ft  Intel  Pentium  (p6)  followon  yet,  so  just  call  it  a Penti 
ba s i c_ma c h i n e = i 5 8 6- ' e c h o $ba s i c_ma c h i ne  | sed  ' s/ACA  — □*— // 


k 5 ) 


nexen  ) 


pn ) 

power) 
ppc  ) 
ppc-* ) 
ppc l e | 

ppc  l e-* 


ft  We  don't  have  specific  support  for  AMD's  K5  yet, 
ft  so  just  call  it  a Pentium 
basic  ma c h i n e = i 5 8 6-a md 


tt  We  don't  have  specific  support  for  Nexgen  yet, 
ft  so  just  call  it  a Pentium 
ba  s i c_ma  chi ne  = i 586-nexgen 


b a s i c_m  achi ne  = pn-gould 
ba  s i c_ma  chine  = rs6000-ibm 

r / 

ba  s i c_ma  chi ne=powerpc-unknown 

r r 

ba s i c_ma c h i n e=po w e r p c - ' e c h o $ba s i c_ma c h i ne  | sed  's/ACA-]* 

r r 

p o w e r p c l i 1 1 l e | ppc-le  | powe r pc- l i 1 1 l e ) 
b a s i c_ma  chine  = powerpcle-unknown 

r r 

| powerpclittl e-* ) 

ba s i c_ma c h i n e=po w e r p c l e- ' e c h o $basi c_machi ne  \ 

| sed  ' s/A[A-]*-// 


p s 2 ) 

ba  s i c_ma  chine  = i386-ibm 
rmC46D00) 

ba  s i c_ma  chi ne  = mi ps-si emens 


urn 


urn 

l I 


-II'' 
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rtpc  | rtpc-*) 

ba  s i c_ma  chi ne  = romp-i bm 

/ r 

sequent) 

ba  s i c_ma  chine=i386-sequent 

r r 

s h ) 

ba  s i c_ma  chine  = sh-hitachi 
o s = - h m s 
/ / 

s p s 7 ) 

ba  s i c_ma  chine  = m68k-bull 
os=-sysv2 

r r 

spur) 

ba  s i c_ma  chi ne  = spur-unknown 

r r 

s u n 2 ) 

b a s i c_ma  chine=m68000-sun 

r r 

s u n 2 o s 3 ) 

b a s i c_ma  chi ne  = m68000-sun 
os=-sunos3 

f r 

sun2os4) 

ba  s i c_ma  chi ne=m68000-sun 
os=-sunos4 
/ / 

sun3os3) 

ba  s i c_ma  chi ne  = m68k-sun 
os=-sunos3 

/ f 

sun3os4) 

b a s i c_m  achi ne  = m68k-sun 
os=-sunos4 

r r 

sun4os3  ) 

ba  s i c_ma  chine  = sparc-sun 
os=-sunos3 

r r 

sun4os4) 


ba  s i c_ma  chine  = sparc-sun 
os=-sunos4 

/ r 

sun4sol2) 

ba  s i c_ma  chine  = sparc-sun 
os=-solaris2 

s u n 3 | 

sun3-*  ) 

basi c_machi ne=m68k-sun 

s u n 4 ) 

/ r 

basi c_ma  chi ne  = sparc-sun 

s u n 3 8 6 

/ r 

| sun386i  | roadrunner) 
basi c_ma  chi ne  = i 386-sun 

symme  t 

/ / 

r y ) 
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basi c_ma  chine  = i386-sequent 
os=-dynix 

tower  | 

r r 

tower-32) 

basi c_ma  chine  = m68k-ncr 

u d i 2 9 k ) 

r r 

basi c_ma  chi ne  = a29k-amd 
o s = -ud i 

u 1 1 r a 3 ) 

/ f 

basi c_ma  chi ne  = a29k-nyu 
os=-sym1 

v a x v ) 

r r 

basi c_ma  chi ne  = vax-dec 
os=-sysv 

v m s ) 

A f 

basi c_ma  chi ne  = vax-dec 

os=-vms 

vxworks960) 

b a s i c_ma  chine  = i960-wrs 
os=-vxworks 

r f 

vxworks68) 

basi c_ma  chine=m68k-wrs 
os=-vxworks 

r r 

vxworks29k) 

b a s i c_m  achi ne  = a29k-wrs 
os=-vxworks 

/ r 

xmp  ) 

b a s i c_m  achi ne=xmp-cray 
os=-uni cos 

r r 

xps  | xpslOO) 

ba  s i c_ma  chine=xps100-honeywel L 

f f 

none) 

ba  s i c_ma  chine  = none-none 
os=-none 


ft  Here  we  handle  the  default  manufacturer  of  certain 
ft  some  cases  the  only  manufacturer,  in  others,  it  is 
mips) 

ba  s i c_ma  chine  = mips-mips 
/ / 

romp ) 

basic _machine=romp-ibm 

r s 6 0 0 0 ) 

basi c_machi ne=rs6000-i bm 

/ f 

v a x ) 

basic  ma c h i n e= v a x -d e c 


CPU  types 
the  most 


It  is  in 
popular. 
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pdpl 1 ) 

ba  s i c_ma  chine^pdpl 1-dec 

w e 3 2 k ) 

ba  s i c_ma  chine  = we32k-att 

A / 

spare) 

b a s i c_ma  chine  = sparc-sun 
/ / 

cydra ) 

ba  s i c_ma  chi ne  = cydra-cydrome 

a a 

orion) 

ba  s i c_ma  chine=orion-highlevel 

a a 

orion105) 

ba  s i c_ma  chine  = clipper-highlevel 
/ / 

★ ) 

echo  Invalid  configuration  \ 

machine  \ 1 $ ba s i c_ma c h i n e \ ' not  recognized  1>&2 

exit  1 

e s a c 

# Here  we  canonicalize  certain  aliases  for  manufacturers, 
case  $ba s i c_ma c h i ne  in 

★-digital*) 

ba s i c_ma c h i n e = ' e c h o $ ba s i c_ma c h i n e | sed  1 s / d i g i t a l . * / d e c / ' ' 

a a 

★-commodore*) 

basi  c_machi  ne=  ' echo  $ba  s i c__ma  c h i ne  | sed  1 s/commodore  .*/cbm/  1 ' 

A A 

* ) 

A A 

e s a c 

# Decode  manufacturer-specific  aliases  for  certain  operating  systems. 

if  C x " $ o s " ! = x " " ] 

then 

case  $os  in 


# -sola 

r i s * 

i s a 

basi 

c system 

type,  w 

i t h 

this  one  exception 

-solari 

si  1 

-sol 

ari  si 

. * ) 

os- 

'echo 

Sos 

| sed  -e 

' s | s o l a 

r i s 1 

| s u n o s 4 | ' ' 

-solari 

i r 

S ) 

o s = - 

-sola 

r i s 2 

-unixware*  | svr4* ) 
os=-sysv4 

A A 

-gnu/linux*) 

os  = ' echo  Sos  | sed  -e  ' s | g n u / l i n ux | l i n u x | ' ' 

A A 

# First  accept  the  basic  system  types. 

# The  portable  systems  comes  first. 

# Each  alternative  MUST  END  IN  A *,  to  match  a version  number. 
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U -sy sv* 
-gnu*  | 


is  not 
-bsd*  | 
-vms*  | 


here  because  it  comes  Later,  after  sysvr4. 
-mach*  | -minix*  | -genix*  | -ultrix*  | -irix* 
-sco*  | -esix*  | -isc*  | -aix*  \ 


\ 


| -sunos  | - s u n o s C 3 4 5 II  * \ 

| -hpux*  | -unos*  | -osf*  | -Luna*  | -dgux*  | -soLaris*  | -sym* 

| -amigados*  | -msdos*  | -newsos*  | -unicos*  | -aos*  \ 

| -nindy*  | -vxworks*  | -ebmon*  | -hms*  | -mvs*  | -cLix*  \ 

| -riscos*  | -Linux*  | -unipLus*  | -iris*  | -rtu*  | -xenix*  \ 

| -hiux*  | -386bsd*  | -netbsd*  | -freebsd*  | -riscix*  \ 

| -Lynxos*  | -bosx*  | -nextstep*  | -cxux*  | -aout*  | -eLf*  \ 

| -ptx*  | -coff*  | -ecoff*  | -winnt*  | -domain*  | -vsta*  \ 

| -udi*  | -eabi*  | -Lites*  ) 

# Remember,  each  aLternative  MUST  END  IN  *,  to  match  a version  number. 


\ 


r r 

-sunos5*) 

os= ' echo  $os  | sed  -e  ' s | s u n o s 5 | s o L a r i s 2 | ' 1 

/ r 

-sunos6*) 

os= 1 echo  $os  | sed  -e  's|sunos6|soLaris3|'' 


-osf rose*) 


os=-osf rose 

-osf*) 

f r 

o s = -o  s f 

- u t e k * ) 

f r 

os=-bsd 

-dyn i x* 

r r 

) 

os=-bsd 

-a  c i s*  ) 

o s = -a  o s 

- c t i x * 

f r 

| -u  t s * ) 

os=-sys v 

/ / 

# Preserve  the  version  number  of  sinix5. 
-sinix5.*) 

os='echo  $os  | sed  -e  ' s | s i n i x | s y s v | ' ' 

r r 

-sinix*) 

os=-sysv4 


/ / 

-tri  ton*) 

os=-sysv3 

r r 

-oss*) 

os=-sysv3 
/ / 

- s v r 4 ) 

os=-sy sv4 

r r 

- s v r 3 ) 

os=-sysv3 

/ r 

- s y s v r 4 ) 

os=-sy s v4 
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f r 

ft  This  must  come  after  -sysvr4. 
-sysv*  ) 

/ / 

-xenix) 

o s =-x  e n i x 

r / 

-none ) 


ft  Get  rid  of  the  at  the  beginning  of  $os. 

os=' echo  Sos  | sed  ' s / L A- ]*-//'  ' 
echo  Invalid  configuration  \ ' $ 1 \ ' : \ 

system  \'$os\'  not  recognized  1 > S 2 

exit  1 


/ / 

e s a c 
else 


tf  Here  we  handle  the  default  operating  systems  that  come  with  various  machines. 
ft  The  value  should  be  what  the  vendor  currently  ships  out  the  door  with  their 
ft  machine  or  put  another  way,  the  most  popular  os  provided  with  the  machine. 

ft  Note  that  if  you're  going  to  try  to  match  "-MANUFACTURER"  here  (say, 
ft  "-sun"),  then  you  have  to  tell  the  case  statement  up  towards  the  top 
ft  that  MANUFACTURER  isn’t  an  operating  system.  Otherwise,  code  above 
ft  will  signal  an  error  saying  that  MANUFACTURER  isn't  an  operating 
ft  system,  and  we'll  never  get  to  this  point. 

case  $ b a s i c_m a c h i n e in 
*-acorn) 

os  = -ri sci xl  .2 

/ f 

arm*-semi  ) 

os=-aout 

r r 

pdpl 1 -*  ) 

os=-none 

r r 

*-dec  | vax-* ) 

os  = -u 1 1 r i x4 . 2 

/ f 

m68*-a  po  l lo) 

os=-doma i n 

r r 

i 386-sun ) 

os=-sunos4.0.2 

r r 

m68000-sun ) 

os=-sunos3 

ft  This  also  exists  in  the  configure  program,  but  was  not  the 
ft  default. 
ft  os  = -sunos4 

/ r 

*-tti)  tt  must  be  before  spare  entry  or  we  get  the  wrong  os. 
os=-sysv3 

r r 

spare-*  | *-sun) 

os  = -sunos4.1  .1 
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a a 

★ - i bm ) 

o s = - a i x 

/ a 

*-hp  ) 

os=-hpux 

a r 

*-hitachi) 

o s = - h i ux 

a r 

i860-*  | *-att  | *-ncr 

o s = - s y s v 

a r 

*- c bm ) 

os=-ami gados 

a a 

*-dg  ) 

os=-dgux 
/ / 

★-dolphin) 

os=-sysu3 

m68k-ccur) 

o s = - r t u 

r r 

m88k-omron* ) 

os=-luna 


A A 

★-sequent ) 

o s = -p  t x 

A A 

*-crds) 

os=-unos 


★ -ns) 


i 370-*) 


★ -next  ) 


A A 

o s = - g e n i x 

A A 

o s = -m v s 

A A 

os=-nextstep3 


*-gou  l d ) 


os=-sysv 


★-highlevel) 

o s = -b  s d 


A A 

★-encore) 

o s = -b  s d 

A A 

*-sg i ) 

o s = - i r i x 


A A 

★-siemens) 

os=-sysv4 

A A 

★-masscomp) 


★-altos 


★-motorola 


★-convergent) 
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o s = - r t u 

r r 

*) 

os=-none 

/ r 

e s a c 
f i 

# Here  we  handle  the  case  where  we  know  the  os,  and  the  CPU  type,  but  not  the 

# manufacturer.  We  pick  the  logical  manufacturer. 
vendor=unknown 

case  $ba s i c_ma c h i ne  in 
★-unknown) 

case  $os  in 

- r i s c i x * ) 


vendor=acorn 

-sunos*) 

a a 

vendor=sun 

r r 

-lynxos*) 

vendor=lynx 

-a i x * ) 

vendo  r = i bm 

-hpux*  ) 

a a 

vendor=hp 

- h i u x * ) 

f r 

vendor=hi tachi 

- u n o s * ) 

/ / 

vendor=crds 

-d  g u x * ) 

/ r 

vendo r=dg 

-Luna*) 

r r 

vendo  r = om  r on 

-genix*) 

/ A 

vendor=ns 

-m v s * ) 

r r 

vendor=i bm 

-p  t x * ) 

f r 

vendor=sequent 

/ A 

-vxworks*) 

vendor=wrs 


e s a c 

basi c_machine=' echo  $ba s i c_ma c h i ne  | sed  " s / u n k n o w n / $ v e n d o r / " ' 
/ / 

e s a c 

echo  $ b a s i c_ma c h i n e $ o s 
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- 

■ 
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install-sh 

# ! / b i n / s h 

ft 

ft  $ I d : instal  l -s  h , v 1.3  1 996/1  1 /1  2 01:42:33  mhw  Exp  $ 

ft 

# install  - install  a program,  script,  or  datafile 
ft  This  comes  from  X11R5. 

ft 

ff  Calling  this  script  install-sh  is  preferred  over  install. sh,  to  prevent 
ft  'make'  implicit  rules  from  creating  a file  called  install  from  it 
ft  when  there  is  no  Makefile. 
ft 

ft  This  script  is  compatible  with  the  BSD  install  script,  but  was  written 
ft  from  scratch. 
ft 


ft  set  D0ITPR0G  to  echo  to  test  this  script 

ft  Don't  use  :-  since  4.3BSD  and  earlier  shells  don't  like  it. 
doi t="${D0ITPR0G->" 


ft  put  in  absolute  paths  if  you  don't  have  them  in  your  path;  or  use  env.  vars 


mvprog="${MVPROG-mv}" 

cpprog="${CPPROG-cp>" 

chmodprog="$CCHMODPROG-chmod>" 

chownprog="$CCHOWNPROG-chown>" 

chgrpprog  = "$-CCHGRPPROG-chgrp>" 

stripprog="$fSTRIPPROG-strip>" 

rmprog="${RMPROG-rm}" 

mkdi rprog  = "${MKDIRPROG-mkdi  r>" 


transf ormbasename="" 

transf o rm_a  r g = " " 

i nstcmd  = ”$mvprog" 

c h mo d c md = " $ c h mod p r o g 0755" 

chowncmd="" 

chgrpcmd="" 

stripcmd="" 

r m c md= " $ rmp r o g -f" 

mvcmd="$mvprog" 

s r c = " " 

d s t = " " 

d i r_a  r g = " " 

whi le  [ x"$1"  !=  x 1;  do 

case  $ 1 in 

-c)  i n s t cmd= " $ c pp r og 
shift 

continue;; 


-d ) d i r_a  r g = t rue 
shift 

continue;; 

-m)  chmodcmd="$chmodprog  $2" 
shift 
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shift 

continue;; 

-o)  c h o wn c md= " $ c h o w n p r o g $2" 
shift 
shift 

continue;; 

-g)  c h g r p c md = " $ c h g r pp r o g $2" 
shift 
shift 

continue; ; 

-s)  s t r i p c md  = " $ s t r i pp r og  " 
shift 

continue;; 

-t=*)  transformarg=' echo  $1  | sed  's/-t=//'' 

shift 

continue;; 


-b  = *)  transformbasename='  echo  $1  | sed  'sZ-b^/1' 

shift 

continue;; 


*)  if  C x " $ s r c " = x ] 
then 

src=$1 

else 

# this  colon  is  to  work  around  a 386BSD  /bin/sh  bug 


d s t = $ 1 
f i 

shift 

continue;; 

e s a c 

done 

if  C x"$src"  = x H 
then 

echo  "install: 
exit  1 

else 


f i 


true 


no  input 


file  specified" 


i f [ x 


$ d i r_a  r g " 
dst=$src 


!=  x 1 ; then 


else 


if  C 
else 
f i 


-d  $dst  ] ; then 
i n s t c md=  : 

instcmd=mkdi r 


U Waiting  for 
# might  cause 


this  to  be  detected  by  the  "Sinstcmd  $src 
directories  to  be  created,  which  would  be 


Sdsttmp"  command 
especially  bad 
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# if  $src  (and  thus  $dsttmp)  contains  '*'. 


i f [ 

- f $ s r c 

-o  -d  $src 

: 

then 

true 

else 

echo 

"install: 

$src  does  not  exist" 

exit 

1 

f i 

i f [ 

x " $d  s t " 

II 

X 

1 1 

then 

echo 

"install: 

no  destination  specified" 

exit 

1 

else 

true 

f i 

# If  destination  is  a directory,  append  the  input  filename;  if  your  system 

# does  not  like  double  slashes  in  filenames,  you  may  need  to  add  some  logic 


f i 


i f C -d 
then 

else 

f i 


$d  s t II 

dst  = "$dst"  / ' basename  $src ' 
true 


##  this  sed  command  emulates  the  dirname  command 
dstdi  r = 1 echo  $dst  | sed  -e  's,CA/II*$,,,-s,/$,,,-s,A$,.,'' 

# Make  sure  that  the  destination  directory  exists. 

# this  part  is  taken  from  Noah  Friedman's  m k i n s t a l l d i r s script 

# Skip  lots  of  stat  calls  in  the  usual  case, 
if  C ! -d  "Sdstdir"  1 ; then 
defaultIFS=' 

I 

IFS="$(IFS-${defaultIFS>>" 

ol  F S = " $ ( I FS>" 

# Some  sh's  can't  handle  I F S = / for  some  reason. 

I F S = ' % ' 

set  - 'echo  $fdstdir>  | sed  -e  ' s a / a % 3 g ' - e ' s 3 A % a / a ' ' 

IFS="${oIFS>" 


pathcomp='  ' 


while  C $ # -ne  0 ] ; do 

pathcomp="$(pathcomp>$(1 > " 
shift 


i f C 
then 

else 

f i 


-d  "${pathcomp>"  II  ; 
Smkdirprog  " $ { pa t h c omp > " 
true 
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pathcomp="${pathcomp}/" 

done 
f i 

if  II  x " $ d i r_a  rg"  ! = x II 
then 

$doit  Sinstcmd  $dst  && 


i f 

L 

X 

"Schowncmd" 

! = x 

n; 

then 

$ d o i t 

Schowncmd 

Sdst; 

else 

true  ; 

f i 

&S 

i f 

[ 

X 

"$chgrpcmd" 

! - x 

J; 

then 

$do  i t 

$chgrpcmd 

Sdst; 

else 

true  ; 

f i 

& 8 

i f 

[ 

X 

"Sstripcmd" 

! = x 

3; 

then 

$do  i t 

Sstripcmd 

Sdst; 

else 

true  ; 

f i 

&& 

i f 

[ 

X 

"Schmodcmd" 

! = x 

3; 

then 

$ d o i t 

Schmodcmd 

Sdst; 

else 

true  ; 

f i 

else 


ft  If  we're  going  to  rename  the  final  executable,  determine  the  name  now. 


if  l 
then 

else 

f i 


x"$transf  ormarg"  = x II 

d s t f i l e= ' ba s ename  $dst' 

ds t f i l e = 1 basename  $dst  Stransf ormbasename  | 
sed  Stransf ormarg ' Stransformbasename 


# don’t  allow  the  sed  command  to  completely 

if  [ x"$dstfile"  = x II 
then 


else 
f i 


dstfi  le=  1 basename  $dst' 
true 


eliminate 


the 


f i l ename 


# Make  a temp  file  name  in  the  proper  directory. 

dsttmp=$dstdir/#inst.$$# 

# Move  or  copy  the  file  name  to  the  temp  name 

$doit  $i nstcmd  $src  Sdsttmp  && 
trap  "rm  -f  Stdsttmp}"  0 && 

# and  set  any  options;  do  chmod  last  to  preserve  setuid  bits 

# If  any  of  these  fait,  we  abort  the  whole  thing.  If  we  want  to 

# ignore  errors  from  any  of  these,  just  make  sure  not  to  ignore 


U errors  from 

the  above  " 

Sdo  i t 

$ i n s t c md 

Ssrc 

Sdsttmp" 

command  . 

i f 

C 

x"$chowncmd" 

! = 

x 

H; 

then 

Sdo  i t 

Schowncmd 

Sdsttmp; 

else 

t r u e ; f i 

SS 

i f 

[ 

x"$chgrpcmd" 

! = 

x 

3; 

then 

$ d o i t 

Schgrpcmd 

Sdsttmp; 

else 

true;fi 

&& 

i f 

C 

x " Sstripcmd" 

! = 

X 

3; 

then 

Sdo  i t 

Sstri pcmd 

Sdsttmp; 

else 

t r u e ; f i 

&& 

i f 

II 

x " Schmodcmd" 

! = 

X 

3; 

then 

$ d o i t 

Schmodcmd 

Sdsttmp; 

else 

t r u e ; f i 

&& 

# Now  rename 

the  file  to 

the 

real 

destination 

$doit  $rmcmd  -f  $ d s t d i r / $d s t f i l e && 
$doit  $mvcmd  Sdsttmp  $d s t d i r / $d s t f i l e 
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f i & & 


exit  0 


- 


' 
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post,  in 

# 

# config/post.in 
tt 

tt  Written  by:  Derek  Atkins  < w a r l o r d a M I T . E D U > and  Colin  Plumb 

tt 

tt  $Id:  post . in,v  1.33.2.1  1996/11/14  04:09:20  cbertsch  Exp  $ 

tt 


tt  Recursively  perform  operations  on  all  POSTSUBDIRS 
all  check  clean  depend  headers  install  very-clean:: 
a i f test  'x$(POSTSUBDIRS)  ' !=  x;  then  \ 

for  i in  $(P0STSUBDIRS)'';  do  \ 

echo  Making  $3  in  $(SUB)$$i  ; \ 

(cd  $ $ i ; $ ( M A K E ) $(MFLAGS)  S U B = $ ( S U B ) $ $ i / 

||  exit  1 ; \ 


done  \ 


else  : ; \ 
f i 


$a ) \ 


tt  Install  all  PUBHDRS  into  the  public  header  directory,  PRIVHDRS  into 
tt  the  private  interface  directory 
headers:  : 

a i f test  1 x$(PUBHDRS)  ' !=  x;  then  \ 

echo  Linking  $(PUBHDRS)  to  public  include  ; \ 
for  i in  $(PUBHDRS)'';  do  \ 

if  $(TEST_L)  $(buildinc)/pgp/$$i;  then  \ 

$ ( R M ) $(buildinc)/pgp/$$i  ; \ 

else  : ; \ 

f i ; \ 

if  test  ! -f  $(buildinc)/pgp/$$i;  then  \ 

$ ( L N_S ) \ 

. ./. .$(dir_suffix)/$(top_srcdir)$(dir_suffix)/$$i  \ 

$(buildinc)/pgp  ; \ 

else  : ; \ 

f i \ 

done  \ 
else  : ; \ 
f i 

a i f test  ' x$ ( PRIVHDRS  ) ' !=  x;  then  \ 

echo  Linking  $(PRIVHDRS)  to  private  include  ; \ 

if  test  ! -d  ../include;  then  mkdir  ../include;  fi;  \ 
for  i in  $(PRIVHDRS)'';  do  \ 

if  SITES  T_L ) . . /i nc  lude/$$i  &&  test  \ 

'(cd  ../include;  pwd)'  !=  \ 

'(cd  $ ( t o p_s r c d i r ) $ ( d i r_s u f f i x ) ; pwd)'; 
$ ( R M ) ../include/$$i  ; \ 
else  : ; \ 

f i ; \ 

if  test  ! -f  . . / i n c l ude  / $$ i ; then  \ 

$(LN_S)  $(top_srcdir)$(dir_suffix)/$$i 
../include  ; \ 

else  : ; \ 

f i \ 

done  \ 
else  : ; \ 
f i 


tt  Install  PUBHDRS,  INSTALLLIBS,  and  INSTALLPROGS  into  the  appropriate 


then  \ 


\ 
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# Locations 
install: : 

if  test 


else  : ; 
f i 

if  test 


else  : ; 
f i 

if  test 


else  : ; 
f i 


' x$(PUBHDRS)  ' !=  x;  then  \ 

if  test  ! -d  $(DESTDIR)$(includedi r) ; then  \ 

mkdir  -p  $(DESTDIR)$(includedir)/pgp;  \ 

f i ; \ 

for  i in  $(PUBHDRS)'';  do  \ 

$(INSTALL)  -m  644  $ ( s r c d i r ) / $ $ i \ 

$(DESTDIR)$(includedi r ) / p g p ; 

done  \ 

\ 

1 x$(INSTALLLIBS) ' !=  x;  then  \ 

if  test  ! -d  $(DESTDIR)$(  libdi r);  then  \ 
mkdir  -p  $ ( D E S T D I R ) $ ( l i b d i r ) ; \ 

f i ; \ 

for  i in  $(INSTALLLIBS)' do  \ 

$(INSTALL)  -m  644  $$i  $ ( D E S T D I R ) $ ( l i bd i r ) ; \ 

done  \ 

\ 

' xS(INSTALLPROGS)  ' !=  x;  then  \ 

if  test  ! -d  $(DESTDIR)$(bindir);  then  \ 
mkdir  -p  $ ( D E S T D I R ) $ ( b i nd i r ) ; \ 

f i ; \ 

for  i in  SCINSTALLPROGS)'';  do  \ 

S(INSTALL)  -m  755  $$i  $(DESTDIR)$(bindir);  \ 

done  \ 

\ 


\ 


ft  Remove  appropriate  things 
clean  do-clean:: 

$(RM)  *.o  *.bak  core  DONE  LIBDONE 


ft  Remove  clean  and  PROG  as  well 
very-clean::  do-clean 
$ ( R M ) $ ( P R 0 G ) 


depend  : : 

a i f test  ’x$(SRCS)'  !=  x;  then  \ 

sed  -e  '/^tttftftf  DO  NOT  DELETE  this  line$$/,$$d’  Makefile  > \ 

Makefile. new  ; \ 

echo  "ft  ft  ft  ft  DO  NOT  DELETE  this  line"  >>  Makefile. new  ; \ 
$(DEPEND)  $(  CFLAGS)  $(SRCS)  >>  Makefile. new  ; \ 

$(MV)  Makefile. new  Makefile  ; \ 
else  : ; \ 
f i 


ft  Compile  library  objects,  OBJS.  Requires  OBJS  and  "all::  DONE" 
DONE::  $(0BJS) 

aif  test  x 1 $(0BJS)  ' = x & & test  - r $3;  then  :;  \ 

else  \ 

(set  -x;  echo  $(0BJS)  > $3)  \ 
f i 

tf  Compile  subdirectories  files,  $(LIBD0NE)  into  LIBDONE.  Requires 
ft  LIBDONE  and  "all::  LIBDONE" 

LIBDONE:  $(LIBD0NE) 
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$ ( rm ) $a 

for  i in  $(LIBD0NE);  do  \ 

j='echo  $$i  | sed  -e  's;/CA/]*$$;;''  ; \ 

sed  -e  "s;A\(CA  ] \ ) ; $$ j / \ 1 ; " -e  "s;  \(CA  D \ ) ; $$j/\1;g"  \ 
< $$i  >>  $3;  \ 

done 


# Compile  program,  PROG 

$ ( P R 0 G ) : $ ( 0 B J S ) $(DEPLIBS)  $ ( L 0 C A L D E P L I B S ) 

$ ( C C ) $(LDFLAGS)  -o  $3  $(0BJS)  $(LIBS)  $(LOCALLIBS) 

# Build  a library,  LIBTARGET,  based  on  LIBTDEPS . Requires  LIBTDEPS  be 
U either  DONE  or  LIBDONE 

$( LIBTARGET) : $(LIBTDEPS) 

$ ( RM ) $a 

$ ( A R ) cru  $3  'cat  $(LIBTDEPS)‘ 

$(RANLIB)  $3 
$( RM)  . . /$a 

$(LN_S)  . . $ ( d i r_s u f f i x ) / $ 3 ../ 

tt  GNU  make  feature:  If  there's  an  error  building  a target,  remove  it 
.DELETE  ON  ERROR: 
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pre.in 

ft 

ft  config/pre.in 

ft 

ft  Written  by:  Derek  Atkins  < wa  r l o rd  3M I T . E D U>  and  Colin  Plumb 

ft 

ft  Sid:  pre . i n,v  1.30.2.1  1996/11/14  04:09:20  cbertsch  Exp  $ 

ft 

SHELL=/bi n/sh 
.SUFFIXES: 

.SUFFIXES:  .c  .h  .o 

prefix=3prefixa 
exec_pref i x=3exec_pref i x3 

includedi r=$(pref ix)/include 
mandi r=$(prefix)/man 
bindi r=$(exec_prefix)/bin 
libdir  = $(exe  c_p  refix)/lib 

VPATH=asrcdi r3 

srcdi r=asrcdi r a 

top_srcdi r=atop_srcdi r3 

t o p_bu i Iddi r = atop_bui  Iddi r3 

bui  ldinc  = $(to p_b ui  Iddi r)/include 

bui ldlib  = $(to p_b ui  lddir)/lib 

di r_suftix=adi r_suffix3 

DESTD  I R = 

L N_S  = a L n_s  a 
INSTALL=aiNSTALLa 
RANLIB=aRANLIBa 
T E S T_L  = 3 T E S T_L3 

cc=acca 

RM  = rm  -f 
M V=m v - f 
0 PT=  aCFLAGSa 
0SDEF=-DUNIX=1 
C C 0 P T S = 

DEFINES=-D0LDTRUST=1  -DDEBUG=1  - D U N F I N I S H E D_C 0 D E_A L L 0 W E D = 1 
LOCALDE  FINES  = 

C F L A G S = $ ( 0 P T ) $(0SDEF)  aCPPFLAGSa  BWARNa  3 D E F S 3 $(DEFINES)  $ ( L 0 C A L D E F I N E S ) \ 
- 1 $ ( t o p_bu i l dd i r ) -IS(buildinc)  -I.. /include  -IS(srcdir)  \ 
$(LOCALINCLUDES)  $(CC0PTS) 

LDFLAGS  = aLDFLAGSa  - L $ ( b u i l d l i b ) 

L I B P R E = lib 
L I B E X T=  a 

ft 

ft  due  to  how  post. in  works,  some  systems,  like  AIX,  require  PROG 
ft  to  be  set  to  something  real.  This  is  here  in  case  it  isn't  set 
ft  in  the  Makefile. in,  so  make  wont  complain! 

PR0G=ai x-and-pai ns 
LIBTARGET=ai x-and-pai ns2 

DEPEND=3DEPENDa 
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SRCS=${OBJS:%.o=$(srcdir)/%.c> 

T T Y U I = $(LIBPRE)pgptty.$(LIBEXT) 

LIBTTYUI=  -Ipgptty 

DEPTTYUI=  $ ( bui  L d L i b) /$ ( TTYUI  ) 

P G P L I B = $ ( LIBPRE ) pgp . $ ( LIBEXT) 

L I B P G P = - L pgp 

DEPLIBPGP=  $ ( bui Ld l i b) /$ ( PGPLIB) 

BN  L I B=  $( LIBPRE ) bn .$( LIBEXT  ) 

L I BBN=  -Lbn 

DEPLIBBN=  $ ( bui  l d L i b ) /$ ( BNLIB  ) 

L I B S = $(LIBTTYUI ) $(LIBPGP)  $(LIBBN)  -Lm  3LIBS3 

DEPLIBS=  $(DEPTTYUI)  S(DEPLIBPGP)  $(DEPLIBBN) 


alt:: 


# Recursively  perform  operations  on  all  SUBDIRS 
all  check  clean  depend  headers  install  very-clean:: 

3 i f test  ' x$(SUBDIRS)  1 !=  x;  then  \ 

for  i in  $(SUBDIRS)  ' ' ; do  \ 

echo  Making  $3  in  $(SUB)$$i  ; \ 

(cd  $ $ i ; $ ( M A K E ) $(MFLAGS)  SUB  = $(SUB)$$ 

||  exit  1 ; \ 


done  \ 


else  : ; \ 
f i 


/ $a ) 


\ 
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config_win32.h 

/*  config.h.  Generated  automatically  by  configure.  */ 

/ * 

* config.h  --  Configuration  for  PGPlib.  This  file  contains 

* the  configuration  information  for  PGP,  and  it  should  be 

* included  in  all  PGP  source  files. 

*/ 


/ * Define  to  empty  if  the  compiler  does  not  support  'const'  variables.  * / 
/ * # u nd e f const  * / 

/*  Define  to  'long'  if  < s y s / t y p e s . h > doesn't  define.  */ 

/ * //undef  o f f _t  * / 

/*  Define  to  'unsigned'  if  < s y s / t y p e s . h > doesn't  define.  */ 

/ * #undef  size  t * / 


/*  Define  if  you  have  the  ANSI  C header  files.  */ 
//define  STDC  HEADERS  1 


/ * Checks  for  various  specific  header  files  * / 

//define  H A V E_F  C N T L_H  1 

//define  H A V E_L  I M I T S_H  1 

//define  H A V E_S  T D A R G_H  1 

//define  H A V E_S  T D L I B_H  1 

//undef  H A V E_U  NIST  D_H 

//undef  H A V E_S  Y S_I  0 C T L_H 

Z/undef  H A V E_S  Y S_T  I M E_H 

//define  H A V E_S  Y S_T  I M E B_H  1 

//undef  HAVE  SYS  PARAM  H 


/*  Check  if  <sys/time.h>  is  broken  and  //includes  <time.h>  wrong  */ 
//undef  TIME  WITH  SYS  TIME 


/*  Checks  for  various  functions  */ 

//define  H A V E_G  E T H R T I M E 0 
//define  H A V E_C  LO  C K_G  E TT  I M E 0 
//define  H A V E_C  LO  C K_G  E T R E S 0 
//define  H A V E_G  E T T I M E 0 F D A Y 0 
//define  H A V E_G  E T I T I M E R 0 
//define  H A V E_S  E T I T I M E R 0 
//define  H A V E_F  T I M E 1 

/*  Define  "UNIX"  if  we  are  on  UNIX  and  "UNIX"  is  not  already  defined  */ 

//if  de  f i ned  ( un  i x ) ||  definedl unix)  ||  defined  ( unix ) 

//ifndef  UNIX 
//define  UNIX  1 
//  e nd  i f 
U e n d i f 


//if 
ft  d e f 
# d e f 
ft  d e f 
#def 
#def 


(_MSC_VER>  = 1 000 ) &&  defined (_W I N3  2 ) 

ine  _P0SIX_  1 

ine  pclose  _p close 

ine  popen  _popen 

ine  strcasecmp  stricmp 

ine  strncasecmp  strnicmp 


ft  end  i f 
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configure 

ft  \ / b i n / s h 

ft  Guess  values  for  system-dependent  variables  and  create  Makefiles. 

ft  Generated  automatically  using  autoconf  version  2.10 

ft  Copyright  (C)  1992,  93,  94,  95,  96  Free  Software  Foundation,  Inc. 

ft 

ft  This  configure  script  is  free  software;  the  Free  Software  Foundation 
ft  gives  unlimited  permission  to  copy,  distribute  and  modify  it. 

ft  Defaults: 
a c_h  e l p = 

ac_def au lt_pref i x = /usr/  local 
ft  Any  additions  from  c o n f i g u r e . i n : 

ff  Initialize  some  variables  set  by  options. 

ft  The  variables  have  the  same  names  as  the  options,  with 

ft  dashes  changed  to  underlines. 

bui  l d = N 0 N E 

cache_fi  le=./config. cache 

e x e c_p  refix  = N0NE 

host =N ONE 

no_c  r e a t e = 

nonopt=N0NE 

n o_r  ecursi on- 

prefix=N0NE 

progra m_p  refix  = N0NE 

progra m_s  uffix=N0NE 

progra  m_transf o rm_na me  = s , x , x , 

si  l e n t = 

s i t e = 

s r c d i r = 

target=NONE 

verbose^ 

x_i nc ludes=N0NE 

x_libraries=NONE 

bindi r = ' $(exec_pref i x}/bi n ' 

sbindir='${exec_prefix}/sbin' 

libexecdir='$lexe c_p  refixT/libexec' 

datadir='${prefix}/share' 

sysconfdi r= ' ${prefix)/etc  ' 

sharedstatedir='${prefix}/com' 

localstatedi r = 1 $(prefix)/var ' 

libdir='$Cexe  c_p  refixJ/lib' 

includedir='${prefix>/include' 

oldincludedi r=' /usr/ include' 

infodir='${prefix>/info' 

mandi r = 1 $Cprefix>/man 1 

ft  Initialize  some  other  variables, 
s u bd i r s = 

M F L A G S = MAKEFLAGS  = 

a c_p  r e v = 

for  a c_o  p t i o n 

do 

ft  If  the  previous  option  needs  an  argument,  assign  it. 
if  test  -n  "Sac_prev";  then 
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eval  " $ a c_p r e v= \ $ a c_o p t i on " 
a c_p  r e v = 
continue 
f i 

case  "$ac_option"  in 

-*=*)  ac_optarg= ' echo  "$ac_opti on"  | sed  ' s / C -_a-z A-Z 0-9 3 *= / / ' 1 ;; 

*)  ac_optarg=  ;; 
e s a c 

# Accept  the  important  Cygnus  configure  options,  so  we  can  diagnose  typos, 
case  "$ac_option"  in 

-bindir  | --bindir  | --bindi  | --bind  | --bin  | --bi) 

ac_prev=bi ndi r ;; 

- b i n d i r = * | --bindir=*  | - - b i n d i = * | - - b i n d = * | — b i n = * | — b i = * ) 
b i nd i r- " $a c_o p t a r g " ;; 

-build  | --build  | --buil  | --bui  | --bu) 

a c_p  rev  = build  ;; 

-build=*  | --build=*  | --buil=*  | --bui=*  | --bu=*) 

bu i l d = " $ a c_o p t a r g " ;; 

-cache-file  | --cache-file  | --cache-fil  | --cache-fi  \ 

| — cache-f  | --cache-  | --cache  | --each  | — cac  | — ca  | -- c ) 

a c_p r e v= c a c h e_f i l e ;; 

-cache-f i l e = * | --ca c he-f i l e = * | -- c a c h e - f i l =*  | --cache-fi=*  \ 

| — cache-f=*  | — cache-=*  | — cache=*  | --cach=*  | — cac=*  | — ca=*  | --c=*) 
c a c h e_f i l e = " $ a c_o p t a r g " ;; 

-datadir  | --datadir  | --datadi  | --datad  | --data  | --dat  | --da) 

a c_p r e v = d a t a d i r ;; 

-datadir=*  | --datadir=*  | --datadi=*  | --datad=*  | — data=*  | --dat=*  \ 

| --da  = * ) 

datadi r="$ac_optarg"  ;; 

-disable-*  | --disable-*) 

ac_feature=' echo  $a c_o p t i o n | s ed  -e  ' s / -*d i s a b l e- / / ' ' 

# Reject  names  that  are  not  valid  shell  variable  names. 

if  test  -n  "'echo  $ac_f eature ( sed  ' s / H-a-z A-Z0-9_II / /g 1 ' " ; then 

{ echo  "configure:  error:  $ac_feature:  invalid  feature  name"  1 > S 2 

exit  1 ; > 

f i 

ac_feature=' echo  $ac_f eature | sed  ' s / — / / g ' ' 

eval  " e n a b l e_$ { a c_f e a t u r e > =no " ;; 

-enable-*  | --enable-*) 

a c_f e a t u r e = ' e c h o $a c_opt i on | s ed  -e  1 s / -* e n a b l e- / / ' -e  ' s / = .*//  ' ' 

# Reject  names  that  are  not  valid  shell  variable  names. 

if  test  -n  "'echo  $ac_f eature | sed  ' s / C-_a-z A-Z0-9D / / g 1 1 " ; then 

{ echo  "configure:  error:  $ac_f eature : invalid  feature  name"  1>&2 
exit  1 ; > 
f i 

ac_f eature= ' echo  $ac_f eature | sed  ' s / — / / g ' ' 

case  "$ac_option"  in 
* = * ) ; ; 

*)  a c_o p t a r g =y e s ;; 
e s a c 
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eval  " e n a b L e_$ { a c_f e a t u r e > = 1 $ a c_op t a r g 1 " ;; 

-exec-pref i x | --exec_pref i x | — exec-prefix  | — exec-pref i \ 

| --exec-pref  | --exec-pre  | --exec-pr  | --exec-p  | --exec-  \ 

| --exec  | — exe  | --ex) 

ac_prev=exec_pref ix  ;; 

-e x e c -p r e f i x =*  | --e x e c_p r e f i x =*  | --exec-pref ix=*  | --exec-pref i=*  \ 

| --exec-pref =*  | --exec-pre=*  | --exec-pr^*  | --exec-p=*  | --exec-=*  \ 
| --exec=*  | --exe  = * | —ex  = *) 

e x e c_p r e f i x = " $ a c_o p t a r g " ;; 

-gas  | --gas  | — ga  | --g) 

# Obsolete;  use  --with-gas. 
with_gas=yes  ;; 


-help  | --help  | --hel  | --he) 

# Omit  some  internal  or  obsolete 

# This  message  is  too  long  to  be 
cat  <<  EOF 

Usage:  configure  [options]  [host] 
Options:  [defaults  in  brackets  after 
Configuration: 

--cache-fi le=FILE 
--help 
— no-create 
--quiet,  --silent 
— ve rsion 

Directory  and  file  names 
— prefix=PREFIX 


options  to  make 
a string  in  the 


descriptions] 


the  list 
A/UX  3.1 


less 
s h . 


i mpos l ng 


cache 
print 
d o 
d o 


test 

this 


results 

message 


in  FILE 


not  create  output  files 
not  print  \ 1 c h e c k i n g . . . 


messages 


print  the  version  of  autoconf  that  created  configure 


files  in  PREFIX 


--exec-prefix=EPREFIX 

--bindir=DIR 
--sbindi r=DIR 
--libexecdir=DIR 
--datadi r=DIR 

--sysconfdi r = D I R 
--sharedstatedi r=DIR 

--localstatedi r=DIR 
— libdi r = DIR 
— includedir=DIR 
--oldincludedir=DIR 
--infodir=DIR 
--mandi r = D I R 
--srcdi r=DIR 


in  EPREFIX 


--program-prefix=PREFIX 
--program-suffix=SUFFIX 
--program-transform-name=PROGRAM 

run  sed  PROGRAM 


install  architecture-independent 
[ $ a c_d  e f a u l t_p refix] 

install  architecture-dependent  files 
[same  as  prefix] 

user  executables  in  DIR  [ E P R E F I X / b i n ] 
system  admin  executables  in  DIR  [ E P R E F I X / s b i n ] 
program  executables  in  DIR  [ E P R E F I X / l i b e x e c ] 
read-only  architecture-independent  data  in  DIR 
[PREFIX  / share] 

read-only  single-machine  data  in  DIR  [PREFIX/etc] 
modifiable  a r c h i t e c t u r e- i nd e pe nd e n t data  in  DIR 
[PREFIX/com] 

modifiable  s i n g l e -m a c h i n e data  in  DIR  [PREFIX/var] 
object  code  libraries  in  DIR  [ E P R E F I X / l i b ] 

C header  files  in  DIR  [ P R E F I X / i n c l ud e ] 

C header  files  for  non-gcc  in  DIR  [/usr/include] 
info  documentation  in  DIR  [ P R E F I X / i n f o ] 
man  documentation  in  DIR  [PREFIX/man] 
find  the  sources  in  DIR  [configure  dir  or  ..] 
prepend  PREFIX  to  installed  program  names 
append  SUFFIX  to  installed  program  names 


on  installed  program  names 


EOF 

cat  < < 
Host  type: 


EOF 


--bui  ld  = BUILD 

configure 

for 

— host  = H0ST 

configure 

for 

--target=TARGET 

configure 

for 

Features  and  packages: 
--di sab l e-FEATURE 

do  not  i nc 

l ude 

building  on  BUILD  [BUILD=HOST] 

HOST  [guessed] 

TARGET  [TARGET=HOST] 

FEATURE  (same  as  --e n a b l e - F E AT U R E =n o ) 
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— enable-FEATURE[=ARG] 
— wi th-PACKAGEC=ARG: 

— w i thout-PACKAGE 
— x — i nc ludes  = DIR 
--x-Libraries=DIR 
EOF 

if  test  -n  "$ac_he Ip" 
echo  "--enable  and 
f i 

exit  0 ; ; 


include  FEATURE  [ARG=yesH 
use  PACKAGE  CARG=yes] 

do  not  use  PACKAGE  (same  as  --w i t h-PACKAGE=no ) 
X include  files  are  in  DIR 
X library  files  are  in  DIR 

; then 

--with  options  recognized:$ac_help" 


-host  | --host  | --hos  | --ho) 

a c_p  rev  = host  ;; 

-host=*  | --host=*  | --hos=*  | --ho=*) 

h o s t = " $a c_op t a r g " ;; 


-includedir  | --includedir  | --included i | --included  | --include  \ 

| --includ  | — inclu  | --incl  | — inc) 
a c_p r e v = i n c l ud e d i r ;; 

- i n c l u d e d i r = * | — includedir=*  | — includedi=*  | — included=*  | — include  = * \ 
| --includ  = * | --i nc  lu  = * | — incl=*  | — i n c = * ) 

i n c l u d e d i r = " $ a c_o p t a r g " ;; 


-infodir  | --infodir  | --infodi  | --infod  | --info  | --inf) 
ac_prev=i nf odi r ;; 

-infodir  = * | --infodi r=*  | --infodi=*  | --infod=*  | - - i n f o = * | --inf  = *) 

infodi r="$ac_optarg"  ; 

-libdir  | — libdir  | -- 1 

a c_p r e v= l i bd i r ;; 

-libdir^*  | — libdir  = * | 

l i bd i r= " $a c_o p t a r g " ;; 

-libexecdir  | --libexecdir  | --libexecdi  | --libexecd  | --libexec  \ 

| --libexe  | --libex  | --libe) 
ac_prev=l i bexecdi r ;; 

- I i bexe cd i r = * | -- l i be x e c d i r = * | -- l i b e x e c d i =*  | --libexecd  = * | --libexec  = * \ 

| --libexe=*  | --libex=*  | --libe=*) 

libexecdi r="$ac_optarg"  ;; 


ibdi  | --  l i bd ) 

— libdi=*  | — l i bd  = *) 


-loca  Istatedi r | -- l o c a l s t a t e d i r | -- l o c a l s t a t e d i | -- l o c a l s t a t ed  \ 

| — localstate  | — localstat  | — localsta  | — localst  \ 

| --locals  | --local  | --loca  | — loc  | --lo) 
ac_prev=localstatedir  ;; 

- I o c a l s t a t ed i r = * | -- l o c a l s t a t ed i r = * | -- l o c a l s t a t ed i =*  | --loca  lstated  = * \ 

| -- l o c a l s t a t e = * | -- l o c a l s t a t = * | --loca  lsta=*  | --loca  lst  = * \ 

| --locals  = * | --local=*  | --loca=*  | --loc  = * | — l o = * ) 

localstatedir  = "$a c_o  p t a r g " ; ; 

-mandir  | --mandir  | --mandi  | --mand  | --man  | --ma  | --m) 
a c_p r e v=ma n d i r ;; 

-mandi r=*  | --mandi r=*  | --mandi=*  | --mand=*  | — man=*  | --ma=*  | --m=*) 

mandi r="$ac_optarg"  ;; 


-nfp  | --nfp  | --nf) 

# Obsolete;  use  -- w i t h ou t - f p . 
w i t h_f  p = n o ; ; 

-no-create  | --no-create  | --no-creat  | — no-crea  | --no-cre  \ 
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| — no-c r | — no-c  ) 
n o_c r e a t e=y e s ;; 

-no-recursion  | --no-recursion  | --no-recursi o | --no-recursi  \ 

| --no-recurs  | --no-recur  | — no-recu  | — no-rec  | --no-re  | — no-r) 

no_recursion=yes  ;; 

-o L d i n c L ud e d i r | --o L d i n c L ud ed i r | --o L d i n c L uded i | --o L d i nc l uded  \ 

| --oldinclude  | --oldinclud  | --oldinclu  | --oldincl  | --oldinc  \ 

| --oldin  | --oldi  | --old  | — o l | -- o ) 

ac_prev=oldincludedi r ;; 

-o l d i n c L ud ed i r =*  | -- o l d i n c L u d e d i r = * | -- o L d i n c L u d e d i =*  | --o  l d i n c l ud ed  = * \ 

| --o 1 d i n c l ud e=*  | --o l d i n c l ud=*  | --oldinclu=*  | --oldincl=*  | --oldinc  = * \ 

| --oldin=*  | — o l d i = * | --old=*  | — ol=*  | — o = *) 

oldincludedir  = "$a  c_o  p t a r g " ; ; 

-prefix  | --prefix  | --prefi  | --pref 
a c_p r e v = p r e f i x ;; 

-prefix=*  | --prefix=*  | --prefi=*  | 

pref i x="$ac_optarg"  ;; 

-program-prefix  | -- p r o g r a m- p r e f i x | --program-pref i | --program-pref  \ 

| --program-pre  | --program-pr  | --program-p) 
a c_p r e v= p r o g r a m_p r e f i x ;; 

-program-pref ix=*  | --program-pref ix=*  | --program-pref i=*  \ 

| —program-pref =*  | -- p r o g r a m- p r e = * | --program-pr=*  | --p rog ram-p=* ) 
progra m_p  ref i x = "$a c_o  p t a r g " ; ; 

-program-suffix  | --program-suffix  | -- p r o g r a m- s u f f i | --program-suf f \ 

| --program-suf  | --program-su  | --program-s) 
a c_p  r e v = p r o g r a m_s u f f i x ;; 

-program-suf fix=*  | --program-suff ix=*  | -- p r o g r a m- s u f f i =*  \ 

| --program-suf f=*  | --program-suf =*  | -- p r o g r a m- s u = * | -- p r o g r a m- s = * ) 
progra  m_s  uffix  = "$a  c_o  p t a r g " ; ; 

-program-transform-name  | — program-transform-name  \ 

| — program-transf orm-nam  | --program-transf orm-na  \ 

| — program-transform-n  | --program-transform-  \ 

| --program-transform  | --program-transfor  \ 

| --program-transf o | --program-transf  \ 

| — program-trans  | --program-t ran  \ 

| --progr-tra  | --program-tr  | --program-t) 
a c_p  rev  = progra  m_t r a n s f o r m_n a me  ; ; 

- p r og r am- t r a n s f o rm-n a m e =*  | --p r o g r a m- t r a n s f o r m-na me=*  \ 

| -- p r og r a m- t r a n s f o rm-n a m=*  | —program-transf orm-na=*  \ 

| -- p r og r a m- t r a n s f o rm-n=*  | --program-transform-^*  \ 

| --program-transf orm=*  | --program-transf or=*  \ 

| --p r og r a m- t r a n s f o=*  | --program-transf=*  \ 

| — p r o g r a m- t r a n s = * | — program-tran=*  \ 

| --progr-tra=*  | --prog ram-t r=*  | --p r og r am- t =* ) 

progra m_transfo  rm_n  ame  = "$ac_optarg"  ;; 

-q  | -quiet  | --quiet  | --quie  | --qui  | — qu  | --q  \ 

| -silent  | --silent  | --silen  | --sile  | — si l ) 
silent=yes  ;; 

-sbindir  | --sbindir  | --sbindi  | --sbind  | --sbin  | --sbi  | --sb) 

a c_p r e v= s b i n d i r ;; 

-sbindir=*  | --sbindir=*  | --sbindi=*  | --sbind=*  | -~sbin=*  \ 


| — pre  | — pr  | — p) 

--pref  = * | — pre  = * | — p r = * | — p = * ) 
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| -- s b i =*  | --sb=*) 

s b i nd  i r = " $a c_o p t a r g " ;; 

-sha  redstatedi r | --sharedstatedi r | -- s h a r ed s t a t e d i \ 

| --sharedstated  | --sharedstate  | --sharedstat  | — sharedsta  \ 

| --sharedst  | --shareds  | --shared  | --share  | — shar  \ 

| --sha  | — s h ) 

ac_prev  = sharedstatedi  r ;; 

-s h a r e d s t a t e d i r = * | --sharedstatedi r=*  | -- s h a r ed s t a t ed i =*  \ 

| --sharedstatedi*  | -- s h a r e d s t a t e=*  | --s h a r ed s t a t =*  | -- s h a r ed s t a =*  \ 

| -~sharedst=*  | --shareds=*  | --shared^*  | --share=*  | --shar=*  \ 

| -- s h a = * | — s h = * ) 

sharedstatedi r = " $ a c_op  t a r g " ; ; 

-site  | --site  | --sit) 
a c_p  rev  = site  ;; 

-site  = * | — st'te  = * | — si  t = * ) 
si  te  = "$ac_optarg"  ;; 

-srcdir  | --srcdir  | --srcdi  | --srcd  | — src  | — s r ) 

ac_prev=srcdi r ;; 

-srcdi r=*  | --srcdi r=*  | --srcdi=*  | --srcd=*  | — src=*  | — sr=*) 

srcdi r="$ac_optarg"  ;; 

-sysconfdir  | — sysconfdi r | --syscontdi  | --sysconf d | — sysconf  \ 

| --syscon  | --sysco  | --sysc  | — sys  | — sy) 
ac_previsyscontdi r ;; 

-sysconfdi r = * | --sysconfdi  r = * | --s y s c on f d i = * | --sysconf d = * | --sysconf  = * \ 

| --syscon=*  | --sysco=*  | --sysc=*  | --sys=*  | — sy=*) 

sysconfdi  r = "$ac_optarg"  ;; 

-target  | --target  | --targe  | --targ  | --tar  | --ta  | -- 1 ) 

ac_prev=target  ;; 

-target^*  | --target  = * | --targe  = * | --targ  = * | —tar  = * | -- 1 a = * | --t  = *) 

t a r g e t = " $ a c_op t a r g " ;; 

-v  | -verbose  | --verbose  | — verbos  | — verbo  | --verb) 

verbose=yes  ;; 

-version  | --version  | — versio  | --versi  | --vers) 

echo  "configure  generated  by  autoconf  version  2.10" 

exit  0 ; ; 

-with-*  | --with-*) 

ac_package= 'echo  $a c_o p t i o n | S e d -e  ' s / -* w i t h- / / ' -e  ' s /=.*//  ' ' 

# Reject  names  that  are  not  valid  shell  variable  names. 

if  test  -n  "'echo  $ac_package|  sed  ' s / C-_a- z A-Z 0-9 ] / / g ' ' " ; then 

{ echo  "configure:  error:  $ac_package:  invalid  package  name"  1>&2 

exit  1 ; > 

f i 

ac_package= ' echo  $ac_package|  sed  ' s / — / / g ' ' 

case  "$ac_option"  in 
* = * ) ; ; 

*)  ac_optarg=yes  ;; 
e s a c 

eval  "wit  h_$  f a c_pa  ckage>='$a  c_op  t arg 1 " ;; 

-without-*  | --without-*) 

ac_package= ' echo  $ a c_o p t i o n | s e d -e  ' s / -* w i t h o u t - / / ' ' 
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ft  Reject  names  that  are  not  valid  shell  variable  names, 
if  test  -n  "'echo  $ac_package|  sed  ' s / C-a-z A-Z0-9_3 / /g ' ' " ; then 
f echo  "configure:  error:  $ac_package : invalid  package  name" 
exit  1 ; > 
f i 

ac_package= ' echo  $ac_package|  sed  ' s / — / / g ' ' 

eval  " w i t h_$ { a c_pa c k a g e } = n o " ;; 

— x ) 

ft  Obsolete;  use  --with-x. 
w i t h_x  = y e s ; ; 

-x- includes  | --x-includes  | --x-include  | --x-includ  | — x-inclu 
| --x-incl  | — x-inc  | — x-in  | --x-i) 

ac_prev=x_i nc ludes  ;; 

-x-includes=*  | --x-i nc  ludes  = * | --x-inc  lude  = * | --x-includ=*  | - 

| — x-incl  = * | --x-inc=*  | --x-in  = * | — x - i = * ) 
x_i n c l ud e s = " $ a c_o p t a r g " ;; 

-x-l i brari es  | --x- l i b r a r i e s | 

| --x-librar  | --x-libra  | - - x 
ac_prev=x_libraries  ;; 

-x-libraries^*  | --x- l i bra r i es 

| — x-l i brar=*  | — x-libra=*  | 

x_l i brari es="$ac_optarg"  ;; 

-*)  f echo  "configure:  error:  $ac_option:  invalid  option;"  \ 

"use  --help  to  show  usage"  1>&2;  exit  1;  > 

r r 


— x-librarie  | — x-librari  \ 

-libr  | — x - l i b | — x - l i | --x-l) 

= * | --x- l i bra r i e = * | --x- l i b ra r i = * 

--x-  l i b r = * | -~x-  l i b = * | --x-li=* 


if  test  -n  "'echo  $ac_option|  sed  ' s / C-a-zO-9 . ] / / g ' ' " ; then 

echo  "configure:  warning:  $ac_option:  invalid  host  type”  1>&2 
f i 

if  test  "x$nonopt"  !=  xNONE;  then 

■C  echo  "configure:  error:  can  only  configure  for  one  host  and 
"target  at  a time"  1 > & 2 ; exit  1;  > 
f i 

nonopt  = "$a  c_op  t ion" 

/ r 


e s a c 
done 

if  test  -n  "$ac_prev";  then 

{ echo  "configure:  error:  missing  argument  to"  \ 

"--'echo  $ac_prev  | sed  's/_/-/g''"  1 > & 2 ; exit  1;  > 
f i 

trap  ' rm  -fr  conftest*  confdefs*  core  core.*  *.core  $ a c_c l e a n_f i l e s 
1 2 15 

ft  File  descriptor  usage: 
ft  0 standard  input 
# 1 file  creation 
ft  2 errors  and  warnings 

ft  3 some  systems  may  open  it  to  /dev/tty 

ft  4 used  on  the  Kubota  Titan 

ft  6 checking  for...  messages  and  results 


1 > & 2 


\ 


-x-inclu=*  \ 


\ 

| — x - l = * ) 


one"  \ 


; exit  1 ' \ 
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# 5 compiler  messages  saved  in  config.log 
if  test  "Ssilent"  = yes;  then 
exec  6>/dev/null 
else 

exec  6>&1 
f i 

exec  5 > . / c o n f i g . I o g 
echo  " \ 

This  file  contains  any  messages  produced  by  compilers  while 
running  configure,  to  aid  debugging  if  configure  makes  a mistake. 
" 1 > & 5 


# Strip  out  --no-create  and  --no-recursion  so  they  do  not  pile  up. 

# Also  quote  any  args  containing  shell  metacharacters. 
ac_configure_args= 

for  a c_a  r g 
do 

case  " $ a c_a  rg " in 

-no-create  | --no-create  | — no-creat  | --no-crea  | — no-cre  \ 

| — no-cr  | — no-c)  ; ; 

-no-recursion  | — no-recursion  | — no-recursi o | — no-recursi  \ 

| — no-recurs  | — no-recur  | — no-recu  | --no-rec  | --no-re  | — no-r)  ;; 

*"  "*|*"  "*i*[;\i:\:\~\#\$\a\s\*\(\)\{\>\\\|\;\<\>\?:*) 

a c_c on f i gu r e_a rg s = " $a c_c  on f i gu r e_a  r g s '$ac_arg'"  ;; 

*)  ac_conf i gure_args="$ac_conf i gure_args  $ac_arg"  ;; 
e s a c 
done 


ft  NLS  nuisances. 

ft  Only  set  LANG  and  LC_ALL  to  C if  already  set. 

ft  These  must  not  be  set  unconditionally  because  not  all  systems  understand 
ft  e.g.  L A N G = C (notably  SCO). 

if  test  "$CLC_ALL+set}"  = set;  then  LC_ALL=C;  export  LC_ALL;  fi 
if  test  "${LANG  + set>"  = set;  then  L A N G = C ; export  LANG;  fi 

ft  confdefs.h  avoids  OS  command  line  length  limits  that  DEFS  can  exceed, 
rm  -rf  conftest*  confdefs.h 

tf  AIX  cpp  loses  on  an  empty  file,  so  make  sure  it  contains  at  least  a newline, 
echo  > confdefs.h 


ft  A filename  unique  to  this  package,  relative  to  the  directory  that 
tf  configure  is  in,  which  we  can  look  for  to  find  out  if  srcdir  is  correct. 
ac_unique_fi le=lib/pgp/pipe/uti Is/pipeline.h 

ft  Find  the  source  files,  if  location  was  not  specified, 
if  test  -z  " $ s r c d i r " ; then 
a c_s  r cd i r_de  faulted  = yes 

tf  Try  the  directory  containing  this  script,  then  its  parent, 
a c_p  r o g = $ 0 

ac_conf di r= ' echo  $ac_prog|sed  ' s /! C A /]  C A /□*$%% ' ' 
test  " x $ a c_c o n f d i r " = "x$ac_prog"  &&  ac_confdir=. 
srcdi r=$ac_confdi r 

if  test  ! -r  Ssrcdi r/$ac_unique_f i le;  then 
s r c d i r = . . 
f i 
else 

a c_s  r c d i r_d  efaulted  = no 
f i 
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if  test  ! -r  $ s r c d i r / $ a c_u n i q u e_f i L e ; then 
if  test  "$ac_srcdi r_def aulted"  = yes;  then 

{ echo  "configure:  error:  can  not  find  sources  in  $ac_confdir  or  1>&2 

exit  1 ; > 

else 

{ echo  "configure:  error:  can  not  find  sources  in  Ssrcdir"  1>&2;  exit  1;  > 
f i 
f i 

srcdi r= ' echo  "Slsrcdi r}"  | sed  ' s / \ ( C A / ] \ ) / * $ % \ 1 % ' ' 

# Prefer  explicitly  selected  file  to  automatically  selected  ones, 
if  test  -z  " $ C 0 N F I G_S I T E " ; then 

if  test  "xSprefix"  !=  xNONE;  then 

CONFIG_SITE="$prefix/share/config.site  $prefix/etc/config.site" 
else 

CONFIG_SITE  = "$a  c_d  efault_prefix/share/config  . si  te" 

CON  F IG_S ITE  = " SCON  F IG_SITE  $a  c_d  e f a u l t_pref i x/etc/config.site" 
f i 
f i 

for  ac_site_file  in  $ C 0 N F I G_S I T E ; do 
if  test  -r  " $ a c_s i t e_f i l e " ; then 

echo  "loading  site  script  $a c_s i t e_f i l e " 

. " $ a c_s i t e_f i l e " 

f i 
done 

if  test  -r  " $ c a c h e_f i l e " ; then 

echo  "loading  cache  $cache_file" 

. $ c a c h e_f i l e 
else 

echo  "creating  cache  $cache_file" 

> $ c a c h e_f i l e 
f i 

a c_e  x t = c 

# CFLAGS  is  not  in  ac_cpp  because  -g,  -0,  etc.  are  not  valid  cpp  options, 
a c_c  p p= ' $ C P P SCPPFLAGS  ' 

a c_c omp i l e = ' $ { C C - c c > -c  SCFLAGS  SCPPFLAGS  conf test . $ac_ext  1 > & 5 ' 
a c_l  i n k=  ' $ -C  C C- c c } -o  conftest  SCFLAGS  SCPPFLAGS  SLDFLAGS  conf  test  . $ac_ext  ' 
a c_l i n k = " Sa c_l i n k " ' SLIBS  1 > & 5 1 

if  (echo  "testing\c";  echo  1,2,3)  | grep  c >/dev/null;  then 

# Stardent  Vistra  SVR4  grep  lacks  -e,  says  ghaziacaip.rutgers.edu. 
if  (echo  -n  testing;  echo  1,2,3)  | sed  s/-n/xn/  | grep  xn  >/dev/null;  then 

a c_n=  a c_c= ' 

' a c t = ' ' 

else 

ac_n=-n  ac_c=  ac_t= 
f i 
else 

ac_n=  ac_c='\c'  ac_t= 
f i 


a c_a  ux_d i r = 

for  ac_dir  in  config  Ssrcdir/config;  do 
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if  test  -f  $ a c_d i r / i n s t a l l - s h ; then 
ac_aux_di r=$ac_di r 

ac_i nsta  L L_sh  = "$ac_au  x_d ir/install-sh  -c" 
break 

elif  test  -f  $ a c_d i r / i n s t a L L . s h ; then 
a c_a  ux_d i r = $ a c_d i r 

ac_i nsta  L l_sh  = "$ac_au  x_d ir/install.sh  -c" 
break 
f i 
done 

if  test  -z  " $ a c_a u x_d i r " ; then 

{ echo  "configure:  error:  can  not  find  install-sh  or"  \ 

" install. sh  in  config  Ssrcdir/config"  1>&2;  exit  1;  > 
f i 

a c_c  o n f i g_g  uess  = $ac_au  x_d i r/config. guess 
ac_conf i g_sub=$ac_aux_di r/conf i g . sub 

ac_conf igure=$ac_aux_di r/conf igure  # This  should  be  Cygnus  configure. 


# Find  a compiler  to  use. 

# Check  1)  The  $CC  environment  varaible,  2)  gcc,  3)  acc,  and  4)  cc. 

# This  deals  with  brain-damaged  Sun  systems  that  place  a bogus  cc  or 

# acc  executable  in  the  SPATH,  which  just  prints  an  error  and  exit. 

# We  deal  with  this  by  actually  trying  to  compile  a trivial  test  program, 
if  eval  "test  \" ' echo  ' $ ' ' { ' ac_cv_prog_CC 1 +set> 1 1 \"  = set";  then 

echo  $ac_n  "checking  For  C compiler  (cached)""...  $ac_c"  1>&6 
CC  = "$ac_c  v_p  r o g_C  C " 
echo  " $a  c_t " " $ C C " 1>&6 
elif  test  -n  "$CC";  then 

a c_c v_p r og_C C = " $ C C " # Let  the  user  override  the  test, 
echo  $ac_n  "checking  For  C compiler""...  $ac_c"  1>&6 
echo  " $a  c_t " " $ C C " 1>S6 
else 

IFS  = "${IFS=  >";  a c_s  a ve_i fs  = "$IFS";  I F S = " $ ( I F S > : " 

echo  'mainCHreturn  0;>'  > c on  f t e s t . $a  c_e  x t 

for  ac_prog  in  gcc  acc  cc;  do 

# Extract  the  first  word  of  "$ac_prog",  so  it  can  be  a program  name  with  args . 

set  dummy  $ac_prog;  ac_word=$2 

echo  $ac_n  "checking  for  $a c_wo r d " " . . . $ac_c"  1>&6 
for  ac_di r in  SPATH;  do 

test  -z  "$ac_di r"  &&  ac_dir=. 
if  test  -r  " $ a c_d i r / $ a c_w o r d " ; then 
C C = " $a  c_p  rog" 
if  eval  $ac_compile;  then 
a c_c  v_p rog_CC  = "$a  c_p rog" 
f i 

break 
f i 
done 

CC="$ac_cv_prog_CC" 
if  test  -n  "$CC";  then 

echo  "$ac_t""$ac_dir/$CC"  1 > S 6 
break; 
f i 

echo  "$ac_t""no"  1>&6 

done 

if  test  ! -n  "$CC";  then 

{ echo  "configure:  error:  no  C compiler  found"  1>&2;  exit  1;  > 
f i 
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I FS="$ac_save_i fs" 
rm  - f conftest* 


echo  $ac_n  "checking  whether  we  are  using  GNU  CC 
if  eval  "test  \" 1 echo  ' $ ' ' { ' ac_cv_prog_gcc ' +set> ' 
echo  $ac_n  "(cached)  $ac_c"  1 > S 6 
else 

cat  > conftest. c <<E0F 

#ifdef  GNUC 

yes; 

#end  i f 


. . . $ a c_c " 1 > &6 
\"  = set";  then 


EOF 

if  $(CC-cc>  -E  conftest. c 2 > & 5 | egrep  yes  >/dev/null  2 > & 1 ; then 

a c_c v_p r o g_g  c c = y e s 
else 

ac_cv_prog_gcc=no 
f i 
f i 


echo  " $ a c_t " " $ a c_c v_p r o g_g c c " 1>&6 


if  test  $ a c_c v_p r o g_g c c = yes;  then 
if  test  "${CFLAGS+set>"  !=  set;  then 
echo  $ac_n  "checking  whether  $(CC-cc>  accepts  -g""...  $ac_c"  1 > S 6 
if  eval  "test  \" 1 echo  1 $ " { ' ac_c v_p  r o g_g  c c_g ' + s e t } ' ' \ " = set";  then 
echo  $ac_n  "(cached)  $ac_c"  1>&6 
else 

echo  'void  f ( ) -C  > 1 > conftest.  c 

if  test  -z  " 1 $(CC-cc)  -g  -c  conftest.  c 2>&1'";  then 
a c_c v_prog_g c c_g  = y e s 
else 

a c_c v_p r o g_g  c c_g  = n o 
f i 

rm  -f  conftest* 


f i 

echo  " $ a c_t " " $ a c_c v_p r og_g c c_g " 1>&6 
f i 
f i 

# Now,  figure  out  what  CFLAGS  we  want.  If  the  user  didn't  ask  specifically, 

# we're  going  to  use  some  ideas  of  our  own. 
if  test  "$fCFLAGS+set>"  !=  set;  then 

# Prefer  optimizing,  with  debugging  a second 

if  test  $ac_cv_prog_gcc$ac_cv_prog_gcc_g  = yesyes;  then 
CFLAGS="-0  -g" 
else 

C FLAGS  = -0 
f i 


echo  $ac_n  "checking  for  useful  warning  options  ( \$WARN ) " " . . . $ac_c"  1>&6 
if  test  "$(WARN+set>"  !=  set;  then 
if  test  $ a c_c v_p r o g_g c c = yes;  then 

WARN="-Wall  -W  -Wshadow  - W p o i n t e r - a r i t h - Wm i s s i n g - p r o t o t y p e s \ 
-Wwrite-strings" 
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elif  $CC  -flags  2 > S 1 | grep  SunSoft  >/dev/null  2>&1  || 

SCC  -flags  2 > & 1 | grep  SunPro  >/dev/null  2 > & 1 ; then 

if  $CC  -flags  2>&1  | grep  'checking'  | grep  ' A-vc ' > /dev/null  2 > & 1 ; then 

WARN=-vc 

elif  SCC  -flags  2 > & 1 | grep  'checking'  | grep  ,A-v  ' > /dev/null  2 > & 1 ; then 

W A R N = - v 
f i 

if  SCC  -flags  2>&1  | grep  ' A-xstrconst ' > /dev/null  2 > & 1 ; then 

WARN="${WARN}${WARN+  >-xstrconst" 
f i 
f i 

# Any  other  compiler's  warning  flags? 
f i 

echo  "Sac  t " " $ { W A R N-n o n e > " 1 > & 6 


f i 

# AA  end  of  CFLAGS  inference  section 


echo  $ac_n  "checking  how  to  run  the  C preprocessor"" 
# On  Suns,  sometimes  SCPP  names  a directory, 
if  test  -n  "SCPP"  &&  test  -d  "SCPP";  then 
CPP  = 
f i 

if  test  -z  "SCPP";  then 

if  eval  "test  \"' echo  '$''{' a c_c v_p rog_C P P '+ s e t >'' \ " 
echo  $ac_n  "(cached)  $ac_c"  1>&6 
else 


. Sac  c " 1>&6 


set";  then 


U This  must  be  in  double  quotes,  not  single  quotes,  because  CPP  may  get 

# substituted  into  the  Makefile  and  "$CCC-cc>"  will  confuse  make. 

CPP="$CCC-cc>  -E" 

U On  the  NeXT,  cc  -E  runs  the  code  through  the  compiler's  parser, 

# not  just  through  cpp. 

cat  > conf test .$ac_ext  <<E0F 
# l i ne  672  "configure" 

^include  "confdefs.h" 

//include  <assert.h> 

Syntax  Error 
EOF 


a c_t r y = " $ a c_c pp  conf test . $ac_ext  >/dev/null  2>conf test . out" 

C (eval  echo  configure:678:  \"$ac_try\" ) 1>&5;  (eval  $ac_try)  2>&5;  > 
ac_err= 'grep  -v  'A  *+'  c on f t e s t . o u t ' 
if  test  -z  "$ac_err";  then 


else 

echo  " $ a c_e  rr"  > & 5 
rm  - r f conftest* 

C P P = " $ C C C- c c > -E  - 1 r a d i t i o n a l - c pp " 
cat  > conf test . $ac_ext  <<E0F 
//line  687  "configure" 

//include  "confdefs.h" 

//include  <assert  . h> 

Syntax  Error 
EOF 

ac_t ry="$ac_cpp  conf test .$ac_ext  >/dev/null  2>conf test .out" 

C (eval  echo  c o n f i g u r e : 6 9 3 : \"$ac_try\")  1 > & 5 ; (eval  $ac_try)  2>&5;  > 

ac_err='grep  -v  ,A  *+'  c o n f t e s t . o u t ' 
if  test  -z  "$ac_err";  then 
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else 

echo  " $ a c_e  rr"  > & 5 
rm  -r f conf test* 
CPP=/lib/cpp 
f i 

rm  -f  conftest* 
f i 

rm  -f  conftest* 

a c_c v_p rog_CPP  = "$CPP" 
f i 

CPP="$ac_c  v_p  r o g_C  P P " 
else 

a c_c v_p rog_CPP  = "$CPP" 
f i 

echo  "Sac  t""$CPP"  1>&6 


# Finally,  figure  out  the  command  to  generate  dependencies, 
echo  $ac_n  "checking  how  to  make  dependencies""...  $ac_c"  1>&6 
if  eval  "test  \" 1 echo  ' $ ' 1 { ' a c_c v_p r o g_D E P E N D ' + s e t > ' ' \ " = set";  then 
echo  $ac_n  "(cached)  $ac_c"  1>&6 
else 

if  test  -n  "SDEPEND";  then 
a c_c  v_p  rog_DEPEND  = "$DEPEND" 
else 

IFS="${IFS=  >";  a c_s  a v e_i  f s = " $ I F S " ; IFS="$CIFS>:" 
echo  '//include  " c o n f d e f s . h " ' > conftest. c 

for  a c_p  rog  in  "SCPP  -M"  "SCC  -xM"  "$CC  -M";  do 
echo  $ac_prog  SCPPFLAGS  conftest. c 1>&5; 
if  $ac_prog  SCPPFLAGS  conftest. c 2>S5  \ 

| egrep  "conf testX.o"  >/dev/null  2>&1;  then 
a c_c  v_p  rog_DEPEND  = "$a  c_p  rog  SCPPFLAGS" 
break 
f i 
done 

if  test  ! -n  " $ a c_c v_p r o g_D E P E N D " ; then 
ac_cv_prog_DEPEND=: 
f i 

I FS="$ac_save_i fs" 
rm  -f  conftest* 
f i 
f i 

echo  " $ a c_t " " $a c_c v_p r o g_D E P E N D " 1>&6 
DEPEND  = "$ac_c  v_p  rog_ DEPEND" 


# Find  a B S D - c o m pa t i b i l e install  program,  with  install-sh  as  a fallback. 

# Find  a good  install  program.  We  prefer  a C program  (faster), 
tt  so  one  script  is  as  good  as  another.  But  avoid  the  broken  or 

# incompatible  versions: 

# Sys V / e t c / i n s t a l l , /usr/sbi n/ insta  l l 

# SunOS  /usr/etc/install 

# IRIX  /sbin/install 
tt  AIX  /bin/install 

U AFS  /usr/afsws/bi n/i nstal  l,  which  mishandles  nonexistent  args 

//  SVR4  /usr/ucb/i nstal  l,  which  tries  to  use  the  nonexistent  group  "staff" 

# ./install,  which  can  be  erroneously  created  by  make  from  . / i n s t a l l . s h . 
echo  $ac_n  "checking  for  a BSD  compatible  install""...  $ac_c"  1>&6 
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if  test  -z  "SINSTALL";  then 

if  eval  "test  \" 1 echo  1 $ ' 1 { 1 ac_cv_path_i nsta l L ' +set } ' 1 \"  = set";  then 
echo  $ac_n  "(cached)  $ac_c"  1>&6 
else 

I F S = " $ { I F S = }";  ac_save_i f s = " $ I FS" ; I F S = " $ { I F S > : " 

for  ac_di r in  $PATH;  do 

it  Account  for  people  who  put  trailing  slashes  in  PATH  elements, 
case  " $a  c_d i r / " in 

/ | ./| .//|/etc/*|/usr/sbin/*|/usr/etc/*) 

/ A 

/sbin/*  | /usr/afsws/bin/*|  / usr/ucb/*) 

r r 

* ) 

ft  0SF1  and  SCO  ODT  3.0  have  their  own  names  for  install, 
for  ac_prog  in  ginstall  installbsd  scoinst  install;  do 
if  test  -f  $ a c_d i r / $ a c_p r o g ; then 
if  test  $ac_prog  = install  && 

grep  dspmsg  $ a c_d i r / $a c_p r og  >/dev/null  2 > S 1 ; then 

if  AIX  install.  It  has  an  incompatible  calling  convention. 

if  0SF/1  installbsd  also  uses  dspmsg,  but  is  usable. 

else 

a c_c v_p ath_instal l = "$ac_di r/$a  c_p  rog  - c " 
break  2 
f i 
f i 
done 

r r 

e s a c 
done 

IFS="$ac  save  ifs" 


f i 

if  test  "${ac_cv_pa th_i nsta l l+set)"  = set;  then 
INSTALL  = "$a  c_c  v_pa  th_install" 
else 

ft  As  a last  resort,  use  the  slow  shell  script.  We  don't  cache  a 
# path  for  INSTALL  within  a source  directory,  because  that  will 
ii  break  other  packages  using  the  cache  if  that  directory  is 
tt  removed,  or  if  the  path  is  relative. 

INSTALL="$ac_i nsta l l_sh" 
f i 
f i 

echo  "$ac_t""$INSTALL"  1>&6 

ft  Use  test  -z  because  SunOS4  sh  mishandles  braces  in  Sfvar-val}. 
if  It  thinks  the  first  close  brace  ends  the  variable  substitution, 
test  -z  " $ I N S T A L L_P  R 0 G R AM " &&  I N S T A L L_P R 0 G R A M = ' $ C I N S T A L L > ' 

test  -z  " $ I N S T A L L_D  A T A " &S  I N S T A L L_D A T A = ' $ { I N S T A L L > -m  644' 


it  Find  "ranlib".  Sone  systems  don't  have  or  need  ranlib.  If  so, 
ft  (do  nothing)  is  used  instead. 

it  Extract  the  first  word  of  "ranlib",  so  it  can  be  a program  name  with 
set  dummy  ranlib;  ac_word=$2 

echo  $ac_n  "checking  for  $a c_wo rd " " . . . $ac_c"  1>S6 

if  eval  "test  V'echo  1 $ ' ' { ' a c_c v_p r o g_R A N L I B ' + s e t } ' ' \ " = set";  then 
echo  Sac  n "(cached)  $ac_c"  1>&6 


a r g s . 
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else 

if  test  -n  "SRANLIB";  then 

a c_c v_p r o g_R A N L I B= " $ R A N L I B " # Let  the  user  override  the  test, 
else 

IFS  = "$tIFS=  a c_s  a v e_i f s = " $ I FS";  I F S = " $ C I F S > : " 

for  ac_dir  in  $PATFI;  do 

test  -z  "$ac_di r"  &&  ac_dir=. 
if  test  -f  $ac_di r/$ac_word;  then 
ac_cv_prog_RANLIB="ranlib" 
break 
f i 
done 

IFS="$ac_save_i fs" 

test  -z  " $ a c_c  v_p  rog_RANLIB"  SS  a c_c v_p r o g_R A N L I B = " : " 
f i 
f i 

RANLIB="$ac_cv_prog_RANLIB" 
if  test  -n  " $ R A N L I B " ; then 
echo  "$ac_t""$RANLIB''  1>&6 
else 

echo  "$ac_t""no"  1>S6 
f i 


# Use  symlinks  (In  -s)  if  possible.  If  not,  use  hard  links  (In), 
echo  $ac_n  "checking  whether  In  -s  works""...  $ac_c"  1>&6 
if  eval  "test  V'echo  1 $ ' ' C ' a c_c v_p r og_LN_S ' + s e t > ' ' \ " = set";  then 
echo  $ac_n  "(cached)  $ac_c"  1 > S 6 
else 

rm  -f  conftestdata 
if  In  -s  X conftestdata  2>/dev/null 
then 

rm  -f  conftestdata 
a c_c v_p r o g_LN_S = " l n -s" 
else 

ac_cv_prog_LN_S=ln 
f i 
f i 

LN_S  = ”$ac_c  v p r og_LN_S " 

if  test  " $ a c_c  v_p  rog_LN_S"  = "In  -s";  then 
echo  "$ac_t""yes"  1>&6 
else 

echo  "$ac_t""no"  1>&6 
f i 


# Figure  out  how  to  test  for  symlinks...  Check  'test  -L'  and  then  'test 
echo  $ a c_n  "checking  how  to  test  for  symlinks""...  $ac_c"  1>&6 
if  eval  "test  \"'echo  ' $ ' ' C ' a c_c  v_p  r o g_T  E S T_L ' + s e t > ' ' \ " = set";  then 
echo  $ac_n  "(cached)  $ac_c"  1>&6 
else 

rm  -f  conftest 

$a c_c v_prog_LN_S  foo  conftest 

IFS="$CIFS=  ac_save_i fs="$IFS";  IFS="$CIFS>:" 

if  ( test  -L  conftest  );  then 
a c_c v_p r og_T E S T_L= " t e s t -L" 
elif  ( test  -h  conftest  );  then 
a c_c  v_p  r og_T  E S T_L= " test  -h" 
else 
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a c_c v_p r o g_T E S T_L= " t e s t ! -f" 
f i 

I FS  = "$ac_sav  e_i f s " 
rm  - f conftest* 
f i 

echo  " $ a c_t " " $ a c_c  v_p  r o g_T  E S T_L " 1>&6 
T E S T_L  = ” $ a c_c  v_p  r o g_T  E S T_L " 


tf  Check  that  this  system  has  a set  of  properly  working  ANSI  C header  files. 

# In  particular,  check  for  the  existence  of  <stdlib.h>,  <stdarg.h>, 

# <string.h>  and  <float.h>.  Also  check  that  <string.h>  declares  mem*, 

# that  <stdlib.h>  declares  free,  and  that  the  <ctype.h>  macros  work 

# with  values  >=  128. 

//  If  we  cannot  run  a trivial  program,  we  must  be  cross  compiling, 
echo  $ac_n  "checking  whether  cross-compi ling""...  $ac_c"  1>&6 
if  eval  "test  \"  ' echo  '$'  '{'ac_c v_c_c  ross 1 +set } 1 1 \"  = set";  then 
echo  $ac_n  "(cached)  $ac_c"  1>86 
else 

if  test  "$cross_compi  ling"  = yes;  then 
ac_c v_c_c ross=yes 
else 

cat  > conftest . $ac_ext  <<E0F 
//line  896  "configure" 

//include  "confdefs.h" 
main()(return(0);} 

EOF 

{ (eval  echo  configure:900:  \"$ac_link\")  1 > & 5 ; (eval  $ac_link)  2>&5;  > 
if  test  -s  conftest  &&  (./conftest;  exit)  2>/dev/null;  then 
a c_c  v_c_c r o s s = n o 
else 

ac_cv_c_cross=yes 
f i 
f i 

rm  - f r conftest* 
f i 

echo  " $ a c_t " " $ a c_c v_c_c r o s s " 1 > S 6 
cros s_c  ompi  l i ng  = $ac_c  v_c_c  ross 

echo  $ac_n  "checking  for  ANSI  C header  files""...  $ac_c"  1>&6 
if  eval  "test  \IM  echo  1 $ ' ' ( 1 a c_c v_h e a d e r_s t d c ' + s e t } ' ' \ " = set";  then 
echo  $ac_n  "(cached)  $ac_c"  1>&6 
else 

cat  > conftest . $ac_ext  <<E0F 
//line  918  "configure" 

//include  "confdefs.h" 

//include  <stdlib.h> 

//include  <stdarg.h> 

//include  <string.h> 

//include  <float.h> 

EOF 

a c_t r y = " $ a c_c pp  conftest . $ac_ext  >/dev/null  2 > c o n f t e s t . o u t " 

( (eval  echo  c o n f i g u r e : 92 6 : \"$ac_try\")  1 > & 5 ; (eval  $ac_try)  2>85;  > 
ac_err= ' grep  -v  ,A  *+'  conftest  .out ' 
if  test  -z  "$ac_err";  then 
rm  - r f conftest* 
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ac_cv_header_stdc=yes 

else 

echo  " $ a c_e  rr"  >8  5 
rm  - r f conf test* 
ac_cv_header_stdc=no 
f i 

rm  -f  conf test* 


if  test  $ a c_c v_h e a d e r_s t d c = yes;  then 

tf  SunOS  4.x  string. h does  not  declare  mem*, 
cat  > c o n f t e s t . $a c_e x t <<E0F 
//line  941  "configure" 

//include  "confdefs.h" 

//include  <string.h> 

EOF 


if  ( e v a l 
e g r e p 


"$ac_cpp  c o n f t e s t . $ a c_e x t " ) 2>85 
"memchr"  >/dev/null  2 >81;  then 


contrary  to  ANSI. 


else 

rm  - r f conftest* 
ac_cv_header_stdc=no 
f i 

rm  -f  conftest* 


f i 


if  test  $ a c_c v_h e a d e r_s t d c = yes;  then 

tf  ISC  2.0.2  stdlib.h  does  not  declare  free, 
cat  > conf test .$ac_ext  <<E0F 
tf  line  959  "configure" 

//include  "confdefs.h" 

//include  <stdlib.h> 


EOF 

if  (eval  "$ac_cpp  c o n f t e s t . $a c_e x t " ) 2>85  | 

egrep  "free"  >/dev/null  2 >81;  then 


contrary  to  ANSI. 


else 

rm  - r f conftest* 
ac_cv_header_stdc=no 
f i 

rm  -f  conftest* 


f i 


if  test  $a c_c v_h e a d e r_s t d c = yes;  then 

# /bin/cc  in  Irix-4.0.5  gets  non-ANSI  ctype  macros  unless  using  -ansi, 
if  test  "$cross_compi ling"  = yes;  then 


else 

cat  > conftest . $ac_ext  <<E0F 
//line  980  "configure" 
//include  "confdefs.h" 
//include  <ctype.h> 


ft  define 

I SLOWER ( c ) 

( ' a ' <=  ( c ) 88  ( 

c ) 

<=  ' z ' ) 

tf  define 

TOUPPER ( c ) 

( I SLOWER  ( c ) ? 'A 

i 

+ ((c)  - 

' a ’ ) : 

//define 

X 0 R ( e , f) 

(((e)  88  ! ( f ) ) || 

( 

! (e)  88  (f  ) ) ) 

i n t main 

( ) f i n t 

i ; for  ( i = 0 ; i 

< 

256;  i ++ ) 

if  ( XOR 

(islower  ( 

i),  ISLOWER  ( i ) ) 

1 1 

toupper 

( i ) ! = 

exit  ( 0 ) ; > 


( c ) ) 

TOUPPER  ( i ) ) e x i t ( 2 ) ; 
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EOF 

{ (eval  echo  configure:991:  \"$ac_link\")  1>&5;  (eval  $ac_Link)  2>&5;  > 
if  test  -s  conftest  & & (./conftest;  exit)  2>/dev/nuLL;  then 

else 

ac_cv_header_stdc=no 
f i 
f i 

rm  - f r conftest.  * 
f i 
f i 

echo  " $ a c_t " " $ a c_c v_h e a d e r_s t d c " 1>&6 

if  test  $ a c_c v_h e a d e r_s t d c = yes;  then 
cat  >>  confdefs.h  <<\E0F 
tfdefine  STD  C_H  E A D E R S 1 
EOF 

f i 


# Check  that  we  have  <fcntl.h>,  <limits.h>,  <stdarg.h>  and  <stdlib.h> 

# individually. 

for  ac_hdr  in  fcntl.h  l i m i t s . h stdarg.h  stdlib.h  unistd.h  \ 
sys/ioctl.h  sys/time.h  sys/timeb.h  sys  / pa  ram . h 
do 

ac_saf e= 1 echo  "$ac_hdr"  | tr  1 . / \ 0 5 5 1 ' 11 

echo  $ac_n  "checking  for  $ac_hdr""...  $ac_c"  1 > S 6 

if  eval  "test  \" ' echo  1 $ ' 1 { ' ac_cv_header_$ac_saf e 1 +set) 1 ' \"  = set";  then 
echo  $ac_n  "(cached)  $ac_c"  1>&6 
else 

cat  > conftest .$ac_ext  <<E0F 
#line  1022  "configure" 

^include  "confdefs.h" 

#include  <$ac_hdr> 

EOF 

a c_t ry= " $a c_c pp  conftest . $ac_ext  >/dev/null  2>conf test . out" 

{ (eval  echo  c on f i g u r e : 1 0 2 7 : \"$ac_try\")  1>&5;  (eval  $ac_try ) 2>&5;  > 

ac_err='grep  -v  ,A  *+'  conftest .out ' 
if  test  -z  "$ac_err";  then 
rm  - r f conftest* 

eva l "ac_cv_header_$ac_safe=yes" 
else 

echo  " $ a c_e  rr"  > S 5 
rm  -rf  conftest* 

eval  "a  c_c  v_h  eader_$ac_safe  = no" 
f i 

rm  -f  conftest* 
f i 

if  eval  "test  \" 1 echo  ' $a c_c v_h e a d e r_ 1 $ a c_s a f e ' \ " = yes";  then 
echo  " $ a c_t ""yes"  1>&6 

a c_t  r_h  d r = H A V E_ ' echo  $ac_hdr  | tr  ' a b c d e f g h i j k l mn o pq r s t u v w x y z . / \ 0 5 5 ' \ 

' ABCDE FGHI JKLMNOPQRSTUVWXYZ ' 

cat  >>  confdefs.h  <<E0F 
#define  $ac_tr_hdr  1 
EOF 

else 
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echo  " $ a c_t " "no"  1>&6 
f i 

done 

echo  $ac_n  "checking  whether  time.h  and  sys/time.h  may"  \ 

"both  be  included""...  $ac_c"  1>&6 
if  eval  "test  \"  1 echo  1 $ ' ' ( ' ac_cv_heade r_t ime 1 +set> 1 ' \"  = set"; 

echo  $ac_n  "(cached)  $ac_c"  1>&6 
else 

cat  > conf test . $ac_ext  <<E0F 
# line  1 056  "configure" 

//include  "confdefs.h" 

//include  <sys  / types  . h> 

//include  <sys/time.h> 

//include  <time.h> 
int  mainO  { return  0;  > 
i n t t ( ) f 
struct  tm  * t p ; 

; return  0;  > 

EOF 

if  { (eval  echo  c o n f i g u r e : 1 0 6 6 : \ " $ a c_c o m p i l e \ " ) 1 > & 5 

(eval  $a c_c omp i l e ) 2>&5;  >;  then 
rm  -rf  conftest* 
ac_cv_header_time=yes 
else 

rm  -rf  conftest* 
ac_cv_header_time=no 
f i 

rm  -f  conftest* 
f i 

echo  " $ a c_t " " $ a c_c v_h e a d e r_t i me " 1>&6 
if  test  $a c_c v_h e a d e r_t i me  = yes;  then 
cat  >>  confdefs.h  <<\E0F 
//define  T I M E_W  I T H_S  Y S_T  I M E 1 
EOF 

f i 


//  Verify  that  the  compiler  supports  const,  and  that  it  works. 

//  A lot  of  compilers  sort  of  support  const,  but  they  have  bugs 
# that  will  prevent  valid  programs  from  compiling, 
echo  $ a c_n  "checking  for  working  const”"...  $ac_c"  1 > S 6 
if  eval  "test  V'echo  ' $ ' ' ( ' a c_c v_c_c o n s t ' + s e t > ' ' \ " = set";  then 
echo  $ac_n  "(cached)  $ac_c"  1 > S 6 
else 

cat  > conftest . $ac_ext  <<E0F 
ft  line  1 094  "configure" 

//include  "confdefs.h" 

int  m a i n ( ) ( return  0;  > 
int  t ( ) { 

/*  Ultrix  mips  cc  rejects  this.  */ 
typedef  int  charset£20;  const  charset  x; 

/ * SunOS  4.1.1  cc  rejects  this.  * / 
char  const  *const  * c c p ; 


then 
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char  **p; 

/*  NEC  SVR4.0.2  mips  cc  rejects  this.  */ 

struct  point  tint  x,  y ; > ; 

static  struct  point  const  zero  = { 0 , 0 > ; 

/*  AIX  XL  C 1.02.0.0  rejects  this. 

It  does  not  Let  you  subtract  one  const  X*  pointer  from  another  in  an  arm 
of  an  i f - e x p r e s s i o n whose  if-part  is  not  a constant  expression  */ 
const  char  *g  = "string"; 
ccp  = &g  + (g  ? g-g  : 0); 

/*  HPUX  7.0  cc  rejects  these.  */ 

+ + c c p ; 

p = (char**)  ccp; 

ccp  = (char  const  *const  *)  p ; 

{ /*  SCO  3.2v4  cc  rejects  this.  */ 
char  * t ; 

char  const  *s  = 0 ? (char  *)  0 : (char  const  *)  0; 

* t + + = 0 ; 

> 

{ /*  Someone  thinks  the  Sun  s u p p o s e d l y- A N S I compiler  will  reject  this.  */ 
int  xC:  = -C  2 5 , 17>; 
const  int  *f oo  = & x C 0 ] ; 

++f oo; 

> 

{ /*  Sun  SC1.0  ANSI  compiler  rejects  this  --  but  not  the  above.  */ 
typedef  const  int  *iptr; 
i p t r p = 0 ; 

+ + p; 

> 

{ /*  AIX  XL  C 1.02.0.0  rejects  this  saying 

"k.c",  line  2.27:  1506-025  (S)  Operand  must  be  a modifiable  lvalue.  */ 
struct  s { int  j;  const  int  * a p C 3 ] ; >; 
struct  s *b;  b - > j = 5; 

> 

{ /*  ULTRIX-32  V3.1  (Rev  9)  vcc  rejects  this  */ 
const  int  foo  = 10; 

> 

; return  0;  > 

EOF 

if  { (eval  echo  c o n f i g u r e : 1 1 4 4 : \ " $ a c_c o m p i l e \ " ) 1>&5 
(eval  $ac_compile)  2>&5;  >;  then 
rm  -rf  conf test* 
ac_cv_c_const=yes 
else 

rm  -rf  conf test* 
ac_cv_c_const=no 
f i 

rm  -f  conf test* 
f i 

echo  " $a c_t " " $ a c_c v_c_c o n s t " 1>S6 
if  test  $a c_c v_c_c o n s t = no;  then 
cat  >>  confdefs.h  <<\E0F 
#define  const 
EOF 

f i 
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//  See  if  we  have  off_t  in  < s y s / t y pe s . h > or  <stdlib.h>. 

//  If  not,  define  it  as  "Long". 

echo  $ac_n  "checking  for  off_t""...  $ac_c"  1>&6 

if  eval  "test  \"  ' echo  ' $ ' ' { ' ac_cv_type_of f_t 1 +set) 1 1 \"  = set";  then 
echo  $ac_n  "(cached)  $ac_c"  1>&6 
else 

cat  > conf test . $ac_ext  <<E0F 
//line  1171  "configure" 

//include  "confdefs.h" 

//include  <sys  / types  . h> 

//if  STD  C_H  E A D E R S 
//include  <stdlib.h> 

# e n d i f 
EOF 

if  (eval  "$ac_cpp  c o n f t e s t . $ a c_e x t " ) 2>&5  | 

egrep  "off_t"  >/dev/null  2>&1;  then 
rm  -rf  conftest* 
ac_cv_type_off_t=yes 
else 

rm  -rf  conftest* 
a c_c v_type_o f f _t  = n o 
f i 

rm  -f  conftest* 
f i 

echo  " $ a c_t " " $ a c_c v_t y p e_o f f _t " 1 > S 6 
if  test  $ a c_c v_t y p e_o f f _t  = no;  then 
cat  >>  confdefs.h  <<\E0F 
//define  off_t  Long 
EOF 

f i 


//  See  if  we  have  size_t  similarly.  If  not,  define  it  as  unsigned, 
echo  $ac_n  "checking  for  si ze_t"" . . . $ac_c"  1>&6 

if  eval  "test  \"  ' echo  ac_cv_type_si ze_t ' +set) = set";  then 

echo  $ac_n  "(cached)  $ac_c"  1 > & 6 
else 

cat  > conf test . $ac_ext  <<E0F 
//line  1 204  "configure" 

//include  "confdefs.h" 

//include  < s y s / t y p e s . h > 

//if  STD  C_H  E A D E R S 
//include  <stdlib.h> 

//  e n d i f 
EOF 

if  (eval  "$ac_cpp  c o n f t e s t . $ a c_e x t " ) 2>&5  | 

egrep  "si ze_t"  >/dev/null  2 > & 1 ; then 
rm  -rf  conftest* 
a c_c  v_ty p e_s i ze_t  = yes 
else 

rm  -rf  conftest* 
ac_cv_type_si ze_t=no 
f i 

rm  -f  conftest* 
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f i 

echo  " S a c_t " " $ a c_c v_t y pe_s i z e_t " 1>&6 
if  test  $ a c_c v_t y p e_s i z e_t  = no;  then 
cat  >>  confdefs.h  <<\E0F 
#define  si ze_t  unsigned 
EOF 

f i 


for  ac_func  in  gethrtime  c L o c k_g e t t i me  clock_getres  gettimeofday  \ 
getitimer  setitimer  ftime 
d o 

echo  $ac_n  "checking  for  $ a c_f u n c " " . . . $ac_c"  1>S6 

if  eval  "test  \"  1 echo  1 $ 1 ' { ' a c_c v_f u n c_$ a c_f u n c ' +s e t > ' ' \ " = set";  then 
echo  $ac_n  "(cached)  $ac_c"  1>&6 
else 

cat  > conf test . $ac_ext  <<E0F 
#line  1239  "configure" 

^include  "confdefs.h" 

/*  System  header  to  define  stub  macros  and  hopefully  few  prototypes, 

which  can  conflict  with  char  $ac_func();  below.  * / 

^include  <assert . h> 

/*  Override  any  gcc2  internal  prototype  to  avoid  an  error.  */ 

/*  We  use  char  because  int  might  match  the  return  type  of  a gcc2 

builtin  and  then  its  argument  prototype  would  still  apply.  */ 
char  $a  c_f  u n c ( ) ; 

int  m a i n ( ) { return  0;  > 

int  t ( ) t 

/*  The  GNU  C library  defines  this  for  functions  which  it  implements 
to  always  fail  with  ENOSYS.  Some  functions  are  actually  named 

something  starting  with  and  the  normal  name  is  an  alias.  */ 

#if  defined  ( s t u b_$ a c_f u n c ) ||  defined  ( stub $ac_func) 

choke  me 
#else 

$ a c_f  unc(); 

# e n d i f 

; return  0;  > 

EOF 

if  { (eval  echo  c o n f i g u r e : 1 2 6 3 : \ " $ a c_l i n k \ " ) 1>&5 

(eval  $ac_link)  2>&5;  >;  then 
rm  -rf  conf test* 

eval  " a c_c v_f u n c_$a c_f u n c =y e s " 
else 

rm  -rf  conf  test* 
eval  " a c_c v_f u n c_$ a c_f u n c =n o " 
f i 

rm  -f  conf test* 
f i 

if  eval  "test  \" 'echo  1 $ a c_c v_f u n c_ ' $ a c_f u n c ' \ " = yes";  then 
echo  "$ac_t""yes"  1>&6 

ac_tr_func=HAVE_' echo  $ac_func  | tr  ' a b c d e f g h i j k l mno pq r s t u v wxy z ' \ 

' ABCDEFGHIJKLMNOPQRSTUVWXYZ  ' ' 
cat  >>  confdefs.h  <<E0F 
#define  $ac_tr_func  1 


configure 


EOF 

else 

echo  "$ac_t""no"  1>&6 
f i 

done 


ft  The  big  bang!  Produce  the  output  files.  This  is  config.cache,  and 

# c o n f i g . s t a t u s , which  builds  the  config.h  file  and  a long  list  of 
ft  Makefiles. 

trap  11  1 2 15 

cat  > confcache  <<\E0F 

ft  This  file  is  a shell  script  that  caches  the  results  of  configure 

# tests  run  on  this  system  so  they  can  be  shared  between  configure 
U scripts  and  configure  runs.  It  is  not  useful  on  other  systems. 

# If  it  contains  results  you  don't  want  to  keep,  you  may  remove  or  edit  it. 

ft 


# By  default,  configure  uses  ./config.cache  as  the  cache  file, 

# creating  it  if  it  does  not  exist  already.  You  can  give  configure 

# the  cache-file=FILE  option  to  use  a different  cache  file;  that  is 

# what  configure  does  when  it  calls  configure  scripts  in 

# subdirectories,  so  they  share  the  cache. 

# Giving  c a c h e - f i l e = / d e v / n u l l disables  caching,  for  debugging  configure. 
ti  config. status  only  pays  attention  to  the  cache  file  if  you  give  it  the 

ft  --recheck  option  to  rerun  configure. 

ft 

EOF 


ft  Ultrix  sh  set  writes  to  stderr  and  can't  be  redirected  directly, 
ft  ar|d  sets  the  high  bit  in  the  cache  file  unless  we  assign  to  the  vars. 
(set)  2 > & 1 | 

sed  -n  " s / A\ ( [a-z A-Z0-9_]*_c v_Ea-z A-Z0-9_d*\ ) = \ ( . *\ ) / \ 1 = \${ \ 1 = ' \2 ' > /p"  \ 

>>  confcache 

if  cmp  -s  $cache_file  confcache;  then 


else 

if  test  -w  $cache_file;  then 

echo  "updating  cache  $cache_file" 
cat  confcache  > $cache_file 
else 

echo  "not  updating  unwritable  cache  $cache_file" 
f i 
f i 

rm  -f  confcache 


trap  ' rm  -fr  conftest*  confdefs*  core  core.*  *.core  $ac_c lean_f i les;  exit  1'  \ 

12  15 

test  "xSprefix"  = xNONE  &&  p r e f i x = $ a c_d e f a u l t_p r e f i x 
ft  Let  make  expand  exec_prefix. 

test  "x$exec_pref i x"  = xNONE  SS  exec_pref i x= ' ${pref i x) ' 

ft  Any  assignment  to  VPATH  causes  Sun  make  to  only  execute 
ft  the  first  set  of  double-colon  rules,  so  remove  it  if  not  needed. 
ft  If  there  is  a colon  in  the  path,  we  need  to  keep  it. 
if  test  "x$srcdir"  = x.;  then 

ac_vpsub= ' /A[  d*VPATHC  1 * = [ A : ] * $ / d ' 

f i 
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trap  ' rm  -f  $ C ON F I G_S T A T U S conftest*;  exit  1'  1 2 15 
DEFS=-DHAVE_CONFI G_H 

ft  Without  the  some  shells  look  in  PATH  for  c o n f i g . s t a t u s . 

: ${CONFIG_STATUS=. /config. status} 

echo  creating  $ C 0 N F I G_S  T AT  1)  S 
rm  -f  $CONFIG_STATUS 
cat  > $CONFIG_STATUS  <<E0F 
# ! / b i n / s h 

ft  Generated  automatically  by  configure. 

ft  Run  this  file  to  recreate  the  current  configuration. 

ft  This  directory  was  configured  as  follows, 

ft  on  host  '(hostname  |[  uname  -n)  2>/dev/null  | sed  1 q 1 : 

ft 

ft  $0  $ a c_c  o n f i g u r e_a  r g s 
ft 

ft  Compiler  output  produced  by  configure,  useful  for  debugging 
ft  configure,  is  in  ./config.  log  if  it  exists. 

a c_c s_u s a g e = " U s a g e : $ C 0 N F I G_S T A T U S [--recheck]  [--version]  [--help]" 

for  a c_o  p t i o n 
do 

case  "\$ac_option"  in 

-recheck  | --recheck  | --rechec  | --reche  | --rech  | — rec  | --re  | --r) 
echo  "running  \ $ { C 0 N F I G_S H E L L- / b i n / s h > $0  $ a c_c on f i g u r e_a r g s " \ 
"--no-create  --no-recursion" 

exec  \ $ { C 0 N F I G_S H E L L- / b i n / s h > $0  $ a c_c o n f i g u r e_a r g s --no-create  \ 
--no-recursion  ;; 

-version  | --version  | --versio  | — versi  | --vers  | — ver  | — ve  | — v ) 
echo  " $ C ON F I G_S T A TU S generated  by  autoconf  version  2.10" 
exit  0 ; ; 

-help  | --help  | -- h e l | --he  | -- h ) 

echo  " \ $ a c_c s_u s a g e " ; exit  0 ;; 

*)  echo  " \ $a c_c s_u s a g e " ; exit  1 ; ; 

e s a c 
done 

a c_g i v e n_s  rcdi r = $srcdi r 
a c_g i ven_INSTALL="$ INSTALL" 

trap  ' rm  -fr  'echo  "Makefile  lib/Makefile  l i b / b n / M a k e f i l e l i b / p g p / M a k e f i l e 
lib/pgp/include/Makefi  le  lib/pgp/helper/Makefi  le 
lib/pgp/compress/Makefi  le  lib/pgp/hash/Makefi  le 
lib/pgp/cipher/Makefi  le  lib/pgp/random/Makefi  le 
lib/pgp/pubkey/Makefi  le  lib/pgp/pipe/Makefi  le 
lib/pgp/pipe/uti  Is/Makefi  le  lib/pgp/pipe/fi  le/Makefi  le 
lib/pgp/pipe/sig/Makefi  le  lib/pgp/pipe/crypt/Makefi  le 
lib/pgp/pipe/text/Makefi  le  lib/pgp/pipe/parser/Makefi  le 
lib/pgp/uti Is/Makefi  le  lib/pgp/keys/Makefi  le 
l i b / 1 1 y u i / Ma k e f i l e a pp s / Ma k e f i l e a pp s / c ommo n / Ma ke f i l e 
apps/enctest/Makefi  le  apps/dectest/Makefi  le  apps/sigvrfy/Makefi  le 
apps/pgp3/Makefi  le  apps/pgpk/Makefi  le 

config. h"  | sed  "s/:[A  ]*//g"'  conftest*;  exit  1'  1 2 15 

ft  Protect  against  being  on  the  right  side  of  a sed  subst  in  c o n f i g . s t a t u s . 
sed  's/%a/aa/;  s/a%/aa/;  s/%g$/ag/;  /ag$/s/[\\\\&%]/\\\\&/g; 
s/aa/%a/;  s/aa/a%/;  s/ag$/%g/'  > conftest. subs  < < \ C E 0 F 
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$ a c_vp  s u b 
Sextrasub 

s % 5)  C F L A G S a % $ C F L A G S % g 

s%3CPPFLAGS3%$CPPFLAGS7g 

s%3CXXFLAGS3%$CXXFLAGS7g 

s73DE  FS3%$DE  FS%g 

s%3LDFLAGS3%$LDFLAGS%g 

s%aLIBS3%$LIBS%g 

sZ3exe c_p  ref ix3%$exe c_p  r e f i x % g 

s%3prefix37$prefix%g 

sZ3program_transf o r m_n a me  3 % $ p r o g ram_t ransf o rm_name%g 

s%3bindir3%$bindir%g 

s % a s b i n d i ra%$sbindi r%g 

s%aiibexecdir37$libexecdir%g 

s%3datadi r3%$datadi r%g 

s%3sysconfdi r37$sysconfdi r 7 g 

s%3sharedstatedi r37$sharedstatedi r%g 

s%alocalstatedi r37$localstatedi r 7 g 

s%3libdi r3%$Libdi r%g 

s%3includedi ra%$includedi r%g 

s%3oldincLudedir3%$oLdincLudedir%g 

s%ainfodira%$infodir%g 

s%amandi r3%$mandi r%g 

s%3CC3%$CC%g 

s%aWARN3%$WARN%g 

s73CPP37$CPP%g 

s%3DEPEND3%$DEPEND7g 

s%3 INSTALL_PR0GRAM3%$ I N S T A L L_P R 0 G R A M % g 

s%aiNSTALL_DATAa7$INSTALL_DATA%g 

s%3RANLIB37$RANLIB7g 

s%3LN_Sa7$LN_S%g 

s%3TEST_L3%$TEST_L%g 

CEOF 

EOF 

cat  >>  $ C 0 N F I G_S  T A T U S <<E0F 

CONFIG_FILES=\${CONFIG_FILES- "Makefile  lib/Makefite 
l i b / b n / M a k e f i l e l i b / p g p / M a k e f i l e 

lib/pgp/ include/Makefi  le  lib/pgp/helper/Makefi  le 
lib/pgp/ compress/Makef i le  lib/pgp/hash/Makefi  le 
lib/pgp/ cipher/Makefi  le  lib/pgp/random/Makefi  le 
lib/pgp/pubkey/Makefi  le  lib/pgp/pipe/Makefi  le 
lib/pgp/pipe/uti  Is/Makefi  le  lib/pgp/pipe/fi  le/Makefi  le 
lib/pgp/pipe/ sig/Makefi  le  lib/pgp/pipe/crypt/Makefi  le 
lib/pgp/pipe/text/Makefi  le  lib/pgp/pipe/parser/Makefi  le 
lib/pgp/uti Is/Makefi  le  lib/pgp/keys/Makefi le 
l i b / 1 1 y u i / Ma k e f i l e a pp s / Ma k e f i l e a pp s / c ommon / Ma k e f i l e 
apps/enctest/Makefi  le  apps/dectest/Makefi  le  apps/sigvrfy/Makefi  le 
apps/pgp3/Makefi  le  apps/pgpk/Makefi  le"> 
CONFIG_PRE=\${CONFIG_PRE-"conf i g/pre . in") 

C0NFIG_P0ST=\${C0NFIG_P0ST-"conf ig/post .in"} 

EOF 

cat  >>  $CONFIG_STATUS  <<\E0F 

ft  test  for  pre  and  post  files,  to  make  sure  they  exist 
if  test  -r  " $a c_g i ven_s r c d i r / $ C ON F I G_PR E " ; then 
ac_config_pre="$ac_given_srcdir/$CONFIG_PRE" 
echo  "Using  $ac_conf ig_pre  for  pre-makefile" 
else 
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ac_config_pre="" 

echo  "No  f i Le  SCONFIG  PRE" 


if  test  -r  " $ a c_g i v e n_s r c d i r / $ C 0 N F I G_P0 S T " ; then 
ac_conf i g_po s t = " $a c_g i ven_srcdi r / $ C 0 N F I G_P0 S T " 
echo  "Using  $ac_conf i g_post  for  po s t -ma ke f i L e " 
else 

ac_confi g_po  s t = " " 

echo  "No  file  SCONFIG  POST" 


for  ac_file  in  ..  $ C 0 N F I G_F I L E S ; do  if  test  "x$ac_file"  !=  x..;  then 
ft  Support  "outfileC:infileJ",  defaulting  infile  = "outfile.in"  . 
case  " $ a c_f i l e " in 

*:*)  a c_f i l e_i n= ' e c h o " $ a c_f i l e " | s e d 's%.  *:%%'' 
ac_f i le=' echo  " $ a c_f i l e " | s e d *s%:  .*%%'  ' ;; 

*)  a c_f i l e_i n= " $ C a c_f i l e > . i n " ;; 
e s a c 

tf  Adjust  relative  srcdir,  etc.  for  subdirectories. 

ft  Remove  last  slash  and  all  that  follows  it.  Not  all  systems  have  dirname. 
ac_di r= ' echo  $ac_file|sed  ' s // C A /][ A /]*$%%'  ' 

if  test  "$ac_dir"  !=  "$ac_file"  &&  test  "$ac_di r"  !=  .;  then 
ft  The  file  is  in  a subdirectory, 
test  ! -d  "$ac_di r"  &&  mkdir  "$ac_dir" 
ac_di r_suf f ix  = "/ ' echo  $ac_dir|sed  's%A\. /%%''" 
ft  A "../"  for  each  directory  in  $ a c_d  i r_s  u f f i x . 
ac_dots=' echo  $a c_d i r_s u f f i x | s ed  ' s %/ C A /]*%../% g ' 1 
else 

a c_d i r_s u f f i x = ac_dots= 
f i 

case  "$ac_given_srcdir"  in 
. ) srcdi r=. 

if  test  -z  "$ac_dots";  then  top_srcdir=. 

else  top_srcdi r=' echo  $ac_dots|sed  ' s %/$%%'';  fi  ;; 

/ * ) srcdi  r = "$a c_g i v e n_s  r c d i r $ a c_d ir_suffix" 
t o p_s  r c d i r = " $a  c_g i v e n_s  rcdi r"  ; ; 

* ) ft  Relative  path. 

srcdi r = "$a  c_d  o t s $ a c_g i ven_srcdi r$a c_d ir_suffix" 
t o p_s  rcdi r = " $ a c_d  o t s $ a c_g i v e n_s  rcdi r"  ; ; 
e s a c 

case  " $ a c_g i v e n_I N S T A L L " in 

[/$]*)  INSTALL  = "$a  c_g i v e n_I N S T A L L " ;; 

* ) I N S T A L L = " $ a c_d o t s $ a c_g i ve n_I N S T A L L " ;; 
e s a c 

echo  creating  "$ac_file" 
rm  -f  " $a  c_f i l e " 

conf_in_f i le  = " 'echo  $ a c_f i l e_i n | s e d 's%.  */%%''" 

c o n f i g u r e_i n pu t = " G e n e r a t e d automatically  from  $ c o n f _i n_f i l e by  configure." 
case  " $ a c_f i l e " in 
★Makefile*)  a c_comsub=" 1 i \ \ 
ft  $configure_  input"  ;; 

*)  ac_comsub=  ;; 
e s a c 

sed  -e  "$ac_comsub 
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s%3configur  e_i nput3%$configure_input%g 
s % 3 s r c d i r3%$srcdi r%g 
s % 3 t o p_s  rcdi r3%$to  p_s  r c d i r % g 
s%3top_bui Lddi r3%$ac_dots.%g 
s %3d i r_s  uffix3%$a  c_d i r_s  u f f i x %g 
s%3INSTALL3%$INSTALL%g 

-f  c o n f t e s t . s u b s $ a c_c o n f i g_p r e $a  c_gi ven_s  red i r/$ac_f i le_i n \ 
$ac_conf i g_post  > $ac_file 

f i ; done 

rm  -f  conf test . subs 


tf  These 
tf  NAME 

tf 

U a c_d 
a c_d  A = 1 
a c_dB= ' 
a c_d  C = ' 
a c_d  D = ' 
tf  a c_u 
a c_u  A = 1 
a c_uB= ' 
a c_u  C = ' 
a c u D= ' 


sed  commands  are  passed  to  sed  as  "A  NAME  B NAME  C VALUE  D",  where 
is  the  epp  macro  being  defined  and  VALUE  is  the  value  it  is  being  gi 


sets  the  value  in  "^define  NAME  VALUE"  lines. 

s%A\([  2*\)#\(t  H*defineC  ] [ ] * \ ) 1 

m:  :*\)i:A  t * % \ i # \ 2 1 

\ 3 ' 

% g ' 

turns  "#undef  NAME"  with  trailing  blanks  into  "#define  NAME  VALUE". 

s%A\([  ] * \ ) # \ ( C ]*\)undef\([  DC  D*\)' 

T\)%\1#\2define\3' 

i 

\4%g  ' 


ft  a c_e  turns  "#undef  NAME"  without  trailing  blanks  into  "#define  NAME  VALUE 
a c_e  A='s%A\([  D * \ ) # \ ( [ ]*\)undef\([  ] [ ] * \ ) ■ 

a c_e B= ' $%\1 #\2def i ne\3 ' 
a c_e  C = ' ' 

a c_eD= 1 %g ' 


CON  F IG_HE ADERS=$TCON  F I G_H E A D E R S - " conf i g . h " > 

for  a c_f i l e in  ..  $ C 0 N F I G_H E A D E R S ; do  if  test  "x$ac_file"  !=  x..;  then 
# Support  "out f i leC  : i nf  i leD  ",  defaulting  i n f i l e = " o u t f i l e . i n " . 
case  " $ a c_f i L e " in 

*:*)  a c_f i l e_i n= ' ec ho  " $ a c_f i l e " | s e d 's %.*:%%'' 
ac_f i le= 1 echo  " $ a c_f i l e " | s e d ' s% :.*%%'■  ;; 

*)  ac_fi  le_in  = "${ac_fi  le>.  in"  ;; 
e s a c 


echo  creating  $ac_file 

rm  -f  conf test . frag  conftest.in  conftest.out 
cp  $ac_given_srcdir/$ac_file_in  conftest.in 

EOF 

ft  Transform  confdefs.h  into  a sed  script  c on  f t e s t . va  l s that  substitutes 

tt  the  proper  values  into  config.h.in  to  produce  config.h.  And  first: 

tf  Protect  against  being  on  the  right  side  of  a sed  subst  in  conf  i g . status  . 

tf  Protect  against  being  in  an  unquoted  here  document  in  config.  status. 

rm  -f  conftest.vals 

cat  > conf test.hdr  <<\E0F 

s/C\\S%]/\\&/g 

s%: \ \$ 1 :%\ \&%g 

EOF 

echo  1 s%#define  \ ( L A - Z a - z_] C A - Z a - z 0 - 9_] * \ ) ' \ 

' *\ ( ■ *\)%$Tac_dA>\1 $Cac_dB>\1 $ C a c_d C > \ 2 $ { a c_d D > % g p ' >>  conftest.hdr 
cat  >>  conftest.hdr  <<\E0F 
s % a c_d  Xa c_u  % g p 


v e n . 
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s %a c_u  % a c_e  % g p 
EOF 

sed  -n  -f  conftest.hdr  confdefs.h  > c on f t e s t . va L s 
rm  -f  conftest.hdr 

This  is  necessary,  for 
predefined  and  required 
to  define  it. 

Ka-zA-Z  0-9]*%/*  & */% 


tf  This  sed  command  replaces  #undef  with  comments. 
ft  example,  in  the  case  of  _P0 S I X_S 0 U R C E , which  is 
tf  on  some  systems  where  configure  will  not  decide 
cat  >>  c o n f t e s t . v a l s <<\E0F 

s%AC  :*#[  :*undefC  ][  ]*Ca-zA-Z 
EOF 


ft  Break  up  c o n f t e s t . v a l s because  some  shells  have  a limit  on 
ft  the  size  of  here  documents,  and  old  seds  have  small  limits  too. 
ft  Maximum  number  of  lines  to  put  in  a single  here  document, 
a c_ma  x_here_l i nes  = 1 2 

rm  -f  conftest.tail 
while  : 
do 

a c_l i n e s = ' g r e p -c  . c o n f t e s t . va  l s 1 

# grep  -c  gives  empty  output  for  an  empty  file  on  some  AIX  systems. 

if  test  -z  "$ac_lines"  ||  test  "$ac_lines"  -eq  0;  then  break;  fi 

ft  Write  a limited-size  here  document  to  conftest.frag. 

echo  ' cat  > conftest.frag  <<CE0F'  >>  $ C ON F I G_S T A T U S 

sed  $ { a c_ma x_h e r e_ l i n e s } q c o n f t e s t . v a l s >>  $ C 0 N F I G_S T A T U S 

echo  ' CEOF 

sed  -f  conftest.frag  conftest.in  > conftest.out 
rm  -f  conftest.in 
mv  conftest.out  conftest.in 
' >>  SCON F IG_STATUS 

sed  1 ,$lac_max_here_l i nesTd  c o n f t e s t . v a l s > conftest.tail 
rm  -f  c o n f t e s t . va  l s 
mv  conftest.tail  c o n f t e s t . v a l s 
done 

rm  -f  c on f t e s t . va  l s 


cat  >>  SCON FIG_STATUS  <<\E0F 

rm  -f  conftest.frag  conftest.h 

echo  "/*  $ac_file.  Generated  automatically  by  configure.  */"  > conftest.h 
cat  conftest.in  >>  conftest.h 
rm  -f  conftest.in 

if  cmp  -s  $ac_file  conftest.h  2>/dev/null;  then 
echo  "$ac_file  is  unchanged" 
rm  -f  conftest.h 
else 

ft  Remove  last  slash  and  all  that  follows  it.  Not  all  systems  have  dirname. 
ac_di r= ' echo  $ac_file|sed  ' s %/H A / 3 C A /□*$%%' ' 

if  test  "$ac_di r"  !=  "$ac_file"  SS  test  "$ac_di r"  !=  .;  then 
ft  The  file  is  in  a subdirectory, 
test  ! -d  "$ac_dir"  SS  mkdir  "$ac_di r" 
f i 

rm  - f $ a c_f i l e 
mv  conftest.h  $ac_file 
f i 

f i ; done 
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configure 

exit  0 
EOF 

chmod  + x $ C 0 N F I G_S  T A T U S 

rm  -f r confdefs*  $ a c_c L e a n_f i l e s 

test  " $ n o_c  reate"  = yes  ||  $ { C 0 N F I G_S H E L L- / b i n / s h > SCONFIG  STATUS 


exit  1 
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configure.in 

d n L 

dnl  $Id:  c on f i g u r e . i n , v 1.30.2.1  1 996/1  1 /1  4 04:09:1  4 cbertsch  Exp  $ 
d n l 

dnl  This  file  in  input  to  autoconf.  It  consists  of  a series  of  m4 
dnl  macros  which  expand  to  produce  the  shell  script  "configure", 
dnl  Anything  which  is  not  an  m4  macro  is  copied  directly  to  the  output, 
dnl 

dnl  Start  things  up.  If  the  specified  file  doesn't  exist,  configure 
dnl  will  comp  lain. 

AC_INIT(lib/pgp/pipe/utils/pipeline.h) 

dnl  The  following  tests  need  to  know  that  we  intend  to  produce  a config. 
dnl  file,  even  though  this  won't  expand  to  any  shell  script  code  until 
dnl  A C_0  U T P U T time. 

AC_CONFIG_HEADER( config  . h) 

dnl  The  following  directory  is  where  we  will  find  the  ancillary  scripts, 
dnl  like  install-sh,  config. sub,  and  c o n f i g . g u e s s . 

AC_C0N  F IG_AUX_D IR(config) 

dnl  Checks  for  programs. 
ft  Find  a compiler  to  use. 

ft  Check  1)  The  $CC  environment  varaible,  2)  gcc,  3)  acc,  and  4)  cc. 
dnl  This  used  to  be  just  A C - C H E C K- P R 0 G S ( C C , gcc  acc,  cc),  but... 
ft  This  deals  with  brain-damaged  Sun  systems  that  place  a bogus  cc  or 
ft  acc  executable  in  the  $ P A T H , which  just  prints  an  error  and  exit. 
ft  We  deal  with  this  by  actually  trying  to  compile  a trivial  test  program 
if  eval  "test  \" ' echo  1 $ ' 1 { ' a c_c v_p r og_C C ' +s e t } ' ' \ " = set";  then 
AC„MSG_CHECKING( For  C compiler  (cached)) 

CC="$ac_cv_prog_CC" 

AC_MSG_RESULT ( $CC ) 
elif  test  -n  "$CC";  then 

a c_c  v_p  r og_C  C = " $ C C " ft  Let  the  user  override  the  test. 

A C_M  SG_CHECKING( For  C compiler) 

AC_MSG_RESULT ( $ C C ) 
else 

IFS  = "$CIFS=  a c_s  a v e_i fs  = "$IFS";  I F S = " $ C I F S > : " 

echo  'mainOlreturn  0;}'  > conftest.$ac_ext 

for  ac_prog  in  gcc  acc  cc;  do 

ft  Extract  the  first  word  of  "$ac_prog",  so  it  can  be  a program  name  with 
set  dummy  $ac_prog;  ac_word=$2 
A C_M  SG_CHECKING(for  $ac_word) 
for  ac_dir  in  $PATH;  do 

test  -z  "$ac_di r"  &&  ac_dir=. 
if  test  -r  " $a c_d i r / $a c_wo rd " ; then 
C C = " $ a c_p  rog" 
if  eval  $ a c_c omp i l e ; then 
ac_cv_prog_CC  = "$a c_p  rog" 
f i 

break 
f i 
done 

CC  = "$ac_c  v_p  r o g_C  C " 
if  test  -n  " $ C C " ; then 

A C_M  SG_RESULT ($a  c_d i r/$CC) 
break; 
f i 

AC  MSG  RESULT (no) 


args  . 
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done 

if  test  ! -n  " $ C C " ; then 

A C_M S G_E R RO R ( no  C compiler  found) 
f i 

I FS  = "$ac_save_i fs" 
rm  -f  conf test* 
f i 

AC_SUBST ( CC ) 

A C_C A C H E_C H E C K ( w h e t h e r we  are  using  GNU  CC,  a c_c v_p r o g_g c c , 

Cdnl  The  semicolon  is  to  pacify  NeXT's  s y n t a x - c h e c k i ng  cpp. 
cat  > conftest.c  <<E0F 

#ifdef  GNUC 

yes; 

#end i f 
EOF 

if  $CCC-cc>  -E  conftest.c  2>&AC_FD_CC  | egrep  yes  >/dev/null  2>&1;  then 
ac_cv_pro  g_g  c c = y e s 
else 

a c_c  v_p rog_gcc  = no 
f i ] ) 

if  test  $a c_c v_p r og_g c c = yes;  then 
if  test  "SCCFLAGS+setJ"  !=  set;  then 
A C_C A C H E_C H E C K ( w h e t h e r ${CC-cc>  accepts  -g,  a c_c v_p r o g_g c c_g , 

[echo  'void  f()C>'  > conftest.c 

if  test  -z  " ' $(CC-cc)  -g  -c  conftest.c  2>&1'";  then 
a c_c v_p rog_gc c_g  = ye s 
else 

ac_cv_prog_gcc_g=no 
f i 

rm  -f  conf test* 

] ) 

f i 
f i 

# Now,  figure  out  what  CFLAGS  we  want.  If  the  user  didn't  ask  specifically, 

# we're  going  to  use  some  ideas  of  our  own. 
if  test  "$CCFLAGS+set>"  !=  set;  then 

# Prefer  optimizing,  with  debugging  a second 

if  test  $ a c_c v_p r o g_g c c $a c_c v_p r o g_g c c_g  = yesyes;  then 
C FLAGS  = "-0  -g" 
else 

C FLAGS=-0 
f i 

dnl  This  ugly  hack  is  to  get  warnings  enabled  where  possible. 

A C_M S G_C H E C K I N G ( f o r useful  warning  options  (\$WARN)) 
if  test  "$CWARN+set>"  !=  set;  then 
if  test  $ a c_c v_p r o g_g c c = yes;  then 

WARN="-Wall  -W  -Wshadow  - W p o i n t e r - a r i t h - Wm i s s i n g-p r o t o t y pe s \ 
-Wwrite-strings" 

elif  $CC  -flags  2 > S 1 | grep  SunSoft  >/dev/null  2>&1  || 

$CC  -flags  2>&1  | grep  SunPro  >/dev/null  2>&1;  then 

if  $CC  -flags  2 > S 1 | grep  'checking'  | grep  'A-vc'  > /dev/null  2 > & 1 ; then 

WARN=-vc 

elif  $CC  -flags  2 > & 1 | grep  'checking'  | grep  ' A - v ' > /dev/null  2 > & 1 ; then 

W A R N = - v 
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f i 

if  $CC  -flags  2 > & 1 | g rep  1 A-xstrconst 1 > /dev/null  2>&1;  then 

WARN="${WARN}${WARN+  )-xstrconst" 
f i 
f i 

ft  Any  other  compiler's  warning  flags? 
f i 

A C_M  S G_R  ESULT (SlWARN-none)) 

A C_S  UBST (WARN) 

f i 

ft  AA  end  of  CFLAGS  inference  section 
AC_REQU I RE_C  PP 

ft  Finally,  figure  out  the  command  to  generate  dependencies. 

A C_C A C H E_C H E C K ( h o w to  make  dependencies,  a c_c v_p r o g_D E P E N D , 

[if  test  -n  "SDEPEND";  then 
ac_cv_prog_DEPEND="$DEPEND" 
else 

IFS="$(IFS=  } " ; a c_s a v e_i f s = " $ I F S " ; I F S = " $ C I F S } : " 
echo  '^include  " c o n f d e f s . h " ' > conftest.c 

for  a c_p  r og  in  "$CPP  -M"  "$CC  -xM"  "$CC  -M";  do 
echo  $ac_prog  SCPPFLAGS  conftest.c  1 >&AC_F D_C C ; 
if  $a  c_p  rog  SCPPFLAGS  conftest.c  2>&AC_FD_CC  \ 

| egrep  "conftest\.o"  >/  dev/nul  l 2 > & 1 / then 
a c_c v_p  rog_DEPEND  = "$a  c_p  rog  SCPPFLAGS" 
break 
f i 
done 

if  test  ! -n  " $ a c_c v_p r o g_D E P E N D " ; then 
ac_cv_prog_DEPEND=: 
f i 

I FS="$ac_save_i f s " 
rm  -f  conftest* 
fid) 

DEPEND  = "$ac_c  v_p  rog_DEPEND" 

AC_SUBST (DEPEND) 

ft  Find  a B S D - c o m p a t i b i l e install  program,  with  install-sh  as  a fallback. 
A C_P  R 0 G_I N S T A L L 

ft  Find  "ranlib".  Sone  systems  don't  have  or  need  ranlib.  If  so, 
ft  (do  nothing)  is  used  instead. 

A C_P  R 0 G_R  A N L I B 

ft  Use  symlinks  (In  -s)  if  possible.  If  not,  use  hard  links  (In). 

A C_P  R 0 G_LN_S 

ft  Figure  out  how  to  test  for  symlinks...  Check  'test  -L'  and  then  'test 
AC_CACHE_CHECK( how  to  test  for  symlinks,  a c_c v_p r o g_T E S T_L , 

[rm  -f  conftest 
$ a c_c v_p r o g_L N_S  foo  conftest 

IFS  = "$(IFS=  >";  a c_s a v e_i f s = " $ I F S " ; I F S = " $ C I F S > : " 

if  ( test  -L  conftest  );  then 
a c_c  v_p  r o g_T  EST_L  = "test  -L" 
elif  ( test  -h  conftest  );  then 
a c_c v_p r o g_T E S T_L= " t e s t -h" 
else 

a c_c  v_p  r og_T  EST_L  = "test  ! -f" 
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f i 

I FS="$ac_save_i fs" 
rm  - f conf test*]) 

TEST_L  = "$ac_c  v_p  r o g_T  E S T_L " 

AC_SUBST (TEST_L) 

dnl  Checks  for  libraries, 
dnl  (we  don't  have  any) 

dnl  Checks  for  header  files. 

# Check  that  this  system  has  a set  of  properly  working  ANSI  C header  files. 

# In  particular,  check  for  the  existence  of  <stdlib.h>,  <stdarg.h>, 

ft  <string.h>  and  <float.h>.  Also  check  that  <string.h>  declares  mem*, 

# that  <stdlib.h>  declares  free,  and  that  the  <ctype.h>  macros  work 
ft  with  values  >=  128. 

A C_H  E A D E R_S  T D C 

ft  Check  that  we  have  <fcntl.h>,  <limits.h>,  <stdarg.h>  and  <stdlib.h> 
ft  individually. 

A C_C H E C K_H E A D E R S ( f c n t l . h limits,  h stdarg.h  stdlib.h  unistd.h  \ 
sys/ioctl.h  sys/time.h  sys/timeb.h  sys/param.h) 

A C_H  E A D E R_T I M E 

dnl  Checks  for  typedefs,  structures,  and  compiler  characteristics. 

# Verify  that  the  compiler  supports  const,  and  that  it  works. 

# A lot  of  compilers  sort  of  support  const,  but  they  have  bugs 

# that  will  prevent  valid  programs  from  compiling. 

A C_C_C  0 N S T 

ft  See  if  we  have  off_t  in  < s y s / t y pe  s . h > or  <stdlib.h>. 
ft  If  not,  define  it  as  "long". 

A C_T  Y P E_0 F F_T 

ft  See  if  we  have  si  ze_t  similarly.  If  not,  define  it  as  unsigned. 

A C_T  Y P E_S I Z E_T 

dnl  Checks  for  library  functions. 

AC_CHE CK_FUN C S ( ge t h r t i me  clock_gettime  clock_getres  gettimeofday  \ 
getitimer  setitimer  ftime) 

ft  The  big  bang!  Produce  the  output  files.  This  is  config. cache,  and 
ft  config. status,  which  builds  the  config. h file  and  a long  list  of 
ft  Makefiles. 

dnl  The  value  specified  to  A C_C 0 N F I G_H E A D E R at  the  top  if  the  file  is 
dnl  used  here. 

PGP_AC_OUTPUT ( Ma kef i l e lib/Makefile  lib/bn/Makefile  lib/pgp/Makefile 
lib/pgp/ include/Makefi le  lib/pgp/helper/Makefi  le 
lib/pgp  / compress/Makefi  le  lib/pgp/hash/Makefi  le 
lib/pgp/ cipher/Makefi  le  lib/pgp/random/Makefi  le 
lib/pgp/pubkey/Makefi le  lib/pgp/pipe/Makefi  le 
lib/pgp/pipe/uti Is/Makefi le  lib/pgp/pipe/fi  le/Makefi  le 
lib/pgp/pipe/ sig/Makefi  le  lib/pgp/pipe/crypt/Makefi  le 
lib/pgp/pipe/text/Makefi le  lib/pgp/pipe/parser/Makefi  le 
lib/pgp/uti  Is/Makefi le  lib/pgp/keys/Makefi  le 
lib/ttyui/Makefile  apps/Makefile  apps/common/Makefile 
apps/enctest/Makefi le  apps/dectest/Makefi le  apps/sigvrfy/Makefi le 
apps/pgp3/Makefi  le  a pp s / pg p k / M a k e f i l e , c on f i g / p r e . i n , c o n f i g / po s t . i n ) 
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files 


files 

files 

. cvsignore 
configure 
Makefile. in 
a c l o c a l . m4 
config.h.in 
configure. in 
apps/ . cvsignore 
apps/Makefi  le.in 
apps/common/ . cvsi gnore 
apps/common/Makefi  le.in 
apps/common/ exi t . c 
apps/common/exit.h 
apps/common/fi  le.c 
apps/common/fi  le.h 
apps/ common/ i ni tapp  . c 
apps/common/ initapp.h 
apps/ common/ pgpopt  . c 
apps/ common/ pgpopt  . h 
apps/dectest/ .cvsignore 
apps/dectest/Makefi  le.  in 
apps/dectest/dectest  . c 
apps/enctest/ . cvsignore 
apps/enctest/Makef i le.  in 
apps/enctest/enctest  . c 
apps/pgp3/. cvsignore 
apps/pgp3/Makefi  le.  in 
apps/pgp3/main.c 
apps/pgpk/. cvsignore 
apps/pgpk/Makefi  le.  in 
apps/pgpk/main.c 
apps/sigvrfy/. cvsignore 
apps/sigvrfy/Makefi  le.in 
apps/sigvrfy/sigvrfy.c 
config/config.  guess 
config/config.sub 
config/instal  l-sh 
config/post.in 
config/pre.in 
lib/. cvsignore 
lib/Makefi  le.in 
lib/bn/. cvsignore 
lib/bn/Makefi  le. colin 
lib/bn/Makefi  le.in 
lib/bn/bn. c 
lib/bn/bn. h 
lib/bn/bnOO.c 
lib/bn/bn16.c 
lib/bn/bn16.h 
lib/bn/bn68000.c 
lib/bn/bn8086.c 
lib/bn/bni .h 
lib/bn/bniOO.c 
lib/bn/bni16.c 
lib/bn/bni16.h 
lib/bn/bni68000.c 
lib/bn/bni68000.h 
l i b / bn / bn i 68020  . c 
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files 


lib/bn/bni68020.h 

Lib/bn/bni80386.asm 

Lib/bn/bni80386.h 

L i b/bn/bni  80386  . s 

Lib/bn/bni8086.asm 

lib/bn/bni8086.h 

lib/bn/bni960jx.s 

lib/bn/bnialpha.h 

lib/bn/bnialpha.s 

lib/bn/bnimem.c 

Lib/bn/bnimem.h 

Lib/bn/bninit16.c 

Lib/bn/bnippc.c 

Lib/bn/bn ippc.h 

lib/bn/bnprint.c 

lib/bn/bnprint.h 

lib/bn/bnsizeOO.h 

lib/bn/cputime.  h 

lib/bn/dsaprime.c 

lib/bn/dsaprime.h 

Lib/bn/fi Les 

lib/bn/germain.c 

Lib/bn/germain.h 

Lib/bn/jacobi  .c 

lib/bn/jacobi.h 

Lib/bn/kLudge.h 

lib/bn/legal. c 

lib/bn/legal.h 

Lib/bn/ppcasm.h 

Lib/bn/prime. c 

lib/bn/prime.h 

Lib/bn/sieve. c 

lib/bn/sieve. h 

lib/ cipher/ . cvsi gnore 

lib/cipher/Makefi  le.in 

lib/cipher/cfb.c 

lib/cipher/cfb.h 

lib/cipher/cipher. c 

lib/cipher/cipher. h 

lib/cipher/des3.c 

lib/cipher/des3.h 

lib/ cipher/des3_68K. c 

lib/c ipher/idea.c 

lib/cipher/idea.h 

lib/compress/. cvsignore 

lib/compress/Makefi le. in 

li  b/compress/compress . h 

lib/compress/zinflate.c 

lib  / compress/zinf  late,  h 

lib/hash/. cvs ignore 

lib/hash/Makefi  le. in 

lib/hash/hash. c 

lib/hash/hash. h 

lib/hash/ md 5. c 

lib/hash/md5.h 

Lib/hash/sha.c 

Lib/hash/sha.h 

lib/helper/. cvsignore 

lib/helper/Makefi  le.  in 
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Lib/helper/annotate. c 

lib/helper/bytefifo.c 

lib/helper/byte'fifo.h 

Lib/heLper/charmap.c 

lib/helper/charmap.h 

lib/helper/fifo.c 

lib/helper/fifo.h 

lib/helper/globals.c 

lib/helper/passcach.c 

lib/helper/passcach.h 

lib/helper/pgpdebug.c 

lib/helper/pgpdebug.h 

Lib/heLper/pgperr.c 

lib/helper/pgpfi Le.c 

lib/helper/pgpfi Le.h 

tib/helper/pgpleaks.c 

Lib/heLper/pgpleaks.h 

Lib/helper/pgpmem.  c 

lib/helper/pgpmem.h 

lib/helper/pgpmsg.c 

lib/helper/pipefi  le.c 

lib/helper/str2key.c 

lib/helper/str2key.h 

lib/helper/timedate.  c 

lib/helper/timedate.h 

lib/include/. cvsignore 

lib/include/Makefi  le.in 

lib/include/annotate. h 

lib/include/convkey.h 

lib/include/kludge. h 

lib/include/pgperr.h 

lib/include/pgpmsg.h 

lib/include/pgpui  .h 

lib/include/pktbyte.h 

lib/include/usuals.h 

l i b/keys/ .cvsignore 

lib/keys/Makefi  le.  in 

lib/keys/mempool  .c 

lib/keys/mempool  .h 

l i b/  keys  /new  . h 

lib/keys/ringpi ck.  c 

lib/keys/ringview.c 

lib/keys/ringfi  le.c 

lib/keys  / ri ngmnt  . c 

lib/keys  / ri ngmnt  . h 

lib/keys  / ringpars  . c 

lib/keys/ringpars.h 

lib/keys/ringpkt.c 

lib/keys/ringpkt.h 

lib/keys/ringpriv.c 

lib/keys/ringpriv.h 

lib/keys/ringpub.c 

lib/keys/ringpub.h 

lib/keys/ringread.  c 

lib/keys/ringread.h 

lib/keys/ ringui.c 

lib/keys/ringui .h 

lib/keys/trust. c 

lib/keys/trust. h 


files 


lib/keysl/.cvsignore 
lib/keysl /Makefi Le. in 
lib/keysl/mempool.c 
Lib/keysl/mempool.h 
Lib/keysl/new.h 
Lib/keysl/ringpick.c 
Lib/keysl / ringview. c 
Lib/keysl/ringfi Le.c 
Lib/keysl/ringmnt.c 
Lib/keysl/ringmnt.h 
Lib/keysl/ringpars.c 
Lib/keysl/ringpars.h 
lib/keysl/ringpkt.c 
Lib/keysl/ringpkt.h 
Lib/keysl / ringpriv. c 
Lib/keysl/ringpriv.h 
Lib/keysl / ringpub. c 
Lib/keysl/ringpub.h 
Lib/keysl / ringread. c 
Lib/keysl/ringread.h 
Lib/keysl/ringui .c 
Lib/keysl/ringui .h 
Lib/keysl/trust.c 
Lib/keysl/trust.h 
Lib/pipe/. cvsignore 
Lib/pipe/Makefi Le. in 
Lib/pipe/crypt/. cvsignore 
Lib/pipe/crypt/Makefi Le.in 
Lib/pipe/crypt/ciphrmod.c 
Lib/pipe/crypt/ciphrmod.h 
Lib/pipe/crypt/convmod.c 
Lib/pipe/crypt/convmod.h 
Lib/pipe/crypt/makepke.c 
Lib/pipe/cry  pt/makepke.h 
Lib/pipe/crypt/pkemod.c 
Lib/pipe/crypt/pkemod.h 
Lib/pipe/fi  Le/. cvsignore 
Lib/pipe/fi Le/Makefi Le.in 
Lib/pipe/fi Le/armor.c 
Lib/pipe/fi Le/armor.h 
Lib/pipe/fi Le/armorf i L.c 
Lib/pipe/fi Le/armorf i L .h 
Lib/pipe/fi Le/crc.c 
Lib/pipe/fi Le/crc.h 
Lib/pipe/fi Le/fi Lemod.c 
Lib/pipe/fi Le/fi Lemod.h 
Lib/pipe/fi Le/header.c 
Lib/pipe/fi Le/header.h 
Lib/pipe/fi Le/parseasc.c 
Lib/pipe/fi Le/parseasc.h 
Lib/pipe/fi Le/radix64.c 
Lib/pipe/fi Le/radix64.h 
Lib/pipe/parser/. cvsignore 
Lib/pipe/parser/Makefi Le.  in 
Lib/pipe/parser/parsebin.c 
Lib/pipe/parser/parsebin.h 
Lib/pipe/parser/readann.  c 
Lib/pipe/parser/readann.h 
Lib/pipe/parser/verifyra.c 
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lib/pipe/parser/verifyra.h 
lib/pipe/parser/vrfysig.c 
lib/pipe/parser/vrfysig.h 
Lib/pipe/sig/ . cvsignore 
lib/pipe/sig/Makefi  Le.  in 
lib/pipe/sig/hashmod.c 
lib/pipe/sig/hashmod.h 
Lib/pipe/sig/sigmod.c 
lib/pipe/sig/sigmod.h 
Lib/pipe/text/. cvsignore 
lib/pipe/text/Makefi  Le.in 
Lib/pipe/ text/compmod.  c 
lib/pipe/text/compmod.h 
Lib/pipe/text/defmod.c 
Lib/pipe/text/defmod.h 
lib/pipe/text/infmod.c 
lib/pipe/text/infmod.h 
Lib/pipe/text/literaL  .c 
lib/pipe/text/literal. h 
Lib/pipe/text/textfi Lt.c 
lib/pipe/text/textfi  Lt.h 
lib/pipe/text/zbits.c 
lib/pipe/text/zdeflate.c 
lib/pipe/text/zip.  h 
Lib/pipe/text/zmatch.asm 
lib/pipe/text/ztai  lor.h 
lib/pipe/text/ztrees.c 
lib/pipe/uti Is/. cvsignore 
lib/pipe/uti Ls/Makefi  le.in 
lib/pipe/uti Is/addhdr.c 
lib/pipe/uti Is/addhdr.h 
lib/pipe/uti Is/copymod.c 
lib/pipe/uti Is/copymod.h 
lib/pipe/utils/devnull.c 
lib/pipe/utils/devnull.h 
lib/pipe/uti Is/ join.c 
lib/pipe/uti  Is/ join.h 
lib/pipe/uti Is/pipeline.h 
lib/pipe/uti Is/protomod.c 
lib/pipe/uti ls/rot13mod.c 
lib/pipe/uti ls/rot13mod.h 
lib/pipe/uti  Is/split.c 
lib/pipe/uti  Is/split.h 
l i b/pubkey/ . cvsignore 
lib/pubkey/Makefi  le.  in 
lib/pubkey/esk.c 
lib/pubkey/esk.h 
lib/pubkey/fixedkey.c 
lib/pubkey/fixedkey.h 
lib/pubkey/keyspec.c 
lib/pubkey/keyspec.h 
li b/pubkey/makesig  . c 
lib/pubkey/makesig.h 
lib/pubkey/pktlist.c 
lib/pubkey/pktlist.h 
lib/pubkey/pubkey.h 
lib/pubkey/pubkey.  c 
lib/pubkey/rsaglue.c 
lib/pubkey/rsaglue.h 


files 


lib/pubkey/rsakey.c 
Lib/pubkey/rsakey.h 
Lib/pubkey/sig.c 
Lib/pubkey/sig.h 
Lib/pubkeyl/. cvsignore 
Lib/pubkeyl/Makefi Le.in 
lib/pubkeyl/esk.c 
Lib/pubkeyl/esk.h 
Li b/ pubkeyl / fixedkey.  c 
lib/pubkeyl/fixedkey.h 
Lib/pubkeyl/keyspec.c 
Lib/pubkeyl/keyspec.h 
Lib/pubkeyl/makesig.c 
lib/pubkeyl /makesig.h 
Lib/pubkeyl/pktlist.c 
Lib/pubkeyl/pktList.h 
Lib/pubkeyl /pubkey.h 
Li b/pubkeyl /pubkey.  c 
Lib/pubkeyl / rsagLue.  c 
Lib/pubkeyl / rsagLue.  h 
Lib/pubkeyl / rsakey.  c 
Lib/pubkeyl / rsakey. h 
Lib/pubkeyl/sig.c 
Lib/pubkeyl/sig.h 
Li b/ random/ . cvsignore 
Lib/ random/Makefi  Le.  in 
Lib/random /ran.  h 
L i b/ random/ randevnt  . c 
Li b/random/ random,  c 
Li b/random/ random,  h 
Lib/ random/ randpooL  . c 
Li b/ random/ randpooL  . h 
L i b/ random/ randseed  . c 
Li b/ random/ randseed.  h 
Lib/ random/ ranmsdos.  c 
Lib/ random/ ranunix.  c 
Lib/ random/ranvms.  c 
Lib/ttyui/. cvsignore 
Lib/ttyui/Makefi Le.in 
Lib/ttyui/kb.h 
Lib/ttyui/kbmsdos.c 
Lib/ttyui/kbunix.c 
Lib/ttyui/posix.h 
Lib/ttyui/screen.h 
Lib/ttyui/scrmsdos.c 
Lib/ttyui/scrunix.c 
Lib/ttyui/userio.c 
Lib/ttyui/userio.h 
Lib/uti  L s / . cvsignore 
Lib/uti Ls/Makefi Le.in 
Lib/uti Ls/decpipe.c 
Lib/uti Ls/decpipe.h 
Lib/uti Ls/encpipe.c 
Lib/uti Ls/encpipe.h 
Lib/uti Ls/fi Letype.c 
Lib/uti Ls/fi Letype.h 
Lib/uti Ls/pgpconf.c 
Lib/uti Ls/pgpconf.h 
Lib/uti Ls/pgpenv.c 
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files 


l i b / u t 
l i b/ut 
l i b / u t 
l i b / u t 
l i b / u t 


i Is/pgpenv.h 
i Ls/sigpipe.c 
i Is/sigpipe.h 
i Ls/sigspec.c 
i Ls/sigspec.h 


223 


lib/ 


lib/ 
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.cvsignore 

Makefile  LIBDONE 


lib/. cvsignore 


lib/ Makefile  .in 

Makefile. in 

# 

ft  Lib/ 
ft 

ft  $ I d : Makef  i Le.  in,v  1.22  1 996/  1 1 /1  2 01:42:34  mhw  Exp  $ 

ft 

SUBDIRS=bn  pgp  ttyui 
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makefile.msc 

! include  " ma k e f i L e . i n " 

all  check  clean  depend  headers  install  very-clean:: 
for  %d  in  ( $(SUBDIRS)  ) do  \ 

cd  % d SS  $ ( M A K E ) / $ ( M A K E F L A G S ) /f  makefile.msc  $5)  SS  cd  .. 


clean:  : 


del  * . I i b 
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bn/ 


' 


.cvsignore 

Makefile  *32. c *32. h *64.  c *64. h 


lib/bn/,  cvsignore 


t - 


- h 


lib/bn/ Makefile. colin 


Makefile,  colin 

# 

ft  Unix  Makefile  for  bignum  math  library 

# 

ft  For  the  SPARC  v8,  at  least,  gcc  produces  a *much*  faster  library  than 
ft  the  SunPro  C compiler.  (1.26  vs.  4.11  sec  for  87x256-bit  modexps, 
ft  21.05  vs.  86.45  for  272x512  bits,  and  101.61  vs.  420.87  for  408x768  bits. 

ft 

ft  $ I d : Makefi  le. colin, v 1.1  3.2.1  1 996/1  1 /1  4 04:09:20  cbertsch  Exp  $ 

ft 


ft  Defaults  for  "make"  during  development. 

#DEFINE  = -DUS  E_G  ETHRVTIME  # Things  like  -DBNINCLUDE  = 

D E F I N E = - D B N I N C L U D E = l b n 8 0 3 8 6 . h ft  Things  like  -DBNINCLUDE  = 

0 B J S_E  X T = l b n 8 0 3 8 6 . o ft  Extra  object  files  (e.g.  assembly  routines) 

LIBS_EXT=  ft  Libararies 

ft  LIBS_EXT  = . ./dbmalloc/libdbmalloc.a 

ft  ft  GCC  settings 
C C = g c c 

WARN=-Wall  -Wshadow  - W p o i n t e r -a r i t h -Wstri ct-prototypes  \ 

-Wmissing-prototypes  -Wwri te-stri ngs 

KLUDGE  = -D USE_F I X E D_P ROTO  TYPES 

TUNE=-mv8 
0 PT  = -g  -06 

ft  if  SunPro  cc  settings 

ft  C C = c c 

#WARN=-v 

#KLUDGE= 

#TUNE=-xcg92  -xstrconst 
#0PT=-x05 

ft  The  full  flags  line 

CFLAGS  = $(OPT)  $ ( T U N E ) $(WARN)  S(KLUDGE)  $(DEFINE) 

SHELL  = /bin/sh 
. SUFFIXES : 

. SUFFIXES : . c . h . o 

LD  =$(CC) 

LDFLAGS  = 

CPP  = $ ( C C ) -E 


ft  uncomment  this  for  old  versions  of  make 
# M A K E = make 

AS  =$(CC)  -c  # Assembler  command 


all:  b n . a 


. DEFAULT: 

co  -q  $ < 


ft  The  core  of  the 
BN160BJS  = b n 1 6 . o 
BN320BJS  = bn32  . o 
BN640BJS  = b n 6 4 . o 


math  library  in  various  sizes 
l bn  1 6 . o bninit16.o 
lbn32.o  bninit32.o 
lbn64.o  bninit64.o 
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tt  If  you  don't  know  what  size  to  use,  use  this,  which  auto-detects 
BN000BJS  = bnOO.o  IbnOO.o 

BNOBJS  = $(BNOOOBJS) 

tt  S i z e - i nd  e pe  n d e n t auxiliary  files. 

BNAUXOBJS  = bn.o  Ibnmem.o  sieve. o prime. o germain.o  jacobi.o  bnprint.o  legal. o 
tt  Auto-generated  aux  sources 

BNSOURCES  = lbn32.c  lbn32.h  bn32.c  bn32.h  bninit32.c  \ 
lbn64.c  lbn64.h  bn64.c  bn64.h  bninit64.c 

tt  When  using  gcc  to  compile  the  library,  also  include  libgcc  so  that 
tt  another  compiler  can  use  it  without  blowing  up. 

LIBGCC=/usr/gnu/lib/gcc-lib/sparc-sun-solaris2.4/2.7.0/libgcc.a 
LIBGCCFIRST = g cc_bcmp.o 

tt  Default  target 

bn. a:  S(BNAUXOBJS)  $(BN0BJS)  $(0BJS_EXT) 

rm  - f $ a 

tt  cp  SCLIBGCC)  $3 

tt  ar  rcb  $ ( L I BG  C C F I R ST  ) $3  S(BNAUXOBJS)  $(BN0BJS)  $(0BJS_EXT) 

ar  re  $3  S(BNAUXOBJS)  $(BN0BJS)  $(0BJS_EXT) 

- r a n l i b $ a 

all:  bn. a bntest 

bntest:  bntestOO.o  IbnOO.o  Ibnmem.o  legal. o 

$(LD)  $(LDFLAGS)  -o  $3  bntestOO.o  IbnOO.o  Ibnmem.o  legal. o $(LIBS_EXT) 

bntest16:  bntest16.o  lbn16.o  Ibnmem.o  legal. o 

$ ( L D ) $(LDFLAGS)  -o  $3  bntest16.o  lbn16.o  Ibnmem.o  legal. o $(LIBS_EXT) 

bntest32:  bntest32.o  lbn32.o  Ibnmem.o  legal. o 

$ ( L D ) $(LDFLAGS)  -o  $3  bntest32.o  lbn32.o  Ibnmem.o  legal. o $(LIBS_EXT) 

bntest64:  bntest64.o  lbn64.o  Ibnmem.o  legal. o 

$ ( L D ) $(LDFLAGS)  -o  $3  bntest64.o  lbn64.o  Ibnmem.o  legal. o $(LIBS_EXT) 

clean: 

rm  -f  $(BN000BJS)  $(BN160BJS)  $(BN320BJS)  $(BN640BJS)  $(BNAUXOBJS)  \ 
core  tags 


spotless:  clean 

rm  -f  bn . a $ (BNSOURCES ) 

rcsclean: 

rcsclean  R C S / * 

tttttt  Some  manual  dependencies  needed  by  the  bignum  library 

tt  The  bignum  library  is  available  in  three  sizes  - 16,  32  and  64-bit 

tt  words  - which  are  generated  from  the  16-bit  version  using  sed. 

IbnOO.o:  lbn16.c  lbn32.c  lbn64.c 

bnOO.o:  bn16.c  bn32.c  bn64.c  bninit16.c  bninit32.c  bninit64.c 
lbn32.c:  l b n 1 6 . c 

test  ! -f  $3  -o  -w  $3  | | (chmod  u+w  $3  &&  test  -w  $3)  | | rm  -f  $3 


231 


lib/bn/ Makefile,  colin 


sed  -e  s/32/64/g  -e  s/16/32/g  lbn16.c  > $3 
chmod  a-w  $3 

Lbn64.c:  L bn  1 6 . c 

test  ! -f  $3  -o  -w  $3  ||  (chmod  u+w  $3  88  test  -w  $3)  ||  rm  -f  $3 

sed  -e  s/32/128/g  -e  s/16/64/g  lbn16.c  > $3 
c hmod  a-w  $3 

Lbn32.h:  lbn16.h 

test  ! -f  $3  -o  -w  $3  | | (chmod  u+w  $3  &&  test  -w  $3)  | | rm  -f  $3 

sed  -e  s/32/64/g  -e  s/16/32/g  Lbn16.h  > $3 
chmod  a-w  $3 

lbn64.h:  lbn16.h 

test  ! -f  $3  -o  -w  $3  ||  (chmod  u+w  $3  88  test  -w  $3)  ||  rm  -f  $3 

sed  -e  s/32/128/g  -e  s/16/64/g  lbn16.h  > $3 
chmod  a-w  $3 

bn32.c:  bn16.c 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | rm  -f  $3 

sed  -e  s/32/64/g  -e  s/16/32/g  bn16.c  > $3 
chmod  a-w  $3 

bn64 . c : bnl  6 . c 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | rm  -f  $3 

sed  -e  s/32/128/g  -e  s/16/64/g  bn16.c  > $3 
chmod  a-w  $3 

bn32 . h : bnl 6 . h 

test  ! -f  $3  -o  -w  $3  | | (chmod  u+w  $3  88  test  -w  $3)  | | rm  -f  $3 

sed  -e  s/32/64/g  -e  s/16/32/g  bn16.h  > $3 
chmod  a-w  $3 

bn64  . h : bnl 6 . h 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | rm  -f  $3 

sed  -e  s/32/128/g  -e  s/16/64/g  bn16.h  > $3 
chmod  a-w  $3 

bninit32.c:  bninit16.c 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | rm  -f  $3 

sed  -e  s/32/64/g  -e  s/16/32/g  bninit16.c  > $3 
c hmod  a-w  $3 

bninit64.c:  bninit16.c 

test  ! -f  $3  -o  -w  $3  ||  (chmod  u+w  $3  88  test  -w  $3)  | | rm  -f  $3 

sed  -e  s/32/128/g  -e  s/16/64/g  bninit16.c  > $3 
c hmod  a-w  $3 

bntest32.c:  bntest16.c 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | rm  -f  $3 

sed  -e  s/16/32/g  bntest16.c  > $3 
chmod  a-w  $3 

bntest64.c:  bntest16.c 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | rm  -f  $3 

sed  -e  s/16/64/g  bntest16.c  > $3 
chmod  a-w  $3 

# An  explicit  target  that  can  be  made  before  distribution  for 
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# machines  that  don't  have  sed. 
bnsources:  $(BNSOURCES) 

##  Dependencies  tttt 

UUU  Bignum  Library  dependencies 

# The  bignum  Library  does  a Lot  of  preprocessor  trickery  with 

tf  <Limits.h>  and  conditional  //includes.  Here  are  all  the  dependencies 

# that  might  happen  some  of  the  time,  but  not  all  of  the  time  (and 

# never  all  on  any  given  platform). 

LbnOO.o:  Lbn16.c  lbn32.c  Lbn64.c  Legal,  h 

bnOO.o:  bn16.c  bn16.h  Lbn16.h  bn32.c  bn32.h  Lbn32.h  bn64.c  bn64.h  Lbn64.h 
bntestOO.o:  bntest16.c  Lbn16.h  bntest32.c  Lbn32.h  bntest64.c  Lbn64.h  \ 
Lbnmem.h  Lbn.h  cputime. h 

###  Automatically  generated  dependencies  below  this  (gcc  -MM  *.c) 
bn.o:  bn.c  bn.h 

bnOO.o:  bnOO.c  bnsizeOO.h  lbn.h  bn32.c  kludge. h lbn32.h  lbnmem.h  \ 
bn32.h  bn.h  bninit32.c 

bn16.o:  bn16.c  kludge. h lbn.h  lbn16.h  lbnmem.h  bn16.h  bn.h 

bn32.o:  bn32.c  kludge. h lbn.h  lbn32.h  lbnmem.h  bn32.h  bn.h 

bn64.o:  bn64.c  kludge. h lbn.h  lbn64.h  lbnmem.h  bn64.h  bn.h 

bn68000.o:  bn68000.c  lbn.h  lbn68000.h  bn16.h  bn32.h 
bn8086.o:  bn8086.c  lbn.h  lbn8086.h  bn16.h  bn32.h 
bninit16.o:  bninit16.c  bn.h  bn16.h 
bninit32.o:  bninit32.c  bn.h  bn32.h 
bninit64.o:  bninit64.c  bn.h  bn64.h 
bnprint.o:  bnprint.c  bn.h  bnprint.h 

bntestOO.o:  bntestOO.c  bnsizeOO.h  lbn.h  bntest32.c  kludge. h cputime. h \ 
l bn32  . h 

bntest16.o:  bntest16.c  kludge. h cputime. h lbn16.h  lbn.h 
bntest32.o:  bntest32.c  kludge. h cputime. h lbn32.h  lbn.h 
bntest64.o:  bntest64.c  kludge. h cputime. h lbn64.h  lbn.h 

germain.o:  germai n . c kludge. h bn.h  germain.h  jacobi.h  lbnmem.h  sieve. h 
jacobi.o:  jacobi.c  bn.h  jacobi.h 

LbnOO.o:  IbnOO.c  bnsizeOO.h  lbn.h  lbn32.c  kludge. h lbn32.h  lbnmem.h  \ 
l e g a l . h 

lbn16.o:  lbn16.c  kludge. h lbn.h  lbn16.h  lbnmem.h  legal. h 

lbn32.o:  lbn32.c  kludge. h lbn.h  lbn32.h  lbnmem.h  legal. h 

lbn64.o:  lbn64.c  kludge. h lbn.h  lbn64.h  lbnmem.h  legal. h 

lbn68000.o:  lbn68000.c  lbn.h 

lbn68020.o:  Lbn68020.c  lbn.h 

Ibnmem.o:  Ibnmem.c  lbn.h  lbnmem.h 

Ibnppc.o:  Ibnppc.c  Ibnppc.h  ppcasm.h 

legal. o:  legal. c legal. h 

monier.o:  monier.c  kludge. h bn.h  monier.h  jacobi.h  lbnmem.h  sieve. h 
prime. o:  prime. c kludge. h bn.h  lbnmem.h  prime. h sieve. h 
sieve. o:  sieve. c kludge. h bn.h  sieve. h 
sievex.o:  sievex.c  kludge. h bn.h  sieve. h 
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Makefile.in 

# 

ft  l i b / bn 
ft 

ft  $Id:  Ma ke f i l e . i n , v 1.23  1 996/1  1 /1  2 01:42:34  mhw  Exp  $ 

ft 

ft  Ignore  post-processed  dependencies  here 
D E P E N D = : 

ft  The  BigNum  library  in  various  word  sizes 
BN160BJS  = bn16.o  bni16.o  bninit16.o 

BN320BJS  = bn32.o  bni32.o  bninit32.o 

BN640BJS  = bn64.o  bni64.o  bninit64.o 

ft  This  one  auto-detects 

BN000BJ  S = bnOO.o  bniOO.o 

ft  If  you  don't  know  what  size  to  use,  use  BN000BJS. 

BNOBJS  = $(BN000BJS) 

ft  S i z e - i n d e p e n d e n t auxiliary  files. 

BNAUXOBJS  = bn.o  bnimem.o  sieve. o prime. o germain.o  jacobi.o  bnprint.o  legal. o 
ft  Auto-generated  aux  sources 

BNSOURCES  = bni32.c  bni32.h  bn32.c  bn32.h  bninit32.c  \ 
bni64.c  bni64.h  bn64.c  bn64.h  bninit64.c 

LOCALINCLUDES  = -I . 

OBJS  = $(BNAUXOBJS)  $(BN0BJS)  $(0BJS_EXT) 

ft  The  interfaces  exported  from  this  library 
PUBHDRS  = bn.h  prime. h germain.h 

INSTALLLIBS  = $(BNLIB) 

LIBTARGET  = $(BNLIB) 

LIBTDEPS  = DONE 

all::  $ ( BNL IB ) 

clean:  : 

$(RM)  $ ( 0 B J S ) $(BN000BJS)  $(BN160BJS)  $(BN320BJS)  $(BN640BJS) 

very-clean::  clean 

$ ( R M ) . ./$(BNLIB)  $(BNLIB) 

depend::  bnsources 

ft  ft  ft  Some  manual  dependencies  needed  by  the  bignum  library 
ft  The  bignum  library  is  available  in  three  sizes  - 16,  32  and  64-bit 
ft  words  - which  are  generated  from  the  16-bit  version  using  sed. 
bniOO.o:  bni16.c  bni32.c  bni64.c  legal. h 

bnOO.o:  bn16.c  bn16.h  bni16.h  bn32.c  bn32.h  bni32.h  bn64.c  bn64.h  bni64.h  \ 
bninit16.c  bninit32.c  bninit64.c 

bni32.c:  bni16.c  bni32.h 

test  ! -f  $3  -o  -w  $3  ||  (chmod  u + w $3  &&  test  -w  $3)  | | rm  -f  $3 
sed  -e  s/32/64/g  -e  s/16/32/g  $ ( s r c d i r ) / bn i 1 6 . c > $3 
chmod  a-w  $3 
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bni64.c:  bni16.c  bni64.h 

test  ! -f  $3  -o  -w  $3  ||  (chmod  u+w  $3  88  test  -w  $3)  || 
sed  -e  s/32/128/g  -e  s/16/64/g  $ ( s r c d i r ) / bn i 1 6 . c > $3 
chmod  a-w  $3 

bni32.h:  bni16.h 

test  ! -f  $3  -o  - w $3  ||  (chmod  u+w  $3  88  test  -w  $3)  || 
sed  -e  s/32/64/g  -e  s/16/32/g  $ ( s r cd i r ) / bn i 1 6 . h > $3 
chmod  a-w  $3 


bni64.h:  bni16.h 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | 

sed  -e  s/32/128/g  -e  s/16/64/g  $ ( s r c d i r ) / b n i 1 6 . h > $3 
chmod  a-w  $3 

bn32.c:  bn16.c  bn32.h  bni32.h 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | 

sed  -e  s/32/64/g  -e  s/16/32/g  $ ( s r c d i r ) / b n 1 6 . c > $3 

chmod  a-w  $3 

bn64.c:  bn16.c  bn64.h  bni64.h 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | 

sed  -e  s/32/1  28/g  -e  s/16/64/g  $ ( s r c d i r ) / bn  1 6 . c > $3 
chmod  a-w  $3 

bn32.h:  bn16.h 

test  ! -f  $3  -o  -w  $3  | | (chmod  u+w  $3  88  test  -w  $3)  | | 

sed  -e  s/32/64/g  -e  s/16/32/g  $ ( s r c d i r ) / b n 1 6 . h > $3 
chmod  a-w  $3 


bn64.h:  bn16.h 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | 
sed  -e  s/32/128/g  -e  s/16/64/g  $ ( s r c d i r ) / b n 1 6 . h > $3 
chmod  a-w  $3 

bninit32.c:  bninit16.c 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | 
sed  -e  s/32/64/g  -e  s/16/32/g  $ ( s r c d i r ) / bn i n i 1 1 6 . c > $3 
chmod  a-w  $3 


bninit64.c:  bninit16.c 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | 

sed  -e  s/32/128/g  -e  s/16/64/g  $(srcdir)/bninit16.c  > $3 
chmod  a-w  $3 

bntest32.c:  bntest16.c 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | 

sed  -e  s/16/32/g  $ ( s r c d i r ) / bn t e s 1 1 6 . c > $3 
chmod  a-w  $3 

bntest64.c:  bntest16.c 

test  ! -f  $3  -o  -w  $3  | | (chmod  u + w $3  88  test  -w  $3)  | | 

sed  -e  s/16/64/g  $ ( s r c d i r ) / bn t e s 1 1 6 . c > $3 

c hmod  a-w  $3 

# An  explicit  target  that  can  be  made  before  distribution  for 

# machines  that  don't  have  sed. 
bnsources  : S(BNSOURCES) 


rm  -f  $3 


r m - f $ 3 


rm  - f $ 3 


rm  -f  $3 


rm  -f  $3 


rm  -f  $3 


rm  - f $ 3 


r m - f $ 3 


rm  -f  $3 


rm  -f  $3 


rm  -f  $3 
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it  ft  Dependencies  ft  ft 

tttttt  Bignum  Library  dependencies 

ft  The  bignum  library  does  a Lot  of  preprocessor  trickery  with 
ft  <limits.h>  and  conditional  ^includes.  Here  are  a L L the  dependencies 
ft  that  might  happen,  even  though  only  some  of  them  will  be  used  on  any 
ft  given  platform. 

bni16.o:  bni.h  bni16.h  bnimem.h  legal. h 

bni32.o:  bni.h  bni32.h  bnimem.h  legal. h 

bni64.o:  bni.h  bni64.h  bnimem.h  legal. h 

bninit16.o:  bn.h  bn16.h 
bninit32.o:  bn.h  bn32.h 
bninit64.o:  bn.h  bn64.h 

bn16.o:  bni.h  bnimem.h  bn.h  bni16.h  bn16.h 
bn32.o:  bni.h  bnimem.h  bn.h  bni32.h  bn32.h 
bn64.o:  bni.h  bnimem.h  bn.h  bni64.h  bn64.h 
sieve. o:  bn.h  sieve. h 

prime. o:  prime. h bn.h  sieve. h 
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makefile.msc 

PGPLIB=  ..\bnlib.Lib 

CFLAGS  = -I . . \ . -DHAVE_CON  F I G_H  = 1 $(DEBUG) 
R M=  del 

all::  lib 

BN  L I B = DONE 


headers:  incl 

! include  "makefile. in 


incl: 


i f 

not 

"$ ( PUBHDRS ) " 

ii  ri  ^ 

for  % f in  ( 

$(PUBHDRS)  ) 

d o 

copy  % f . 

.\..\include\pgp 

i f 

not 

"$(PRIVHDRS) 

n ii  ii  ^ 

for  % f in  ( 

$ ( PRI  VHDRS  ) 

) do 

copy  % f 

. . \include 

DOSOB J SX  = 

$ ( OB J S : . o= . 

ob  j ) 

D0S0BJS= 

$(D0S0BJSX: 

un i x=msdos ) 

lib:  $(D0S0BJS) 

. c . o b j : 

$(CC)  $(CFLAGS)  -17  -c  $< 

# lib  /out : $( PGPLIB)  $(PGPLIB)  $*.obj 

clean:  : 

del  * . o b j 

DONE  : 

if  exist  S(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(PGPLIB)  S(DOSOBJS) 
if  not  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) S(DOSOBJS) 
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bn.c 


/* 

★ 

bn.c  - 

the 

high  — 

level  bignum  interface 

★ 

ic 

Written 

by 

Colin 

Plumb 

* 

$ I d : bn 

. c , V 

1.18 

1996/11/12  01:42:36  mhw  Exp  $ 

*/ 

//include  "bn.h" 

/ * Functions  * / 
void 

bnBeginlstruct  BigNum  *bn) 

{ 

static  int  bninit  = 0 ; 

if  ( ! bn i n i t ) f 

bnlnitC); 
bninit  = 1 ; 

> 

bn->ptr  = 0 ; 
bn->size  = 0 ; 
bn->a  l located  = 0; 

> 

void 

bnSwaplstruct  BigNum  *a,  struct  BigNum  *b) 
{ 

void  *p; 
unsigned  t; 

p = a->ptr; 
a->ptr  = b - > p t r ; 
b- > p t r = p ; 

t = a - > s i z e ; 
a->size  = b - > s i z e ; 
b->size  = t; 

t = a->a l located; 
a->allocated  = b-> a l l o c a t ed ; 
b->allocated  = t; 

> 


int  (*bnYield)(void); 


void  (*bnEnd) (struct  BigNum  *bn); 

int  (*bnPrealloc)(struct  BigNum  *bn,  unsigned  bits); 

int  (*bnCopy) (struct  BigNum  *dest,  struct  BigNum  const  *src); 

void  (*bnNorm)  (struct  BigNum  *bn); 

void  (*bnExtractBigBytes)(struct  BigNum  const  *bn,  unsigned  char  *dest, 
unsigned  Isbyte,  unsigned  len); 

int  (*bnInsertBigBytes)(struct  BigNum  *bn,  unsigned  char  const  *src, 
unsigned  Isbyte,  unsigned  len); 

void  (*bnExtractLi ttleBytes) (struct  BigNum  const  *bn,  unsigned  char  *dest, 
unsigned  Isbyte,  unsigned  len); 

int  ( * b n I n s e r t L i 1 1 l e B y t e s ) ( s t r u c t BigNum  *bn,  unsigned  char  const  *src. 
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unsigned  Isbyte,  unsigned  Len) ; 
unsigned  (*bnLSWord)  (struct  BigNum  const  *src) 
unsigned  (*bnBi t s ) (struct  BigNum  const  * s r c ) ; 


n t 
n t 
n t 
n t 
n t 
n t 
n t 
nt 
i n t 

n t 
i n t 

i n t 


struct 

struct 


*a,  unsigned 


( *bnAdd ) ( s t r u c t BigNum  *dest, 

(*bnSub) (struct  BigNum  *dest, 

( * bn C mpQ ) ( s t r u c t BigNum  const 
(*bnSetQ)  (struct  BigNum  *dest,  unsigned 
( *bn AddQ ) ( s t ru c t BigNum  *dest,  unsigned 
(*bnSubQ) (struct  BigNum  *dest,  unsigned 
( * b n C mp ) ( s t r u c t BigNum  const  *a,  struct 
(*bnSquare)  (struct  BigNum  *dest,  struct 


BigNum  const  *src); 
BigNum  const  *src); 
b); 
src); 
src); 
src); 

BigNum  const  * b ) ; 
BigNum  const  * s r c ) ; 


(*bnMul ) (struct  BigNum  *dest,  struct  BigNum  const  *a, 
struct  BigNum  const  * b ) ; 

(*bnMuLQ) (struct  BigNum  *dest,  struct  BigNum  const  *a, 
(*bnOi vMod) (struct  BigNum  *q,  struct  BigNum  *r,  struct 
struct  BigNum  const  *d); 

(*bnMod) (struct  BigNum  *dest,  struct  BigNum  const  *src 


unsigned  b); 
BigNum  const  * n 


struct  BigNum  const  * d ) ; 

unsigned  (*bnModQ) (struct  BigNum  const  *src,  unsigned  d); 
(*bnExpMod) (struct  BigNum  *result,  struct  BigNum  const 
struct  BigNum  const  *exp,  struct  BigNum  const  *mod) 
( * bn D o u b L e E x pM od ) ( s t r u c t BigNum  *dest. 


i n t 


i n t 


* n 


* n 1 


* n 2 


struct 

struct 


BigNum 

BigNum 


const 

const 


struct  BigNum  const 
struct  BigNum  const 
struct  BigNum  const  *mod); 

(*bnTwoExpHod)  (struct  BigNum  *n 
struct  BigNum  const  *mod); 

(*bnGcd) (struct  BigNum  *dest 
struct  BigNum  const  * b ) ; 

(*bnlnv)  (struct  BigNum  *dest 

struct  BigNum  const  *mod); 
int  (*bnLShift)(struct  BigNum  *dest,  unsigned  amt); 
void  ( * bn R S h i f t ) ( s t r u c t BigNum  *dest,  unsigned  amt) 
unsigned  (*bnMakeOdd) (struct  BigNum  *n); 


*e1  . 
* e 2 


int 


i n t 


i n t 


struct  BigNum  const  *exp, 
struct  BigNum  const  *a, 
struct  BigNum  const  *src, 
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bn.h 


/* 

★ 

★ 

* 

★ 

★ 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 


bn.h  - the  interface  to  the  bignum  routines. 

ALL  functions  which  return  ints  can  potentiaLLy  a L Locate  memory 
and  return  -1  if  they  are  unabLe  to.  ALL  "const"  arguments 
are  unmodified. 

This  is  not  particuLarLy  asymmetric,  as  some  operations  are  of  the 
form  a = b 5)  c , white  others  do  a 3=  b.  In  generaL,  outputs  may  not 
point  to  the  same  struct  BigNums  as  inputs,  except  as  specified 
beLow.  This  reLationship  is  referred  to  as  "being  the  same  as". 

This  is  not  numeri ca  L equivaLence. 


The  "Q"  operations  take  "unsigned"  inputs.  Higher  vaLues  of  the 
extra  input  may  work  on  some  i mp L erne n t a t i o n s , but  6 5 5 35  is  the 
highest  portabLe  vaLue.  Just  because  U N S I G N E D_M  A X is  Larger  than 
that,  or  you  know  that  the  word  size  of  the  Library  is  Larger  than  that, 
that,  does  *not*  mean  it's  aLLowed. 


* $ I d : b n . h , v 1.1  8 1 996/1  1 /1  2 01:42:37  mhw  Exp  $ 

*/ 

# i f nde  f BN_H 
#define  BN  H 


struct  BigNum  { 

void  * p t r ; 

unsigned  size;  / * Note:  in  (variabLe-sized)  words  * / 

unsigned  a L Located; 

>; 

# i f n d e f T Y P E_B I G N U M 

# d e f i n e T Y P E_B I G N U M 1 
typedef  struct  BigNum  BigNum; 

# e n d i f 

/* 

* U s e r - s u p p L i e d function:  if  non-NULL,  this  is  caLLed  during  Long-running 

* computations.  You  may  put  YieLdO  caLLs  in  here  to  give  CPU  time  to 

* other  processes.  You  may  aLso  force  the  computation  to  be  aborted, 

* by  returning  a vaLue  < 0,  which  wiLL  be  the  return  vaLue  of  the 

* bnXXX  caLL.  (You  probabLy  want  the  vaLue  to  be  someting  other  than 

* -1  f to  distinguish  it  from  an  out-of-memory  error.) 

* 

* The  functions  that  this  is  caLLed  from,  and  the  intervaLs  at  which  it 

* is  caLLed,  are  not  weLL  defined,  just  "reasonabLy  often".  (CurrentLy, 

* once  per  exponent  bit  in  moduLar  exponentiation,  and  once  per  two 

* divisions  in  GCD  and  inverse  computation.) 

*/ 

extern  int  (*bnYieLd)(void); 

/ * Functions  * / 

/ * 

* You  usuaLLy  never  have  to  caLL  this  function  expLicitLy,  as 

* bnBeginC)  takes  care  of  it.  If  the  program  jumps  to  address  0, 

* this  function  has  bot  been  caLLed. 

* / 

void  bnlnit(void); 


/ * 
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* This  initializes  an  empty  struct  BigNum  to  a zero  value. 

* Do  not  use  this  on  a BigNum  which  has  had  a value  stored  in  it! 

* / 

void  bnBeg i n ( s t ru c t BigNum  *bn); 

/*  Swap  two  BigNums.  Cheap.  */ 

void  bnSwapCstruct  BigNum  *a,  struct  BigNum  * b ) ; 

/*  Reset  an  initialized  bigNum  to  empty,  pending  deallocation.  */ 
extern  void  (*bnEnd) (struct  BigNum  * b n ) ; 

/ * 

* It  you  know  you'll  need  space  in  the  number  soon,  you  can  use  this  function 

* to  ensure  that  there  is  room  for  at  least  "bits"  bits.  Optional. 

* Returns  <0  on  out  of  memory,  but  the  value  is  unaffected. 

* / 

extern  int  (*bnPrea l loc )( struct  BigNum  * b n , unsigned  bits); 

/*  Hopefully  obvious.  dest  = src.  dest  may  be  the  same  as  src.  */ 
extern  int  (*bnCopy)  (struct  BigNum  *dest,  struct  BigNum  const  *src); 

/ * 

* Mostly  done  automatically,  but  this  removes  leading  zero  words  from 

* the  internal  representation  of  the  BigNum.  Use  is  unclear. 

* / 

extern  void  (*bnNorm) (struct  BigNum  * b n ) ; 


/ * 

★ 

Move 

bytes 

between 

the  given 

buffer  and  the  given 

BigNum 

encoded  in 

★ 

base 

256  . 

I.e.  after  either 

of  these,  the  buffer 

will  be 

equal  to 

★ 

(bn  / 

2 5 6 A 

Isbyte)  ° 

i 2 5 6 A l e n . 

The  difference  is  which  is 

altered  to 

★ 

*/ 

match 

the 

other! 

extern  void  ( * b n E x t r a c t B i g B y t e s ) ( s t r u c t BigNum  const  *bn, 

unsigned  char  * d e s t , unsigned  Isbyte,  unsigned  len); 
extern  int  ( * b n I n s e r t B i g B y t e s ) ( s t r u c t BigNum  *bn,  unsigned  char  const  *src, 
unsigned  Isbyte,  unsigned  len); 

/*  The  same,  but  the  buffer  is  little-endian.  */ 
extern  void  ( * b n E x t r a c t L i 1 1 l e By t e s ) ( s t r u c t BigNum  const  *bn, 
unsigned  char  *dest,  unsigned  Isbyte,  unsigned  len); 
extern  int  ( * b n I n s e r t L i 1 1 l e By t e s ) ( s t r u c t BigNum  *bn,  unsigned  char  const  *src, 
unsigned  Isbyte,  unsigned  len); 

/*  Return  the  l e a s t -s i g n i f i c a n t bits  (at  least  16)  of  the  BigNum  */ 
extern  unsigned  (*bnLSWord)(struct  BigNum  const  * s r c ) ; 

/ * 

* Return  the  number  of  significant  bits  in  the  BigNum. 

* 0 or  1 + f l o o r ( l og 2 ( s r c ) ) 

* / 

extern  unsigned  (*bnBits)(struct  BigNum  const  * s r c ) ; 

//define  bnBytes(bn)  ( ( bnB  i t s ( bn  ) +7  ) / 8 ) 

/ * 

* dest  +=  src.  dest  and  src  may  be  the  same.  Guaranteed  not  to 

* allocate  memory  unnecessarily,  so  if  you're  sure  bnBits(dest) 

* won't  change,  you  don't  need  to  check  the  return  value. 

*/ 
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extern  int  ( * b n A d d ) ( s t r u c t BigNum  *dest,  struct  BigNum  const  *src); 


/* 

* dest  -=  src.  dest  and  src  may  be  the  same,  but  bnSetQCdest,  0)  is  faster. 

* if  dest  < src,  returns  +1  and  sets  dest  = src-dest  . 

* / 

extern  int  (*bnSub) (struct  BigNum  * d e s t , struct  BigNum  const  *src); 

/*  Return  sign  (-1,  0,  +1)  of  a-b.  a <=>  b -->  bnCmpGKa,  b)  <=>  0 */ 
extern  int  (*bnCmp9) (struct  BigNum  const  *a,  unsigned  b); 


/*  dest  = src,  where  0 <=  src  < 2 A 1 6 . */ 


extern  int 

(*bnSetQ) (struct  BigNum  *dest. 

unsigned 

src); 

/*  dest  += 
extern  int 

src,  where  0 <=  src  < 2 A 1 6 */ 

( * b n A d d Q ) ( s t r u c t BigNum  *dest. 

unsigned 

src); 

/*  dest  -= 
extern  int 

src,  where  0 <=  src  < 2 A 1 6 */ 
(*bnSubQ) (struct  BigNum  *dest. 

unsigned 

src); 

/ * Return 
extern  int 

sign  (-1,  0,  +1)  of  a-b.  a <=> 

( * b n C mp ) ( s t r u c t BigNum  const  *a 

b -->  bnCmpla,  b)  <=>  0 */ 
, struct  BigNum  const  *b); 

/*  dest  - srcA2.  dest  may  be  the  same  as  src,  but  it  costs  time.  */ 
extern  int  (*bnSquare) (struct  BigNum  * d e s t , struct  BigNum  const  *src); 

/*  dest  = a * b.  dest  may  be  the  same  as  a or  b,  but  it  costs  time.  */ 
extern  int  (*bnMul ) (struct  BigNum  *dest,  struct  BigNum  const  *a, 
struct  BigNum  const  * b ) ; 

/*  dest  = a * b,  where  0 <=  b < 2 A 1 6 . dest  and  a may  be  the  same.  */ 

extern  int  ( *bnMu LQ)  ( struct  BigNum  * d e s t , struct  BigNum  const  * a , unsigned  b); 


/ * 

* q = n/d,  r = n%d.  r may  be  the  same  as  n,  but  not  d, 

* and  q may  not  be  the  same  as  n or  d. 

* re-entrancy  issue:  this  temporarily  modifies  d,  but  restores 

* it  for  return. 

* / 

extern  int  ( * bn D i vMod  ) ( s t r u c t BigNum  *q,  struct  BigNum  *r, 
struct  BigNum  const  * n , struct  BigNum  const  *d); 

/ * 

* dest  = src  % d.  dest  and  src  may  be  the  same,  but  not  dest  and  d. 

* re-entrancy  issue:  this  temporarily  modifies  d,  but  restores 

* it  for  return. 

* / 

extern  int  (*bnMod) (struct  BigNum  *dest,  struct  BigNum  const  *src, 
struct  BigNum  const  * d ) ; 

/*  return  src  / d,  where  0 <=  d < 2 A 1 6 . */ 

extern  unsigned  int  (*bnModQ)(struct  BigNum  const  * s r c , unsigned  d ) ; 
/*  n = nAexp,  modulo  "mod"  "mod"  *must*  be  odd  */ 

extern  int  ( * b n E x p M o d ) ( s t r u c t BigNum  ^result,  struct  BigNum  const  *n, 
struct  BigNum  const  *exp,  struct  BigNum  const  *mod); 

/ * 

* dest  = n1Ae1  * n2Ae2,  modulo  "mod".  "mod"  *must*  be  odd. 

* dest  may  be  the  same  as  nl  or  n2. 
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*/ 

extern  int  ( * b n D o u b 1 e E x pMod  ) ( s t r u c t BigNum  *dest, 

struct  BigNum  const  *n1,  struct  BigNum  const  *e1, 
struct  BigNum  const  *n2,  struct  BigNum  const  *e2, 
struct  BigNum  const  * m o d ) ; 

/*  n = 2Aexp,  modulo  "mod"  "mod"  *must*  be  odd  */ 

extern  int  C*bnTwoExpMod)  (struct  BigNum  *n,  struct  BigNum  const  *exp, 
struct  BigNum  const  * m o d ) ; 

/*  dest  = gcd(a,  b).  The  inputs  may  overlap  arbitrarily.  */ 
extern  int  (*bnGcd) (struct  BigNum  *dest,  struct  BigNum  const  *a, 
struct  BigNum  const  * b ) ; 

/*  dest  = srcA-1,  modulo  "mod".  dest  may  be  the  same  as  src.  */ 
extern  int  (*bnlnv)(struct  BigNum  *dest,  struct  BigNum  const  *src, 
struct  BigNum  const  *mod); 

/*  Shift  dest  left  "amt"  places  */ 

extern  int  (*bnLShift)(struct  BigNum  *dest,  unsigned  amt); 

/*  Shift  dest  right  "amt"  places,  discarding  low-order  bits  */ 
extern  void  (*bnRShift)(struct  BigNum  *dest,  unsigned  amt); 

/*  For  the  largest  2Ak  that  divides  n,  divide  n by  it  and  return  k.  */ 
extern  unsigned  ( * bn M a k e Odd  ) ( s t r u c t BigNum  *n); 

#endif/*  ! B N H */ 
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bnOO.c 

/ * 

* bnOO.c  - auto-size-detecting  bn??.c  file. 

* 

* Written  in  1995  by  Colin  Plumb. 

* 

* $ I d : bnOO.c, v 1.5  1 996/1  1 /1  2 01:42:37  mhw  Exp  $ 

★ / 

//include  "bnsizeOO.h" 

# i f BNSIZE64 

/ * Include  all  of  the  C source  file  by  reference  * / 
//include  "bn64.c" 

^include  "bninit64.c" 

# e l i f BNSIZE32 

/ * Include  all  of  the  C source  file  by  reference  * / 
//include  "bn32.c" 

#include  "bninit32.c" 

//else  /*  BNSIZE16  */ 

/*  Include  all  of  the  C source  file  by  reference  */ 
//include  "bn16.c" 

//include  "bninit16.c" 

U e n d i f 
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bn!6.< 


/ * 
★ 
★ 
★ 
★ 
★ 


bn16.c  - the  high-level  bignum  interface 

Like  bni16.c,  this  reserves  the  string  "16"  for  textual  replacement. 

The  string  must  not  appear  anywhere  unless  it  is  intended  to  be  replaced 
to  generate  other  bignum  interface  functions. 


* Written  by  Colin  Plumb 

* 

* $ I d : bn  1 6 . c , v 1.34.2.1  1 996/1  1 /1  4 04:09:21  cbertsch  Exp  $ 

* / 


# i f nde  f 
tt  d e f i n e 
# e n d i f 
tt if  HAVE 
tt  i n c l u d e 
tt  e nd  i f 


HAVE. 

HAVE 


.CONFIG. 

CONFIG 


„C  0 N F I G_H 
" c o n f i g . h " 


/ * 


* Some  compilers  complain  about 

* so  do  the  ANSI -mandated  thing 


tt i f F00  if  F00 
explicitly.  . . 


isn't  defined. 


* / 

tt i f nde  f 
tt  d e f i n e 
tt  e nd  i f 
ft  i f nd  e f 
ft  d e f i n e 
ft  e n d i f 
ft  i f nd  e f 
ft  d e f i n e 
tte  nd  i f 
ft  i f nde  f 
ft  d e f i n e 
ft  e nd  i f 


NO. 

NO. 

NO. 

NO 


ASSERT. 

.ASSERT. 

.STRING. 

STRING 


HAVE. 

HAVE. 

NEED. 

NEED 


.STRINGS. 

.STRINGS. 

.MEMOR  Y_l 
MEMORY  I 


A S S E R T_H 
<assert . h> 


ft  i f !NO_ 

^include 
ft  else 

#define  assert(x) 
ft  end  i f 


( vo i d ) 0 


tt  if  ! N 0_S  T R I N G_H 
^include  <string.h> 

# e l i f HAVE_STRINGS_H 
^include  <stri ngs  . h> 
tt  e n d i f 

#if  NEE  D_M  E M 0 R Y_H 
^include  <memory.h> 
tt  e n d i f 


/*  for  memmoveO  in  bnMakeOdd  */ 


/ * 

* This  was  useful  during  debugging,  so  it's 

* You  can  ignore  it.  DBMALLOC  is  generally 

* / 

ft  i f nde  f DBMALLOC 
# d e f i n e DBAMLLOC  0 
#end i f 


left  in  here 
undefined. 
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U i f DBMALLOC 

//include  ./dbmaLLoc/maLLoc.h" 

//define  MALLOCDB  m a L L o c_c h a i n_c h e c k ( 1 ) 

#e  L se 

//define  MALLOCDB  (void)O 
# e n d i f 

//include  "bni.h" 

//include  "bni16.h" 

//include  "bnimem.h" 

//include  "bn16.h" 

//include  "bn.h" 

/*  Work-arounds  for  some  particularly  broken  systems  */ 
//include  "kludge. h"  /*  For  memmoveO  */ 

/ * Functions  * / 
void 

bnInit_16(void) 

{ 

bn  End  = bnEnd_16; 
bnPrealloc  = bn P r e a l l o c_1 6 ; 
bn  Copy  = bnCopy_16; 
bn  Norm  = bnNorm_16; 

bnExtractBigBytes  = b n E x t r a c t B i g B y t e s_1 6 ; 

bnlnsertBigBytes  = b n I n s e r t B i g B y t e s_1 6 ; 

bnExtractLittleBytes  = b n E x t r a c t L i t t l e B y t e s_1 6 ; 

bnlnsertLittleBytes  = bn  I n s e r t L i 1 1 l eBy t e s_1 6 ; 

bnLSWord  = bnLSWord_16; 

bnBits  = bnBits_16; 

bn  Add  = bnAdd_16; 

bnSub  = bnSub_16; 

bnCmpQ  = bnCmpQ_16; 

bnSetQ  = bnSetQ_16; 

bnAddQ  = bnAddQ_16; 

bnSubQ  = bnSubQ_16; 

bnCmp  = bnCmp_16; 

bnSquare  = bnSquare_16; 

bnMul  = bnMul_16; 

bn  Mu  IQ  = bnMulQ_16; 

bnDivMod  = bnDivMod_16; 

bnMod  = bnMod_16; 

bnModQ  = bnModQ_16; 

bnExpMod  = bnExpMod_16; 

bnDoubleExpMod  = b n D o u b l e E x pM o d_1 6 ; 

bnTwoExpMod  = b n T w o E x pM od_1 6 ; 

bnGcd  = bnGcd_16; 

bnlnv  = bnlnv_16; 

bnLShift  = bnLShift_16; 

bnRShift  = bnRShift_16; 

bnMakeOdd  = b n M a k e 0 d d_1 6 ; 

> 

void 

b n E n d_1 6 ( s t r u c t BigNum  *bn) 
l 

i f ( bn->pt  r ) { 

BNIFREE((BNW0RD16  *)bn->ptr,  bn->allocated); 
bn->ptr  = 0; 
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> 

bn->size  = 0 ; 
bn->aLLocated  = 0; 

MALLOCDB; 

> 

/*  Internal  function.  It  operates  in  words.  */ 
static  int 

bn R e s i z e_1 6 ( s t r u c t BigNum  *bn,  unsigned  len) 
void  *p; 

/*  Round  size  up:  most  ma  l Iocs  impose  8-byte  granularity  anyway  */ 
len  = (len  + (8/sizeof(BNW0RD16)  - 1))  & ~(8/sizeof(BNW0RDl6)  - 1 ) ; 
p = BNIREALL0C((BNW0RD16  *)bn->ptr,  bn->allocated,  len); 
if  ( ! p ) 

return  -1; 
bn->ptr  = p; 
bn->allocated  = len; 

MALLOCDB; 

return  0; 

> 

#define  bn S i z e C h e c k ( bn , size)  \ 

if  (bn->al  located  < size  &&  bn R e s i z e_1 6 ( bn , size)  < 0)  \ 

return  -1 

int 

bnPreal loc_16(struct  BigNum  *bn,  unsigned  bits) 

{ 

bits  = (bits  + 16-1  ) / 1 6 ; 
bnSizeCheck(bn,  bits); 

MALLOCDB; 
return  0; 

> 

int 

b n C o py_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *src) 

{ 

bnSizeCheck(dest,  src->size); 
dest->size  = src->size; 

b n i C o py_1 6 ( ( B N W 0 R D 1 6 *)dest->ptr,  (BNW0RD16  *)src->ptr,  src->size); 

MALLOCDB; 

return  0; 

> 

void 

bn N o r m_1 6 ( s t r u c t BigNum  *bn) 

{ 

bn->size  = b n i N o r m_1 6 ( ( B N W0 R D 1 6 *)bn->ptr,  bn->size); 

} 

/ * 

* Convert  a bignum  to  big-endian  bytes.  Returns,  in  big-endian  form,  a 

* substring  of  the  bignum  starting  from  Isbyte  and  "len"  bytes  long. 

* Unused  high-order  (leading)  bytes  are  filled  with  0. 
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* / 

void 

b n E x t r a c t B i g By t e s_1 6 ( s t r u c t BigNum  const  *bn,  unsigned  char 

unsigned  lsbyte,  unsigned  len) 

{ 

unsigned  s = bn->size  * (16  / 8); 


/*  Fill  unused  Leading  bytes  with  0 */ 
while  (s  < Isbyte+len  &&  Len)  { 

* d e s t + + = 0 ; 

L e n - - ; 

> 


*d  e s t , 


> 


if  (Len) 

bniExtractBigBytes_16((BNW0RDl6  *)bn->ptr,  dest,  Lsbyte,  len); 
MALLOCDB; 


i n t 

bnlnsertBigBytes 

{ 


16(struct  BigNum 
unsigned  Lsbyte, 


*bn,  unsigned  char 
unsigned  Len) 


const 


unsigned  s = bn->size; 

unsigned  words  = ( L e n+ L s by t e+ s i z e o f ( BN WO R D 1 6 ) - 1 ) / 


* s r c , 


sizeof(BNW0RD16); 


/*  Pad  with  zeros  as  required  */ 
bnSizeCheck(bn,  words) ; 


if  (s  < words)  { 

bni Zero_1 6( (BNW0RD1 6 *)bn->ptr  B I G L I T T L E ( - s , + s ) , words-s); 
s = words; 

> 

bn i I n s e r t B i g By t e s_1 6 ( ( BN WO R D 1 6 *)bn->ptr,  src,  Lsbyte,  len); 
bn->size  = bn i N o r m_1 6 ( ( BNWO R D 1 6 *)bn->ptr,  s); 


MALLOCDB; 
return  0; 


/ * 

* Convert  a bignum  to  Little-endian  bytes.  Returns,  in  Little-endian  form,  a 

* substring  of  the  bignum  starting  from  Lsbyte  and  "Len"  bytes  Long. 

* Unused  high-order  (trailing)  bytes  are  filled  with  0. 

*/ 

void 

bn E x t r a c t L i t t L e By t e s_1 6 ( s t r u c t BigNum  const  *bn,  unsigned  char  *dest, 

unsigned  Lsbyte,  unsigned  Len) 

{ 

unsigned  s = bn->size  * (16  / 8); 


/*  Fill  unused  Leading  bytes  with  0 */ 
while  (s  < Isbyte+len  &&  Len) 
destC--Len]  = 0; 


if  (Len) 

bn i E x t r a c t L i t t L e By t e s_1 6 ( ( BN WO R D 1 6 *)bn->ptr,  dest. 
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> 


MALLOCDB; 


Lsbyte,  Len); 


i n t 

bn  I ns e r t L i 1 1 L eBy t e s_1 6 ( s t ru c t BigNum  *bn 

unsigned  Lsbyte, 


{ 


, unsigned  char 
unsigned  Len) 


const 


* s r c , 


unsigned  s = bn->size; 

unsigned  words  = (Len+Lsbyte+sizeof(BNW0RD16)-1)  / sizeof(BNW0RD16); 


/*  Pad  with  zeros  as  required  */ 
bnSizeCheck(bn,  words); 


if  (s  < words)  t 

bni Zero_1 6( (BNW0RD1 6 *)bn->ptr  B I G L I TT L E ( - s , + s ) , words-s); 
s = words; 

> 

bn i I n s e r t L i t t L eBy t e s_1 6 ( ( BN WO R D 1 6 *)bn->ptr,  src,  Lsbyte,  Len); 

bn->size  = bn  i No  rm_1  6 ( ( BN  WO  R D 1 6 *)bn->ptr,  s);. 

MALLOCDB ; 
return  0; 


/*  Return  the  L e a s t - s i g n i f i c a n t 
unsigned 

b n L S Wo r d_1 6 ( s t r u c t BigNum  const 
{ 


> 


return  src->si ze  ? (uns 

: 0; 


word  of  the  input.  */ 

*src) 

gned)  ( (BNW0RD16  *)src->ptr)[BIGLITTLE(-1,0)] 


unsigned 

b nB i t s_1 6 ( s t r u c t BigNum  const  *src) 

{ 

return  bn i B i t s_1 6 ( ( BN WO R D 1 6 *)src->ptr,  src->si ze); 

> 


i n t 

b n Ad d_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *src) 

{ 

unsigned  s = src->size,  d = dest->si ze; 

BNW0RD16  t ; 

if  ( ! s ) 

return  0; 

bnSizeCheckCdest,  s); 
if  ( d < s ) f 

bn i Z e r o_1 6 ( ( BN WO R D 1 6 *)dest->ptr  B I G L I T T L E ( -d , + d ) , s-d); 
dest->size  = d = s; 

MALLOCDB; 

> 

t = bn i AddN_1 6 ( ( BN WORD  1 6 *)dest->ptr,  (BNW0RD1 6 *)src->ptr,  s); 
MALLOCDB; 
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> 


if  ( t ) { 

i f 


} 

i f 


> 

> 

return  0 ; 


(d  > s)  f 

t = bn i Add1_1 6 ( ( BNW0RD1 6 *)dest->ptr  B I G L I T T L E ( - s , + s ) , 

d-s  , t ) ; 

MALLOCDB; 

( t ) { 

bnSizeCheck(dest,  d + 1 ) ; 

((BNW0RD16  *)dest->ptr)[BIGLITTLE(-1-d,d)]  = t; 
dest->size  = d + 1 ; 


/ * 

* dest  -=  src. 

* If  dest  goes  negative,  this  produces  the  absolute  value  of 

* the  difference  (the  negative  of  the  true  value)  and  returns  1. 

* Otherwise,  it  retur  Is  0. 

*/ 

i n t 

b n S u b_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *src) 

{ 

unsigned  s = src->si ze,  d = dest->size; 

BNW0RD1 6 t; 


> 


if  (d  < s &&  d < ( s = bn i N o r m_1 6 ( ( BN WO R D 1 6 *)src->ptr,  s)))  C 
b n S i z e C h e c k ( d e s t , s); 

bni Zero_1 6( (BNW0RD1 6 *)dest->ptr  B I G L I T T L E ( -d , + d ) , s-d); 
dest->size  = d = s; 

MALLOCDB; 

> 

if  ( ! s ) 

return  0; 

t = bn i SubN_1 6 ( ( BNW0RD1 6 *)dest->ptr,  (BNW0RD16  *)src->ptr,  s); 

MALLOCDB; 

if  ( t ) C 


i f 


> 

i f 


> 

> 

dest->si ze 
return  0; 


(d  > s)  C 

t = bni Sub1_1 6( (BNW0RD1 6 *)dest->ptr  B I G L I TT L E ( - s , + s ) , 

d - s , t ) ; 

MALLOCDB; 

(t)  { 

bn i Neg_1 6 ( ( BNW0RD1 6 *)dest->ptr,  d); 
dest->size  = bn i N o r m_1 6 ( ( B N WO R D 1 6 *)dest->ptr, 

dest->size); 

MALLOCDB; 
return  1; 


= bn i N o r m_1 6 ( ( BN WO R D 1 6 *)dest->ptr,  dest->size); 


/* 

* Compare  the 

* Returns  -1. 

* a <=>  b --> 


BigNum  to  the  given 
0 or  1 if  a<b,  a == 
bnCmpQ(a,b)  <=>  0 


value,  which  must  be  < 65536. 
b or  a > b . 
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*/ 
i n t 

bn C mpQ_1 6 ( s t r u c t BigNum  const  *a,  unsigned  b) 

{ 

unsigned  t; 

BNW0RD1 6 v ; 

t = b n i N o r m_1 6 ( ( B N W 0 R D 1 6 *)a->ptr,  a->size); 

/*  If  a is  more  than  one  word  Long  or  zero,  it's  easy...  */ 
if  (t  ! = 1 ) 

return  (t  > 1)  ? 1 : (b  ? -1  : 0); 

v = (unsigned) ( (BNW0RD16  *)a->ptr)CBIGLITTLE(-1,0)D; 
return  ( v > b)  ? 1 : ( ( v < b)  ? -1  : 0); 

> 

i n t 

b n S e t Q_1 6 ( s t r u c t BigNum  *dest,  unsigned  src) 

{ 

if  (src)  ( 

bn S i z e C h e c k ( d e s t , 1); 

((BNW0RD16  * ) des t->pt r ) [BIGLITTLE (-1 ,0  ) D = ( BNWO R D 1 6 ) s r c ; 
dest->size  = 1; 

> else  { 

dest->size  = 0; 

> 

return  0; 

> 

i n t 

b n AddQ_1 6 ( s t r u c t BigNum  *dest,  unsigned  src) 

{ 

BNW0RD1 6 t ; 

if  (!dest->size) 

return  bnSetGKdest,  src); 

t = bniAdd1_16( (BNW0RD16  *)dest->ptr,  dest->size,  (BNW0RD16)src); 
MALL0C  DB; 
if  (t  ) { 

src  = dest->size; 
bnSizeCheck(dest,  src+1); 

((BNW0RD16  *)dest->ptr)[BIGLITTLE(-1-src,src)]  = t; 
dest->size  = src+1; 

> 

return  0; 

> 

/ * 

* Return  value  as  for  bnSub:  1 if  subtract  underf  Lowed,  in  which 

* case  the  return  is  the  negative  of  the  computed  value. 

*/ 

i n t 

bn S u bQ_1 6 ( s t r u c t BigNum  *dest,  unsigned  src) 

{ 

BNW0RD16  t; 
if  (!dest->size) 

return  bnSetGKdest,  src)  < 0 ? -1  : (src  !=  0); 
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/ * Try 
/* 

> 


t = bniSub1_16((BNW0RD16  *)dest->ptr,  dest->size/  s r c ) ; 

MALLOCDB; 

if  ( t ) { 


/ * Underflow.  <=  1 word,  so  do  it 
bn i N e g_1 6 ( ( BNWO R D 1 6 *)dest->ptr, 
dest->size  = 1 ; 
return  1 ; 

> 

to  normalize?  Needing  this  is  going  to  be 
dest->size  = bn i N o r m_1 6 ( ( BN WO R D 1 6 
return  0; 


simply.  * / 

>; 


pretty  damn  rare. 
*)dest->ptr,  dest 


*/ 

> s i 


/* 

* Compare  two  BigNums.  Returns  -1.  0 or  1 if  a<b,  a ==  b or  a>b. 

* a <=>  b -->  bnCmp(a,b)  <=>  0 

* / 
i n t 

bn C mp_1 6 ( s t r u c t BigNum  const  *a,  struct  BigNum  const  *b) 

{ 

unsigned  s,  t ; 


s = b n i N o r m_1 6 ( ( B N W 0 R D 1 6 * ) a->pt  r,  a->size); 
t = bn i N o rm_1 6 ( ( BN WO R D 1 6 *)b->ptr,  b->size); 

if  ( s ! = t ) 

return  s > t ? 1 : - 1 ; 

return  b n i C m p_1 6 ( ( B N W 0 R D 1 6 *)a->ptr,  (BNW0RD16  *)b->ptr,  s); 

> 


i n t 

bnSquare_16(struct  BigNum  *dest,  struct  BigNum  const  *src) 
f 

unsigned  s ; 

BNW0RD16  *srcbuf ; 

s = bniNorm_16((BNW0RD16  *)src->ptr,  src->si ze ) ; 
if  ( ! s ) C 

dest->size  = 0; 
return  0; 

> 

bnSizeCheckldest,  2*s); 

if  (src  ==  dest)  { 

BNIALLOCCsrcbuf,  BNW0RD16,  s); 
if  ( ! srcbuf  ) 

return  - 1 ; 

bn i C o py_1 6 ( s r c bu f , (BNW0RD16  *)src->ptr,  s); 

bn i S q u a r e_1 6 ( ( BN WO R D 1 6 *)dest->ptr,  (BNW0RD16  *)srcbuf , 

BNIFREECsrcbuf,  s ) ; 

> else  { 

bn i Squa re_1 6 ( ( BNW0RD1 6 *)dest->ptr,  (BNW0RD16  *)src->pt 

> 

dest->size  = bn i N o r m_1 6 ( ( B NWO R D 1 6 *)dest->ptr,  2*s); 

MALLOCDB; 
return  0; 

> 


ze);  * / 


s ) ; 

r,  s ) ; 
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i n t 

b n M u L_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *a,  struct  BigNum  const  *b) 
{ 

unsigned  s,  t; 

BNW0RD16  * s r c b u f ; 


> 


s - b n i N o r m_1 6 ( ( B N W 0 R D 1 6 *)a->ptr,  a->size); 
t = b n i N o r m_1 6 ( ( B N W 0 R D 1 6 *)b->ptr,  b->size); 

if  ( ! s ||  ! t ) { 

dest->size  = 0; 
return  0; 

> 

if  (a  ==  b ) 

return  bn S q u a r e_1 6 ( d e s t , a); 
bn S i z e C h e c k ( d e s t , s + t); 


if  (dest  ==  a)  { 

BNIALLOCCsrcbuf,  BNW0RD16,  s ) ; 
if  ( ! srcbuf ) 

return  - 1 ; 

bn i C o py_1 6 ( s r c bu f , (BNW0RD16  *)a->ptr,  s); 
bn i Mu L_1 6 ( ( BNW0RD1 6 *)dest->ptr,  srcbuf,  s, 

( BNW0RD1 6 * ) b->  p t r , t ) ; 

BNIFREECsrcbuf,  s); 

> else  if  (dest  ==  b)  C 

BNIALLOCCsrcbuf,  BNW0RD1 6,  t); 
if  (!  srcbuf ) 

return  - 1 ; 

b n i C o py_1 6 ( s r c bu f , (BNW0RD16  *)b->ptr,  t); 

bn i Mu l_1 6 ( ( BNWORD 1 6 *)dest->ptr,  (BNW0RD16  *)a->ptr,  s, 

srcbuf,  t); 

BNIFREECsrcbuf,  t); 

> else  -C 

bni Mu l_1 6( (BNW0RD1 6 *)dest->ptr,  (BNW0RD16  *)a->ptr,  s, 

(BNW0RD16  *)b->ptr,  t); 

> 

dest->size  = b n i N o rm_1 6 ( ( BN W 0 R D 1 6 *)dest->ptr,  s+t); 

MALLOCDB; 
return  0; 


i n t 

bnM u l Q_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *a,  unsigned  b) 

{ 

unsigned  s; 

s = b n i N o r m_1 6 ( ( BN WO R D 1 6 *)a->ptr,  a->size); 
if  ( ! s ||  ! b ) { 

dest->size  = 0; 
return  0; 

> 

if  (b  ==  1 ) 

return  bn C opy_1 6 ( d e s t , a); 
bnSizeCheckCdest,  s+1); 

bniMulN1_16((BNW0RDl6  *)dest->ptr,  (BNW0RD16  *)a->ptr,  s,  b); 
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dest->size  = bn i N o rm_1 6 ( ( B N WO R D 1 6 *)dest->ptr,  s + 1 ) ; 

MALLOCDB; 

return  0; 


> 

i n t 


bn D i v Mod_1 6 ( s t r u c t BigNum  *q,  struct  BigNum  *r,  struct  BigNum  const  *n, 
struct  BigNum  const  *d) 


{ 


unsigned  dsize,  nsize; 

BNW0RD16  qhigh; 

dsize  = bn i N o r m_1 6 ( ( B N WO R D 1 6 *)d->ptr,  d->size); 
nsize  = b n i N o r m_1 6 ( ( B N W 0 R D 1 6 *)n->ptr,  n->size); 


i f 

(nsize  < dsize) 

{ 

q->  s i z e = 

0;  /* 

No  quotient 

*/ 

r-> s i z e = 

nsize; 

> 

return  0; 

/* 

Success  */ 

bnSizeCheck(q,  nsi 

ze-dsi ze) 

f 

i f 

( r !=n)  { / * 

You  are 

allowed  to 

reduce 

bnSizeCheck(r,  nsize); 

} 

qhigh 


b n i C o p y_1 6 ( ( B N W 0 R D 1 6 *)r->ptr,  (BNW0RD16  *)n->ptr,  nsize); 


b n i D i v_1 6 ( ( B N W 0 R D 1 6 *)q->ptr,  (BNW0RD16  * ) r->pt  r,  nsize, 
(BNW0RD16  *)d->ptr,  dsize); 

nsize  -=  dsize; 
if  (qhigh)  { 

bnSizeCheckCq,  nsize+1); 

★((BNW0RD16  *)q->ptr  BIGLITTLE(-nsize-1,+nsize))  = qhigh; 
q->size  = nsize+1; 

> else  { 

q->size  = b n i N o r m_1 6 ( ( B N W 0 R D 1 6 *)q->ptr,  nsize); 

} 

r->size  = bn i N o r m_1 6 ( ( BN WO R D 1 6 *)r->ptr,  dsize); 

MALLOCDB; 
return  0; 

> 

i n t 

b n M o d_1 6(struct  BigNum  *dest,  struct  BigNum  const  *src,  struct  BigNum  const  *d) 
{ 

unsigned  dsize,  nsize; 

nsize  = b n i N o r m_1 6 ( ( B N W 0 R D 1 6 *)src->ptr,  src->size); 
dsize  = bn i N o r m_1 6 ( ( BN WO R D 1 6 *)d->ptr,  d->size); 

if  (dest  ! = src)  { 

bnSizeCheckCdest,  nsize); 

b n i C o p y_1 6 ( ( B N W 0 R D 1 6 *)dest->ptr,  (BNW0RD16  *)src->ptr,  nsize); 

> 


if  (nsize  < dsize)  { 

dest->size  = nsize; 


/ * No  quotient  */ 
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> 


> 


return  0 ; 


( vo i d ) bn i D i v_1 6 ( ( BNWO R D 1 6 *)dest->ptr  B I G L I T T L E ( -d s i z e , + d s i z e ) , 

(BNW0RD16  *)dest->ptr,  nsize, 

(BNW0RD16  *)d->ptr,  dsize); 

dest->size  = b n i No r m_1 6 ( ( B N WO R D 1 6 *)dest->ptr,  dsize); 

MALLOCDB; 
return  0; 


unsigned 

b n ModQ_1 6 ( s t r u c t BigNum  const  *src,  unsigned  d) 
unsigned  s ; 

s = bn i N o r m_1 6 ( ( BN WO R D 1 6 *)src->ptr,  src->si ze); 
if  ( ! s) 

return  0; 

if  (d  & ( d — 1 ) ) /*  Not  a power  of  2 */ 

d = bni ModQ_1 6 ( ( BNW0RD1 6 *)src->ptr,  s,  d); 

else 

d = (unsigned)((BNW0RDl6  *)src->ptr)CBIGLITTLE(-1,0)D  & ( d — 1 ) ; 
return  d ; 

> 


i n t 

b n E x p M o d_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *n, 

struct  BigNum  const  *exp,  struct  BigNum  const  *mod) 


unsigned  nsize,  esize,  msize; 


nsize  = bn i N o r m_1 6 ( ( BN WO R D 1 6 *)n->ptr,  n->size); 
esize  = b n i N o r m_1 6 ( ( B N W 0 R D 1 6 *)exp->ptr,  exp->size); 
msize  = bniNorm_16((BNW0RD16  *)mod->ptr,  mod->size); 

if  (Imsize  ||  (((BNW0RD16  * ) mo d-> p t r ) [ B I G L I T T L E ( - 1 , 0 ) D S 

return  -1;  / * Illegal  modulus!  * / 


1 ) ==  0) 


bnSizeCheckCdest,  msize); 

/*  Special-case  base  of  2 */ 

if  (nsize  ==  1 &&  ((BNW0RD16  *)n->ptr)CBIGLITTLE(-1 ,0)1  ==  2)  { 
if  ( b n i T w o E x p M o d_1 6 ( ( B N W 0 R D 1 6 *)dest->ptr, 

(BNW0RD16  *)exp->ptr,  esize, 
(BNW0RD16  *)mod->ptr,  msize)  < 0) 

return  -1; 


> else  { 


if  ( b n i E x pM od_1 6((BNW0RD16  *)dest->ptr, 

(BNW0RD16  *)n->ptr,  nsize, 
(BNW0RD16  *)exp->ptr,  esize, 
(BNW0RD16  *)mod->ptr,  msize)  < 0) 

return  - 1 ; 


dest->size  = bn i N o rm_1 6 ( ( BN W0 R D 1 6 *)dest->ptr,  msize); 


MALLOCDB; 
return  0; 
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> 


i n t 


bnDoubleExpMod. 

_16(struct  Bi 

gNum  *dest. 

struct 

BigNum 

const 

*n1,  struct 

struct 

BigNum 

const 

*n2,  struct 

struct 

{ 

BigNum 

const 

*mod ) 

BigNum  const  * e 1 , 
BigNum  const  * e 2 , 


unsigned  nlsize,  elsize,  n 2 s i z e , 


e 2 s i z e , msize; 


nlsize 
elsize 
n 2 s i z e 
e 2 s i z e 
msize 


bni No  rm_1 6 ( (BNW0RD1 6 
bn i No  rm_1 6( (BNW0RD1 6 
bni No  rm_1 6 ( (BNW0RD1 6 
bni No  rm_1 6 ( (BNW0RD1 6 
bni NormJ 6 ( (BNW0RD1 6 * 


*)n1->ptr 
* ) el ->pt  r 
* ) n2->pt  r 
* ) e2->pt  r 
) mod->pt  r 


/ 

/ 

f 

/ 

f 


n1->size); 
el ->si ze)  ; 
n2->size); 
e2->size); 
mod->size); 


it  ('.msize  ||  (((BNW0RD16  *)mod->ptr)CBIGLITTLE(-1,0)J  & 1)  ==  0) 

return  -1;  / * Illegal  modulus!  * / 

b n S i z e C h e c k ( d e s t , msize); 

if  ( bn i D o u b l e E x pMo d_1 6 ( ( B N WO R D 1 6 *)dest->ptr, 

(BNW0RD16  *)n1->ptr,  nlsize,  (BNW0RD16  *)e1->ptr,  elsize, 
(BNW0RD16  *)n2->ptr,  n2size,  (BNW0RD16  *)e2->ptr,  e2si ze, 
(BNW0RD16  *)mod->ptr,  msize)  < 0) 
return  - 1 ; 

dest->size  = b n i N o r m_1 6 ( ( B N WO R D 1 6 *)dest->ptr,  msize); 

MALLOCDB; 

return  0 ; 


i nt 

bnT w o E x pM od_1 6 ( s t r u c t BigNum  *n,  struct  BigNum  const  *exp, 
struct  BigNum  const  *mod) 

{ 


unsigned  esize,  msize; 


esize  - bn i N o r m_1 6 ( ( B N WO R D 1 6 *)exp->ptr,  exp->size); 
msize  = bn i N o rm_1 6 ( ( BN W 0 R D 1 6 *)mod->ptr,  mod->size); 

if  (Imsize  ||  ( ( (BNW0RD16  * ) m o d - > p t r ) C B I G L I TT L E ( - 1 , 0 ) H & 1)  ==  0) 

return  -1;  /*  Illegal  modulus!  */ 

bnSizeCheckCn,  msize) ; 


if  ( bn i TwoExpMod_1 6 ( ( BNW0RD1 6 *)n->ptr,  (BNW0RD16  *)exp->ptr,  esize, 

(BNW0RD16  *)mod->ptr,  msize)  < 0) 

return  -1; 

n->size  = bn i N o rm_1 6 ( ( BN WO R D 1 6 *)n->ptr,  msize); 

MALLOCDB; 
return  0; 


i n t 

bnG cd_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *a,  struct  BigNum  const  *b) 

{ 

BNW0RD1 6 * t m p ; 
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unsigned  asize,  bsize; 
i n t i ; 


/* 

Kind 

ot  silly,  but 

we  mi 

i t 

(a  = 

= b) 

return 

dest  == 

a ? 

/* 

Ensure  a is 

not  the 

same 

i t 

(a  = 

= dest) 
a = b ; 

{ 

b = dest; 


ght  as  well  permit  it...  * / 

0 : bnCopyCdest,  a); 
as  "dest"  * / 


asize  = bn i N o r m_1 6 ( ( BN WO R D 1 6 *)a->ptr,  a->size); 
bsize  = b n i N o rm_1 6 ( ( BN WO R D 1 6 *)b->ptr,  b->size); 

bn S i z e C h e c k ( d e s t , bsize  + 1); 


> 


/ * Copy  a to  tmp  * / 

BNIALLOC(tmp,  BNW0RD16,  asize+1); 
it  ( ! t mp  ) 

return  - 1 ; 

bn i C o py_1 6 ( t mp , (BNW0RD16  *)a->ptr,  asize); 


/*  Copy  b to  dest,  it  necessary  */ 
it  (dest  !=  b) 

b n i C o py_1 6((BNW0RD16  *)dest->ptr, 

(BNW0RD16  *)b->ptr,  bsize); 
it  (bsize  > asize  ||  (bsize  ==  asize  && 

b n i C m p_1 6 ( ( B N W 0 R D 1 6 *)b->ptr,  (BNW0RD16  *)a->ptr,  asize)  > 0)) 

{ 


i 

i t 


> else  C 


bn i Gcd_1 6 ( ( BNW0RD1 6 *)dest->ptr,  bsize,  tmp,  asize, 
&dest->size); 

i > 0)  /*  Result  in  tmp,  not  dest  */ 

b n i C o py_1 6 ( ( B N W 0 R D 1 6 *)dest->ptr,  tmp,  dest->size); 


i = bn i G cd_1 6 ( tmp,  asize,  (BNW0RD16  *)dest->ptr,  bsize, 
&dest->si ze)  ; 

it  (i  ==  0)  /*  Result  in  tmp,  not  dest  */ 

b n i C o py_1 6 ( ( B N W 0 R D 1 6 *)dest->ptr,  tmp,  dest->size); 

} 

BNIFREE(tmp,  asize+1); 

MALLOCDB; 

return  (i  < 0)  ? i : 0; 


i n t 
b n I n v 

C 


16(struct  BigNum  *dest,  struct 
struct  BigNum  const  *mod) 

unsigned  s,  m; 
i n t i ; 


BigNum  const  *src. 


s = b n i N o rm_1 6 ( ( B N W0 R D 1 6 *)src->ptr,  src->size); 
m = b n i N o rm_1 6 ( ( BN W 0 R D 1 6 *)mod->ptr,  mod->size); 

/*  bnilnv_16  requires  that  the  input  be  less  than  the  modulus  */ 
it  ( m < s || 

( m==s  &&  bni Cmp_16( (BNW0RD16  *)src->ptr,  (BNW0RD1 6 *)mod->ptr,  s))) 
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{ 

bnSizeCheckCdest,  s + ( m = = s ) ) ; 
if  (dest  !=  src) 

bni C opy_1 6 ( (BNW0RD16  *)dest->ptr, 

(BNW0RD16  *)src->ptr,  s ) ; 

/*  Pre-reduce  modulo  the  modulus  */ 

( v o i d ) b n i D i v_1 6 ( ( B N W 0 R D 1 6 *)dest->ptr  B I G L I T T L E ( -m  , + m ) , 

(BNW0RD16  * ) d e s t -> p t r , s, 

(BNW0RD1 6 *)mod->ptr,  m ) ; 
s = bn i Norm_1 6 ( ( BNW0RD1 6 *)dest->ptr,  m); 

MALLOCDB; 

> else  t 

bnSizeCheckCdest,  m+1 ) ; 
if  (dest  ! = src) 

bni C o py_1 6 ( (BNW0RD16  *)dest->ptr, 

(BNW0RD16  *)src->ptr,  s ) ; 

> 

i = bniInv_16((BNW0RD16  *)dest->pt  r,  s,  (BNW0RD16  *)mod->ptr,  m); 
if  ( i ==  0) 

dest->size  = b n i N o r m_1 6 ( ( B N W 0 R D 1 6 *)dest->ptr,  m); 

MALLOCDB; 
return  i ; 

> 

/ * 

* Shift  a bignum  left  the  appropriate  number  of  bits, 

* multiplying  by  2Aamt. 

* / 
i n t 

bn L S h i f t_1 6 ( s t r u c t BigNum  *dest,  unsigned  amt) 

{ 

unsigned  s = dest->size; 

BNW0RD16  carry; 

if  (amt  / 16)  { 

carry  = b n i L s h i f t_1 6 ( ( B N W 0 R D 1 6 *)dest->ptr,  s,  amt  % 16); 
if  (carry)  C 
s + + ; 

bnSizeCheckCdest,  s); 

((BNW0RD16  *)dest->ptr)CBIGLITTLE(-s,s-1)D  = carry; 

> 

> 

amt  /=  16; 
if  (amt)  C 

bnSizeCheckCdest,  s+amt); 

memmove  ( ( BNW0RD1  6 *)dest->ptr  B I G L I T T L E ( - s -a m t , +amt), 
(BNW0RD16  *)dest->ptr  BIG(-s), 
s * s i z e o f ( BN WO R D 1 6 ) ) ; 
bn i Z e r o_1 6 ( ( B NWO R D 1 6 *)dest->ptr,  amt); 
s +=  amt; 

> 

dest->size  = s; 

MALLOCDB; 
return  0; 

> 
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/* 

* Shift  a bignum  right  the  appropriate  number  of  bits, 

* dividing  by  2 A a m t . 

* / 

void  bn R S h i f t_1 6 ( s t r u c t BigNum  *dest,  unsigned  amt) 

unsigned  s = dest->size; 

if  (amt  >=  16)  C 
memmo ve ( 

(BNW0RD16  *)dest->ptr  B I G ( - s + a m t / 1 6 ) , 
(BNW0RD16  *)dest->ptr  B I G L I T T L E ( - s , +amt/16), 
s-amt/16  * sizeof(BNW0RDl6)); 
s -=  amt/16; 
amt  % = 16; 

> 

if  (amt) 

( vo i d ) bn i R s h i f t_1 6 ( ( BNWO R D 1 6 *)dest->ptr,  s,  amt); 

dest->size  = bn i N o rm_1 6 ( ( B N WO R D 1 6 *)dest->ptr,  s); 

MALLOCDB; 


/ * 

* Shift  a bignum  right  until  it  is  odd,  and  return  the  number  of 

* bits  shifted.  n = d * 2As.  Replaces  n with  d and  returns  s. 

* Returns  0 when  given  0.  (Another  valid  answer  is  infinity.) 

*/ 

unsigned 

b n M a k e 0 d d_1 6 ( s t r u c t BigNum  *n) 

{ 

unsigned  size; 

unsigned  s;  / * shift  amount  * / 

BNW0RD16  * p ; 

BNW0RD16  t; 

p = (BNW0RD16  * ) n - > p t r ; 

size  = b n i N o r m_1 6 ( p , n->size); 

if  ( ! s i z e ) 

return  0; 

t = BIGLITTLElpC-l ],pC0]); 
s = 0 ; 

/*  See  how  many  words  we  have  to  shift  */ 
if  ( ! t ) f 

/*  Shift  by  words  */ 
do  { 


s + + ; 

BIGLITTLE (--p,p++) ; 

> while  ( ( t = BIGLITTLE(pC-1 □ , p E 0 □ ) ) ==  0); 
size  - = s ; 
s * = 16; 

memmo v e (( BNWO R D 1 6 *)n->ptr  BIG(-size),  p BIG(-size), 
size  * s i z e o f ( B N W 0 R D 1 6 ) ) ; 
p = (BNW0RD16  *)n->ptr; 

MALLOCDB; 
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> 

assert(t); 

/*  Now  count  the  bits  */ 
while  ( (t  & 1 ) ==  0)  { 
t > > = 1 ; 
s + + ; 

> 

/ * Shift  the  bits  * / 
if  ( s & (16-1))  { 

b n i R s h i f t_1 6 ( p , size,  s & (16-1)); 

/ * Renormalize  */ 

if  ( B I G L I T T L E ( * ( p- s i z e ) , * ( p+ ( s i z e - 1 ) ) ) ==  0) 
--si z e ; 

> 

n->size  = size; 

MALLOCDB; 
return  s; 
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bnl6.h 

/ * 

* bn16.h  - interface  to  16-bit  bignum  routines. 

* 

* $ I d : bnl 6 . h , v 1.1  2 1 996/1  1 /1  2 01:42:38  mhw  Exp  $ 
*/ 

struct  BigNum; 


void  bnInit_16(void); 

void  bn E nd_1 6 ( s t r u c t BigNum  *bn); 

int  bnPreal Loc_16(struct  BigNum  *bn. 


unsigned  bits) 


char  * d e s t , 


*src 


s r c ) ; 

B i gNum 
B i gNum 


const 

const 


* b ) ; 

* s r c ) 


int  b n C o py_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *src) 
int  bn S w a p_1 6 ( s t r u c t BigNum  *a,  struct  BigNum  *b); 
void  bn N o r m_1 6 ( s t r u c t BigNum  *bn); 

void  bn E x t r a c t B i g By t e s_1 6 ( s t r u c t BigNum  const  *bn,  unsigned 
unsigned  Isbyte,  unsigned  dlen); 
int  bn  I n s e r t B i g By t e s_1 6 ( s t r u c t BigNum  *bn,  unsigned  char  const 
unsigned  Isbyte,  unsigned  len); 

void  b n E x t r a c t L i t t L e By t e s_1 6 ( s t r u c t BigNum  const  *bn,  unsigned  char 
unsigned  Isbyte,  unsigned  dlen); 

int  bn  I n s e r t L i 1 1 l e By t e s_1 6 ( s t r u c t BigNum  *bn,  unsigned  char  const  *src 
unsigned  Isbyte,  unsigned  len); 
unsigned  b n L S W o r d_1 6 ( s t r u c t BigNum  const  * s r c ) ; 
unsigned  bnBits_16(struct  BigNum  const  * s r c ) ; 

int  bn Add_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *src); 
b n S u b_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *src); 
b n C mpQ_1 6 ( s t r u c t BigNum  const  *a,  unsigned  b); 
b n S e t Q_1 6 ( s t r u c t BigNum  *dest,  unsigned  src); 
bn AddQ_1 6 ( s t ru c t BigNum  *dest,  unsigned  src); 
b n S u bQ_1 6 ( s t r u c t BigNum  *dest,  unsigned 
bnCmp_1 6 ( s t rue t BigNum  const  *a,  struct 
bnSquare_16(struct  BigNum  *dest,  struct 
bnMu l_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *a, 
struct  BigNum  canst  *b); 

bn M u l Q_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *a,  unsigned  b); 
bn D i vMod_1 6 ( s t r u c t BigNum  *q,  struct  BigNum  *r,  struct  BigNum  const 
struct  BigNum  const  * d ) ; 

bnMo d_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *src, 
struct  BigNum  const  * d ) ; 

unsigned  bnModQ_1 6 ( s t r u c t BigNum  const  *src,  unsigned  d); 
int  bn E x pMod_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *n, 
struct  BigNum  const  *exp,  struct  BigNum  const  * m o d ) ; 
bn D ou b l e E x pMod_1 6 ( s t r u c t BigNum  *dest, 

struct  BigNum  const  *n1,  struct  BigNum  const  *e1, 
struct  BigNum  const  *n2,  struct  BigNum  const  *e2, 
struct  BigNum  const  * m o d ) ; 

b nT w o E x pMod_1 6 ( s t r u c t BigNum  *n,  struct  BigNum  const  *exp, 
struct  BigNum  const  * m o d ) ; 

int  bn G c d_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *a, 
struct  BigNum  const  * b ) ; 

int  b n I n v_1 6 ( s t r u c t BigNum  *dest,  struct  BigNum  const  *src, 
struct  BigNum  const  *mod); 
int  bn LS h i f t_1 6 ( s t r u c t BigNum  *dest,  unsigned  amt); 
void  bn R S h i f t_1 6 ( s t r u c t BigNum  *dest,  unsigned  amt); 
unsigned  bnMa ke0dd_1 6 ( s t ru c t BigNum  *n); 


* d e s t , 


i n t 
i n t 
i n t 
i n t 
i n t 
i n t 
i n t 
i n t 

i n t 
int 

i n t 


* n 


i n t 


i nt 
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bn68000.c 

/ * 

* bn68000.c  - bnlnitC)  for  Motorola  680x0  family,  16  or  32-bit. 

* 

* Written  in  1995  by  Colin  Plumb. 

★ 

* $ I d : bn68000.c,v  1.4  1 996/1  1 /1  2 01:42:38  mhw  Exp  $ 

*/ 


//include  "bni.h" 

//include  "bn16.h" 

//include  "bn32.h" 

//  i f n d e f BNINCLUDE 

//error  You  must  define  BNINCLUDE  to  bni68000.h  to  use  assembly  primitives. 
//  e n d i f 


void 

bnlnit(void) 


> 


if  (is68020()) 

bn  I n i t_3  2 ( ) ; 

else 

bnlnit_16(); 
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bn8086.c 

/* 


bn8086.c  - 

bn  I n i t ( ) 

for  Intel  x86 

family  in 

1 6-bi t mode 

Written  in 

1995  by 

Colin  Plumb. 

$Id:  bn8086 

. c , v 1.5 

1996/11 / 1 2 01 

: 42  : 38  mhw 

Exp  $ 

*/ 

^include  "bni.h" 

# i n c l ud e "bn16.h" 

^include  " b n3 2 . h " 

tfifndef  BNINCLUDE 

terror  You  must  define  BNINCLUDE  to  bni8086.h  to  use  assembly  primitives. 

# e nd  i f 


void 

bnlnit(void) 


> 


if  ( no  t 386 ( ) ) 
bn  I n i t 

else 


bn  I n i t 


16  0; 
3 2 0; 
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bni.h 

/ * 


* 

bni.h  - 

Low 

-level 

bignum  header. 

•k 

•!> 

Defines 

various  word  sizes  and  useful 

macros 

X 

★ 

Written 

by 

Colin 

Plumb 

★ 

★ 

$ I d : b n i 

. h. 

v 1 . 3 

1 996/1  1 / 1 2 01  : 4 2 : 3 9 

m h w Exp 

*/ 

# i f n d e f BN I_H 
//define  BNI_H 

//  i f nd  e f H A V E_C ON F I G_H 
//define  H A V E_C  ON  F I G_H  0 
ft  e nd  i f 

ft  if  H A V E_C  0 N F I G H 

//include  "config.h" 
ft  end  i f 

/* 

* Some  compilers  complain  about  //if  FOO  if  FOO  isn't  defined, 

* so  do  the  A N S I -ma nd a t ed  thing  explicitly... 

*/ 

ZHfndef  N 0_L  I M I T S_H 
//define  NO_LIMITS_H  0 
tte  nd  i f 

/*  Make  sure  we  have  8-bit  bytes  */ 

//if  ! N 0_L  I M I T S_H 
//include  <limits.h> 

//if  U C H A R_M  A X !=  Oxff  ||  C H A R_B  I T !=  8 

//error  The  bignum  library  requires  8-bit  unsigned  characters. 
ft  e n d i f 

ft  end  i f /*  !NO_LIMITS_H  */ 

//ifdef  BNINCLUDE  /* 

//define  STR(x)  ft  x / * 

//define  XSTR(x)  STR(x)  /* 

//include  X S T R ( B N I N C L U D E ) 

//undef  XSTR 
//undef  STR 
ft  end  i f 

/*  Do  we  want  bnYieldl)?  */ 

# i f nde  f BNYIELD 
//define  BNYIELD  0 
ft  e n d i f 

/*  Figure  out  the  endianness  */ 

/*  Error  if  more  than  one  is  defined  */ 

//if  BN_BIG_ENDI  AN  &&  B N_L  I T T L E_E  N D I A N 

//error  Only  one  of  B N_B  I G_E  N D I A N or  B N_L  I TT  L E_E  N D I A N may  be  defined 
tte  nd  i f 

/ * 

* If  no  preference  is  stated,  little-endian  C code  is  slightly  more 

* efficient,  so  prefer  that.  (The  endianness  here  does  NOT  have  to 

* match  the  machine's  native  byte  sex;  the  library's  C code  will  work 

* either  way.  The  flexibility  is  allowed  for  assembly  routines 


If  this  is  defined  as,  say,  foo.h  */ 
STR(BNINCLUDE)  ->  "BNINCLUDE"  */ 
XSTR(BNINCLUDE)  ->  STR(foo.h)  ->  "foo.h"  */ 
/*  //include  "foo.h"  */ 
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* that  do  care. 

* / 

# i f ! def i n e d ( BN_B I G_E N D I A N ) &&  ! d e f i n e d ( B N_L I T T L E_E N D I A N ) 

//define  B N_L I T T L E_E N D I A N 1 

//endif  /*  ! B N_B I G_E N D I A N &&  ! B N_L I TT L E_E N D I A N */ 

/*  Macros  to  choose  between  big  and  little  endian  */ 

//if  BN_BIG_ENDI AN 

//define  BIG(b)  b 

//define  LITTLECl)  /*nothing*/ 

//define  BIGLITTLE ( b, l ) b 
//  e l i f B N_L ITTLE_ENDIAN 
//define  BIG(b)  /*nothing*/ 

//define  LITTLECl)  l 
//define  B I G L I T T L E ( b , l ) l 
ft  e l s e 

//error  One  of  B N_B  I G_E  N D I A N or  B N_L  I T T L E_E  N D I A N must  be  defined  as  1 
ft  e nd  i f 


/ * 

* Find  a 16-bit  unsigned  type. 

* Unsigned  short  is  preferred  over  unsigned  int  to  make  the  type  chosen 

* by  this  file  more  stable  on  platforms  (such  as  many  68000  compilers) 

* which  support  both  16-  and  32-bit  ints. 

* / 

# i f nd  e f BNW0RD16 

//ifndef  USHRT_MAX  /*  No  <limits.h>  available  - guess  */ 

typedef  unsigned  short  bnword16; 

#define  BNW0RD16  bnword16 

# e l i f U S H R T_M  A X ==  Oxffff 
typedef  unsigned  short  bnword16; 

^define  BNW0RD16  bnword16 

# e l i f U I N T_M  A X ==  Oxffff 
typedef  unsigned  bnword16; 

//define  BNW0RD16  bnword16 
ft  e nd  i f 

#endif  /*  BNW0RD1 6 */ 


/ * 

* Find  a 32-bit  unsigned  type. 

* Unsigned  long  is  preferred  over  unsigned  int  to  make  the  type  chosen 

* by  this  file  more  stable  on  platforms  (such  as  many  68000  compilers) 

* which  support  both  16-  and  32-bit  ints. 

* / 

ZHfndef  BNW0RD32 

//ifndef  UL0NG_MAX  /*  No  <limits.h>  available  - guess  */ 

typedef  unsigned  long  bnword32; 

//define  BNW0RD32  bnword32 
#elif  U L 0 N G_M  A X ==  Oxfffffffful 
typedef  unsigned  long  bnword32; 

//define  BNW0RD32  bnword32 
# e l i f U I N T_M  A X ==  Oxffffffff 
typedef  unsigned  bnword32; 

#define  BNW0RD32  bnword32 

tfe  lif  U S H R T_M  A X ==  Oxffffffff 

typedef  unsigned  short  bnword32; 

//define  BNW0RD32  bnword32 
ft  e n d i f 
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//end  i f /*  BNW0RD16  */ 

/* 

* Find  a 64-bit  unsigned  type. 

* The  conditions  here  are  more  complicated  to  avoid  using  numbers  that 

* will  choke  lesser  preprocessors  (like  0 x f f f f f f f f f f f f f f f f ) unless 

* we're  reasonably  certain  that  they'll  be  acceptable. 

* / 

//if  ! def  i ned  ( BNW0RD64  ) &&  U L 0 N G_M  A X > Oxfffffffful 
//if  U LO  N G_M  A X ==  Oxf  f f f f f f f f f f f f f f f 
typedef  unsigned  long  bnword64; 

//define  BNW0RD64  bnword64 
# e nd  i f 
U e n d i f 

/* 

* I would  test  the  value  of  unsigned  long  long,  but  some  *preprocessors* 

* don't  constants  that  long  even  if  the  compiler  can  accept  them,  so  it 

* doesn't  work  reliably.  So  cross  our  fingers  and  hope  that  it's  a 64-bit 

* type. 

* 

* GCC  uses  U L 0 N G_L  0 N G_M  A X . Solaris  uses  1)  L L 0 N G_M  A X . IRIX  uses  U L 0 N G LO  N G_M  A X . 

* Are  there  any  other  names  for  this? 

* / 

ft  if  ! def i ned ( BNW0RD64  ) &&  \ 

(def  i ned ( UL0NG_L0NG_MAX ) ||  defined  ( U L L 0 N G_M  AX)  ||  d e f i n e d ( U L 0 N G L 0 N G_M A X ) ) 

typedef  unsigned  long  long  bnword64; 

//define  BNW0RD64  bnword64 
tt  e n d i f 

/*  We  don't  even  try  to  find  a 128-bit  type  at  the  moment  */ 

//endif  / * ! B N I H * / 


266 


lib/bn/bniOO.c 


bniOO.c 

/* 

* bniOO.c  - auto-size-detecting  bni??.c  file. 

★ 

* Written  in  1995  by  Colin  Plumb. 

k 

* $ I d : bniOO.c, v 1.2  1 996/1  1 /1  2 01:42:39  mhw  Exp  $ 
*/ 


//include  "bnsizeOO.h" 

//if  BNSIZE64 

/*  Include  all  of  the  C source  file  by  reference  */ 
//include  "bni64.c" 

//  e l i f BNSIZE32 

/*  Include  all  of  the  C source  file  by  reference  */ 
//include  "bni32.c" 

//else  /*  BNSIZE16  */ 

/*  Include  all  of  the  C source  file  by  reference  */ 
//include  "bni16.c" 

//end  i f 
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bnil6.c 

/* 

* bni16.c  - Low-Level  bignum  routines,  16-bit  version. 

* 

* Written  by  Colin  Plumb. 

★ 

* $Id:  bni16.c,v  1.3. 2.1  1996/11/14  04:09:21  cbertsch  Exp  $ 

* 

* NOTE:  the  magic  constants  "16"  and  "32"  appear  in  many  places  in  this 

* file,  including  inside  identifiers.  Because  it  is  not  possible  to 

* ask  "#ifdef"  of  a macro  expansion,  it  is  not  possible  to  use  the 

* preprocessor  to  conditionalize  these  properly.  Thus,  this  file  is 

* intended  to  be  edited  with  textual  search  and  replace  to  produce 

* alternate  word  size  versions.  Any  reference  to  the  number  of  bits 

* in  a word  must  be  the  string  "16",  and  that  string  must  not  appear 

* otherwise.  Any  reference  to  twice  this  number  must  appear  as  "32", 

* which  likewise  must  not  appear  otherwise.  Is  that  clear? 

* 

* Remember,  when  doubling  the  bit  size  replace  the  larger  number  (32) 

* first,  then  the  smaller  (16).  When  halving  the  bit  size,  do  the 

* opposite.  Otherwise,  things  will  get  wierd.  Also,  be  sure  to  replace 

* every  instance  that  appears.  (:%s/foo/bar/g  in  vi) 

* 

* These  routines  work  with  a pointer  to  the  least-significant  end  of 

* an  array  of  W0RD16s.  The  BIG(x),  LITTLE(y)  and  B I G L T T L E ( x , y ) macros 

* defined  in  bni.h  (which  expand  to  x on  a big-edian  machine  and  y on  a 

* little-endian  machine)  are  used  to  conditionalize  the  code  to  work 

* either  way.  If  you  have  no  assembly  primitives,  it  doesn't  matter. 

* Note  that  on  a big-endian  machine,  the  l e a s t - s i g n i f i c a n t - e n d pointer 

* is  ONE  PAST  THE  END.  The  bytes  are  ptrC-ID  through  ptrl-lenJ. 

* On  little-endian,  they  are  ptrUOIl  through  ptrClen-1].  This  makes 

* perfect  sense  if  you  consider  pointers  to  point  *between*  bytes  rather 

* than  at  them. 

* 

* Because  the  array  index  values  are  unsigned  integers,  ptrC-iD 

* may  not  work  properly,  since  the  index  -i  is  evaluated  as  an  unsigned, 

* and  if  pointers  are  wider,  zero-extension  will  produce  a positive 

* number  rahter  than  the  needed  negative.  The  expression  used  in  this 

* code,  *(ptr-i)  will,  however,  work.  (The  array  syntax  is  equivalent 

* to  *(ptr+-i),  which  is  a pretty  subtle  difference.) 

* 

* Many  of  these  routines  will  get  very  unhappy  if  fed  zero-length  inputs. 

* They  use  assertO  to  enforce  this.  An  higher  layer  of  code  must  make 

* sure  that  these  aren't  called  with  zero-length  inputs. 

* 

* Any  of  these  routines  can  be  replaced  with  more  efficient  versions 

* elsewhere,  by  just  #defining  their  names.  If  one  of  the  names 

* is  ^defined,  the  C code  is  not  compiled  in  and  no  declaration  is 

* made.  Use  the  BNINCLUDE  file  to  do  that.  Typically,  you  compile 

* asm  subroutines  with  the  same  name  and  just,  e.g. 

* tfdefine  bn i Mu l Add  1 _1 6 bn i Mu l Add  1 _1 6 

* 

* If  you  want  to  write  asm  routines,  start  with  bn i Mu l Add1_1 6 ( ) . 

* This  is  the  workhorse  of  modular  exponentiation.  bn i Mu l N 1_1 6 ( ) is 

* also  used  a fair  bit,  although  not  as  much  and  it's  defined  in  terms 

* of  bniMulAdd1_16  if  that  has  a custom  version.  bniMulSub1_16  and 

* bniDiv21_16  are  used  in  the  usual  division  and  remainder  finding. 

* (Not  the  Montgomery  reduction  used  in  modular  exponentiation,  though.) 

* Once  you  have  bn i Mu l Add1_1 6 defined,  writing  the  other  two  should 
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* be  pretty  easy.  (Just  make  sure  you  get  the  sign  of  the  subtraction 

* in  bniMulSub1_16  right  - it's  dest  = dest  - source  * k.) 

* 

* The  only  definitions  that  absolutely  need  a double-word  (BNW0RD32) 

* type  are  b n i M u l A d d 1 _1 6 and  b n i M u l S u b 1 _1  6 ; if  those  are  provided, 

* the  rest  follows.  bniDiv21_16,  however,  is  a lot  slower  unless  you 

* have  them,  and  bniModQ_16  takes  after  it.  That  one  is  used  quite  a 

* bit  for  prime  sieving. 

*/ 

# i f nd  e f H A V E_C 0 N F I G_H 
//define  H A V E_C 0 N F I G_H  0 
ft  e nd  i f 

#if  H A V E_C  0 N F I G_H 
//include  "config.h" 

Ue  nd  i f 

/ * 

* Some  compilers  complain  about  //if  F00  if  F00  isn't  defined, 

* so  do  the  A N S I -ma nd a t e d thing  explicitly... 

* / 

# i f nde  f N 0_A  S S E R T_H 
//define  N 0_A  S S E R T_H  0 
//end  i f 

//  i f nd  e f N 0_S  T R I N G_H 
//define  N 0_S  T R I N G_H  0 
ft  end  i f 

# i f nde  f H A V E_S T R I N G S_H 
//define  H A V E_S  T R I N G S_H  0 
//end  i f 

# i f nd  e f N E E D_M E MO R Y_H 
//define  N E E D_M  E MO  R Y_H  0 

# e nd  i f 


//if  ! N 0_A  S S E R T_H 
//include  <assert  . h> 

//else 

//define  assert(x)  (void)O 
ft  e n d i f 


ft  i f ! N 0_S  T R I N G_H 

^include  <string.h>  /*  For  memcpy  */ 

# e l i f HAVE_STR I NGS_H 
//include  <strings.h> 

U e nd  i f 

//if  NEE  D_M  E M 0 R Y_H 
//include  <memory  . h> 

//end  i f 


//include 

//include 

//include 

//include 

//include 


bn i . h " 
bni 1 6 . h" 
bn i mem  . h " 
legal  . h " 

kludge,  h " 


//ifndef  BNW0RD16 

terror  16-bit  bignum  library  requires  a 16-bit  data  type 
ft  e nd  i f 
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/*  Make  sure  the  copyright  notice  gets  included  */ 

volatile  const  char  * volatile  const  bniCopyright_16  = bnCopyright; 

/*  If  this  is  defined,  include  bnYieldC)  calls  */ 

# i f BNYIELD 

extern  int  ( * b n Y i e l d ) ( v o i d ) ; /*  From  bn.c  */ 

# e nd  i f 


/ * 

* Most  of  the  multiply  (and  Montgomery  reduce)  routines  use  an  outer 

* loop  that  iterates  over  one  of  the  operands  - a so-called  operand 

* scanning  approach.  One  big  advantage  of  this  is  that  the  assembly 

* support  routines  are  simpler.  The  loops  can  be  rearranged  to  have 

* an  outer  loop  that  iterates  over  the  product,  a so-called  product 

* scanning  approach.  This  has  the  advantage  of  writing  less  data 

* and  doing  fewer  adds  to  memory,  so  is  supposedly  faster.  Some 

* code  has  been  written  using  a product-scanning  approach,  but 

* it  appears  to  be  slower,  so  it  is  turned  off  by  default.  Some 

* experimentation  would  be  appreciated. 

* 

* (The  code  is  also  annoying  to  get  right  and  not  very  well  commented, 

* one  of  my  pet  peeves  about  math  libraries.  I'm  sorry.) 

* / 

# i f n d e f PRODUCT_SCAN 
tfdefine  PRODUCT_SCAN  0 

# e n d i f 

/* 

* Copy  an  array  of  words.  <Marvin  mode  on>  Thrilling,  isn't  it?  </Marvin> 

* This  is  a good  example  of  how  the  byte  offsets  and  BIGLITTLE()  macros  work. 

* Another  alternative  would  have  been 

* memcpy(dest  BIG(-len),  src  BIG(-len),  l e n * s i z e o f ( B N W 0 R D 1 6 ) ) , but  I find  that 

* putting  operators  into  conditional  macros  is  confusing. 

* / 

#ifndef  bniCopy_16 
void 

b n i C o p y_1 6 ( B N W 0 R D 1 6 *dest,  BNW0RD16  const  *src,  unsigned  len) 

{ 

memcpy(BIGLITTLE(dest-len,dest),  BIGLITTLE(src-len,src), 
len  * sizeof(*src)); 

> 

#endif  /*  !bniCopy_16  */ 


/ * 

* Fill  n words  with  zero.  This  does  it  manually  rather  than  calling 

* memset  because  it  can  assume  alignment  to  make  things  faster  while 

* memset  can't.  Note  how  big-endian  numbers  are  naturally  addressed 

* using  predecrement,  while  little-endian  is  postincrement. 

* / 

#ifndef  bniZero_16 
void 

b n i Z e r o_1 6 ( B N W 0 R D 1 6 *num,  unsigned  len) 

{ 

while  (len--) 

BIGLITTLE(*--num,*num++)  = 0; 

} 

#endif  /*  IbniZero  16  */ 
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/* 

* Negate  an  array  of  words. 

* Negation  is  subtraction  from  zero.  Negating  low-order  words 

* entails  doing  nothing  until  a non-zero  word  is  hit.  Once  that 

* is  negated,  a borrow  is  generated  and  never  dies  until  the  end 

* of  the  number  is  hit.  Negation  with  borrow,  -x-1,  is  the  same 

* Repeat  that  until  the  end  of  the  number. 

ic 


* Doesn't  return  borrow  out  because  that's  pretty  useless  - it's 

* always  set  unless  the  input  is  0,  which  is  easy  to  notice  in 

* normalized  form. 

* / 

ftifndef  bniNeg_16 
void 

b n i N e g_1 6 ( B N WO R D 1 6 *num,  unsigned  len) 

{ 

assertl len); 


a s 


x . 


/*  Skip  low-order  zero  words  */ 
while  ( B I G L I T T L E ( *--n urn , * n urn ) ==  0)  ( 
if  (!--len) 

return; 

LITTLE(num++;) 

> 

/*  Negate  the  lowest-order  non-zero  word  */ 
* n u m = - * n u m ; 

/*  Complement  all  the  higher-order  words  */ 
while  (--len)  { 

BIGLITTLE(--num,++num); 

* n u m = ~ * n u m ; 

} 

> 

#endif  /*  !bniNeg_16  */ 


/ * 

* bniAdd1_16:  add  the  single-word  "carry"  to  the  given  number. 

* Used  for  minor  increments  and  propagating  the  carry  after 

* adding  in  a shorter  bignum. 

* 

* Technique:  If  we  have  a double-width  word,  presumably  the  compiler 

* can  add  using  its  carry  in  inline  code,  so  we  just  use  a larger 

* accumulator  to  compute  the  carry  from  the  first  addition. 

* If  not,  it's  more  complex.  After  adding  the  first  carry,  which  may 

* be  > 1,  compare  the  sum  and  the  carry.  If  the  sum  wraps  (causing  a 

* carry  out  from  the  addition),  the  result  will  be  less  than  each  of  the 

* inputs,  since  the  wrap  subtracts  a number  ( 2 A 1 6 ) which  is  larger  than 

* the  other  input  can  possibly  be.  If  the  sum  is  >=  the  carry  input, 

* return  success  immediately. 

* In  either  case,  if  there  is  a carry,  enter  a loop  incrementing  words 

* until  one  does  not  wrap.  Since  we  are  adding  1 each  time,  the  wrap 

* will  be  to  0 and  we  can  test  for  equality. 

* / 

#ifndef  bniAdd1_16  /*  If  defined,  it's  provided  as  an  asm  subroutine  */ 

#ifdef  BNW0RD32 
BNW0RD1 6 

bn i Add  1 _1 6 ( BNWO R D 1 6 *num,  unsigned  len,  BNW0RD16  carry) 

{ 

BNW0RD32  t; 
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assert ( len  > 0);  / * Alternative:  if  (!len)  return  carry  * / 

t = (BNW0RD32)BIGLITTLE(*  — num,*num)  + carry; 
BIGLITTLE(*num,*num++)  = (BNWORD16)t; 
if  ( (t  >>  16)  ==  0) 
return  0; 
while  (--len)  { 

if  ( + + B I G L I TT L E ( * --n urn , * n um  + + ) !=  0) 

return  0; 

> 

return  1; 

> 

#else  /*  no  BNW0RD32  */ 

BNW0RD1  6 

b n i A d d 1 _1  6 ( B N W 0 R D 1 6 *num,  unsigned  len,  BNW0RD16  carry) 

{ 

assert ( len  > 0);  / * Alternative:  if  (!len)  return  carry  * / 

if  ( ( B I G L I T T L E ( * — num,*num++)  +=  carry)  >=  carry) 
return  0; 
while  (--len)  { 

if  ( + + B I G L I T T L E ( * -- n u m , * n u m + + ) !=  0) 

return  0; 

> 

return  1; 

> 

# e n d i f 

#endif/*  IbniAddl  16  */ 


/* 

* bniSub1_16:  subtract  the  single-word  "borrow"  from  the  given  number. 

* Used  for  minor  decrements  and  propagating  the  borrow  after 

* subtracting  a shorter  bignum. 

* 

* Technique:  Similar  to  the  add,  above.  If  there  is  a d o u b l e - l e n g t h type, 

* use  that  to  generate  the  first  borrow. 

* If  not,  after  subtracting  the  first  borrow,  which  may  be  > 1,  compare 

* the  difference  and  the  *negative*  of  the  carry.  If  the  subtract  wraps 

* (causing  a borrow  out  from  the  subtraction),  the  result  will  be  at  least 

* as  large  as  -borrow.  If  the  result  < -borrow,  then  no  borrow  out  has 

* appeared  and  we  may  return  immediately,  except  when  borrow  ==  0.  To 

* deal  with  that  case,  use  the  identity  that  -x  = “x  + 1,  and  instead  of 

* comparing  < -borrow,  compare  for  <=  “borrow. 

* Either  way,  if  there  is  a borrow  out,  enter  a loop  decrementing  words 

* until  a non-zero  word  is  reached. 

■ k 


* Note  the  cast  of  “borrow  to  (BNW0RD16). 

* than  BNW0RD16,  C rules  say  the  number  is 

* the  inversion  will  be  done  on  an  int  and 

* is  expected. 

* / 

#ifndef  bniSub1_16  /*  If  defined,  it's 

flifdef  BNW0RD32 
BNW0RD1 6 


If  the  size  of  an  int  is  larger 
expanded  for  the  arithmetic,  so 
the  value  won't  be  quite  what 


provided  as  an  asm  subroutine  */ 


bniSub1_16(BNW0RD16  *num,  unsigned  len,  BNW0RD16  borrow) 
{ 


BNW0RD32  t ; 

assertden  > 0);  / * Alternative:  if  (!len)  return  borrow  */ 
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t = (BNW0RD32)BIGLITTLE(*  — num,*num)  - borrow; 

BIGLITTLE(*num,*num++)  = (BNW0RD16)t; 
if  ( (t  >>  16)  ==  0) 
return  0; 
while  ( --  l e n ) i 

if  ( (BIGLITTLEU  — num,*num  + + ) )--  !=  0) 
return  0; 

> 

return  1; 

> 

//else  /*  no  BNW0RD32  */ 

BNW0RD1 6 

b n i S u b 1 _1 6 ( BN WO R D 1 6 *num,  unsigned  len,  BNW0RD16  borrow) 

{ 

assert ( len  > 0);  / * Alternative:  if  (!len)  return  borrow  * / 

if  ( ( B I G L I T T L E ( *-- n um , * n um  + + ) -=  borrow)  <=  ( B N W 0 R D 1 6 ) ~ b o r r o w ) 
return  0; 
while  (--len)  { 

if  ( (BIGLITTLE(*--num,*num++) ) — !=  0) 

return  0; 

> 

return  1; 

> 

ft  e n d i f 

#endif  /*  !bniSub1_16  */ 

/ * 

* bniAddN_16:  add  two  bignums  of  the  same  length, 

* returning  the  carry  (0  or  1). 

* One  of  the  building  blocks,  along  with  bniAddl,  of  adding  two  bignums  of 

* differing  lengths. 

* 

* Technique:  Maintain  a word  of  carry.  If  there  is  no  double-width  type, 

* use  the  same  technique  as  in  bniAddl,  above,  to  maintain  the  carry  by 

* comparing  the  inputs.  Adding  the  carry  sources  is  used  as  an  OR  operator; 

* at  most  one  of  the  two  comparisons  can  possibly  be  true.  The  first  can 

* only  be  true  if  carry  ==  1 and  x,  the  result,  is  0.  In  that  case  the 

* second  can't  possibly  be  true. 

* / 

#ifndef  bniAddN_16 
# i f d e f BNW0RD32 
BNW0RD1 6 

bn i AddN_1 6 ( BNW0RD1 6 *num1,  BNW0RD16  const  *num2,  unsigned  len) 
i 

BNW0RD32  t ; 
assertC  len  > 0); 

t = (BNW0RD32)BIGLITTLE(*--num1,*num1)  + BIGLITTLE(*--num2,*num2++); 
BIGLITTLE ( *num1  ,*num1 ++ ) = (BNW0RD16)t; 
while  (--len)  { 

t = ( BN W0 R D 3 2 ) B I G L I T T L E ( *--n um 1 , * n um 1 ) + 

(BNW0RD32)BIGLITTLE(*--num2,*num2++)  + (t  >>  16); 
BIGLITTLE (*num1 ,*num1 ++)  = (BNW0RDl6)t; 

> 

return  (BNW0RD16)(t>>16); 

> 
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//else  /*  no  BNW0RD32  */ 

BNW0RD1 6 

b n i A d d N_1 6 ( B N W 0 R D 1 6 *num1,  BNW0RD16  const  *num2,  unsigned  ten) 

{ 

BNW0RD16  x,  carry  = 0; 

assertC len  > 0);  / * Alternative:  change  loop  to  test  at  start  * / 

do  { 

x = BIGLITTLE(*--num2,*num2++); 
carry  = (x  +=  carry)  < carry; 

carry  + = (BIGLITTLEC*  — num1,*num1++)  +=  x)  < x ; 

> while  (--len); 

return  carry; 

> 

# e n d i f 

U end  it  /*  !bniAddN_16  */ 

/* 

* bniSubN_16:  add  two  bignums  of  the  same  length, 

* returning  the  carry  (0  or  1). 

* One  of  the  building  blocks,  along  with  subnl,  of  subtracting  two  bignums  of 

* differing  lengths. 

* 

* Technique:  If  no  double-width  type  is  availble,  maintain  a word  of  borrow. 

* First,  add  the  borrow  to  the  subtrahend  (did  you  have  to  learn  all  those 

* awful  words  in  elementary  school,  too?),  and  if  it  overflows,  set  the 

* borrow  again.  Then  subtract  the  modified  subtrahend  from  the  next  word 

* of  input,  using  the  same  technique  as  in  subnl,  above. 

* Adding  the  borrows  is  used  as  an  OR  operator;  at  most  one  of  the  two 

* comparisons  can  possibly  be  true.  The  first  can  only  be  true  if 

* borrow  ==  1 and  x,  the  result,  is  0.  In  that  case  the  second  can't 

* possibly  be  true. 

* 

* In  the  double-word  case,  ( B N W 0 R D 1 6 ) - ( t > > 1 6 ) is  subtracted,  rather  than 

* adding  t > > 1 6 , because  the  shift  would  need  to  sign-extend  and  that's 

* not  guaranteed  to  happen  in  ANSI  C,  even  with  signed  types. 

*/ 

#ifndef  bniSubN_16 
# i f d e f BNW0RD32 
BNW0RD1 6 

b n i S u b N_1 6 ( B N W 0 R D 1 6 *num1,  BNW0RD16  const  *num2,  unsigned  len) 

{ 

BNW0RD32  t; 
assert ( len  > 0 ) ; 

t = (BNW0RD32)BIGLITTLE(*  — numl ,*num1  ) - B I G L I TT L E ( * - - n urn 2 , * n urn 2 + + ) ; 

B I G L I T T L E ( * n u m 1 , * n u m 1 ++ ) = (BNW0RD16)t; 

while  (--len)  { 

t = (BNW0RD32)BIGLITTLE(* — num1,*num1)  - 

(BNW0RD32)BIGLITTLE(* — num2,*num2++)  - 
(BNW0RD16)-(t  >>  16); 

BIGLITTLE ( *num1 ,*num1 ++)  = (BNW0RD16)t; 

> 

return  -(BNW0RD16)(t>>16); 
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> 

# e l s e 
BNW0RD1 6 

bn  i S u bN_1 6 ( B N WO R D 1 6 *num1,  BNW0RD16  const  *num2,  unsigned  ten) 

BNW0RD16  x , borrow  = 0; 

assert(len  > 0);  / * Alternative:  change  loop  to  test  at  start  * / 

do  { 

x = BIGLITTLE(*--num2,*num2++); 
borrow  = (x  +=  borrow)  < borrow; 

borrow  +=  (BIGLITTLE(*--num1,*num1++)  -=  x)  > (BNW0RD16)~x; 

> while  ( — l e n ) ; 

return  borrow; 

> 

# e nd  i f 

#endif  /*  IbniSubN  16  */ 


tfifndef  bniCmp_16 
/ * 

* bniCmp_16:  compare  two  bignums  of  equal  length,  returning  the  sign  of 

* numl  - num2.  (-1,  0 or  +1). 

* 

* Technique:  Change  the  little-endian  pointers  to  big-endian  pointers 

* and  compare  from  the  mo s t - s i g n i f i c a n t end  until  a difference  if  found. 

* When  it  is,  figure  out  the  sign  of  the  difference  and  return  it. 

*/ 

i n t 

b n i C mp_1 6 ( BN WO R D 1 6 const  *num1,  BNW0RD16  const  *num2,  unsigned  len) 

{ 

BIGLITTLECnuml  -=  len,  numl  + = len); 

B I G L I TT L E ( n um2  -=  len,  num2  +=  len); 


> 

ft  e nd  i f 


while 


(len  — ) { 

if  ( B I G L I TT L E ( * n urn  1 ++  !=  *num2  + + , *--num1  !=  *--num2) ) T 

if  ( B I G L I TT L E ( n urn  1 E - 1 ] < num2C-1H,  *num1  < *num2)  ) 
return  - 1 ; 

else 


> 


return  1; 


> 

return  0; 


/ * ! b n i C m p_1 6 * / 


/ * 

* mu l 1 6_ppmma a ( p h , p l , x , y , a , b ) is  an  optional  routine  that 

* computes  (ph,pl)  =x*y+a+b.  mul16_ppmma  and  mul16_ppmm 

* are  simpler  versions.  If  you  want  to  be  lazy,  all  of  these 

* can  be  defined  in  terms  of  the  others,  so  here  we  create  any 

* that  have  not  been  defined  in  terms  of  the  ones  that  have  been. 
*/ 

/*  Define  ones  with  fewer  a's  in  terms  of  ones  with  more  a's  */ 

#if  ! de f i ned ( mu l 1 6_ppmma ) &&  def i ned ( mu l 1 6_ppmmaa ) 

#define  mu l 1 6_ppmma ( p h , p l , x , y , a ) mu l 1 6_ppmma a ( p h , p l , x , y , a , 0 ) 

# e n d i f 
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#if  ! d e f i n e d ( mu L 1 6_ppmm ) SS  d e f i n e d ( m u L 1 6_p pmm a ) 

#define  mu L 1 6_ppmm ( ph , p L , x , y ) mu l 1 6_p pmma ( p h , p l , x , y , 0 ) 
ft  e n d i f 

/* 

* Use  this  definition  to  test  the  mu  11 6_ppmm-ba s e d operations  on  machines 

* that  do  not  provide  mul16_ppmm.  Change  the  final  "0"  to  a "1"  to 

* enable  it. 

* / 

#if  ! d e f i ned ( mu 1 1 6_ppmm ) SS  d e f i n ed ( BN WO R D 3 2 ) SS  0 /*  Debugging  */ 

#define  mu 1 1 6_ppmm ( p h , p l , x , y ) \ 

(CBNW0RD32  _ = (BNW0RD32)(x)*(y);  (pi)  = (ph)  = _>>16;>) 

# e n d i f 

#if  d e f i ned ( mu l 1 6_ppmm ) SS  ! de f i ned ( mu l 1 6_ppmma ) 

#define  mu 1 1 6_ppmma ( ph , p l , x , y , a ) \ 

( mu l 1 6_ppmm ( ph , p l , x , y ) , (ph)  +=  ((pi)  +=  (a))  < (a)) 

# e n d i f 

#if  de f i n ed ( mu 1 1 6_ppmma ) SS  ! d e f i n e d ( m u 1 1 6_p pmm a a ) 

#define  m u 1 1 6_p pmm a a ( p h , p l , x , y , a , b ) \ 

( mu l 1 6_ppmma ( ph , p l , x , y , a ) , (ph)  +=  ((pi)  +=  (b))  < (b)) 

ft  e nd  i f 
/* 

* bniMulN1_16:  Multiply  an  n-word  input  by  a 1-word  input  and  store  the 

* n+1-word  product.  This  uses  either  the  mul16_ppmm  and  mul16_ppmma 

* macros,  or  C multiplication  with  the  BNW0RD32  type.  This  uses  mul16_ppmma 

* if  available,  assuming  you  won't  bother  defining  it  unless  you  can  do 

* better  than  the  normal  multiplication. 

* / 

# i f n d e f bniMulN1_16 

#ifdef  b n i M u l Ad d 1 _1 6 /*  If  we  have  this  asm  primitive,  use  it.  */ 

void 

b n i M u l N 1 _1 6 ( B N W 0 R D 1 6 *out,  BNW0RD16  const  *in,  unsigned  len,  BNW0RD16  k) 

i 

b n i Z e r o_1 6 ( o u t , len); 

BIGLITTLE(*(out-len),*(out+len))  = bniMulAdd1_16(out,  in,  len,  k ) ; 

> 

#elif  d e f i n e d ( mu l 1 6_ppmm ) 
void 

b n i M u l N 1 _1 6 ( B N W 0 R D 1 6 *out,  BNW0RD16  const  *in,  unsigned  len,  BNW0RD16  k) 

C 

BNW0RD16  prod,  carry,  carryin; 
assert( len  > 0); 

BIG(--out;--i n;  ) ; 

mu l 1 6_ppmm ( c a r r y , *out,  *i n,  k); 

LITTLE(out  + + ; i n + + ; ) 

while  (--len)  { 

BIG(--out;--in;  ) 
carryin  = carry; 

mu l 1 6_ppmma ( ca r ry,  *out,  *in,  k,  carryin); 

LITTLE(out++;in++;) 

> 

BIGLITTLE(*  — out,*out)  = carry; 
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> 

# e l i f d e f i n ed ( BN WO R D 3 2 ) 
void 

bniMulN1_16(BNW0RD16  *out,  BNW0RD16  const  *in,  unsigned  len,  BNW0RD16  k) 

{ 

BNW0RD32  p; 
assertC  len  > 0); 

p = (BNW0RD32)BIGLITTLE(* — in,*in++)  * k; 

BIGLITTLEC*  — out,*out++)  = (BNW0RDl6)p; 

while  (--len)  { 

p = (BNW0RD32 )BIGLITTLE (* — in,*in++)  * k + (BNW0RD16)(p  >>  16); 
BIGLITTLEC* — out,*out++)  = (BNW0RD16)p; 

> 

BIGLITTLEC* — out,*out)  = (BNW0RD16)(p  >>  16); 

> 

#else 

//error  No  16x16  ->  32  multiply  available  for  16-bit  bignum  package 

# e n d i f 

# end  if  /*  bniMulN1__16  */ 

/* 

* bn i Mu l Add1_1 6 : Multiply  an  n-word  input  by  a 1-word  input  and  add  the 

* low  n words  of  the  product  to  the  destination.  *Returns  the  n+lst  word 

* of  the  product.*  (That  turns  out  to  be  more  convenient  than  adding 

* it  into  the  destination  and  dealing  with  a possible  unit  carry  out 

* of  *that*.)  This  uses  either  the  mul16_ppmma  and  mul16_ppmmaa  macros, 

* or  C multiplication  with  the  BNW0RD32  type. 

* 

* If  you're  going  to  write  assembly  primitives,  this  is  the  one  to 

* start  with.  It  is  by  far  the  most  commonly  called  function. 

* / 

#ifndef  bn i M u l Ad d 1 _1 6 
#if  def i ned (mu l 1 6_ppmm ) 

BNW0RD1 6 

b n i M u l Add  1 _1 6 ( BN WO R D 1 6 *out,  BNW0RD16  const  *in,  unsigned  len,  BNW0RD16  k) 

{ 

BNW0RD16  prod,  carry,  carryin; 

assertC  len  > 0 ) ; 

BIG(--out;--in;  ); 
carryin  = *out; 

mul16_ppmma(carry,  *out,  *in,  k,  carryin); 

LITTLE(out++;in++;) 

while  (--len)  { 

BIG(--out;--in;  ); 
carryin  = carry; 

mu l 1 6_ppmmaa ( ca r ry,  prod,  *in,  k,  carryin,  *out); 

*out  = prod; 

LITTLE(out++;in++;) 

> 

return  carry; 

> 

#elif  d e f i n e d ( BN W 0 R D 3 2 ) 
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BNW0RD1  6 

bn  i Mu l Add1_1 6 ( BNW0RD1  6 *out,  BNW0RD16  const  *in,  unsigned  Len,  BNW0RD16  k) 

{ 

BNW0RD32  p; 
assertC  len  > 0 ) ; 

p = (BNW0RD32)BIGLITTLE(*--in,*in++)  * k + BIGLITTLE(*--out,*out); 
BIGLITTLE(*out,*out++)  = (BNW0RDl6)p; 

while  (--len)  { 

p = (BNW0RD32)BIGLITTLE(*  — in,*in++)  * k + 

(BNW0RD16)(p  >>  16)  + BIGLITTLEC* — out,*out); 
BIGLITTLE(*out,*out++)  = (BNW0RD16)p; 

> 

return  (BNW0RD16)(p  >>  16); 

> 

# e l s e 

//error  No  16x16  ->  32  multiply  available  for  16-bit  bignum  package 

# e n d i f 

#endif  /*  bn  i M u l Add  1 _1 6 */ 

/ * 

* bn i Mu l Sub1_1 6 : Multiply  an  n-word  input  by  a 1-word  input  and  subtract  the 

* n-word  product  from  the  destination.  Returns  the  n+lst  word  of  the  product. 

* This  uses  either  the  mul16_ppmm  and  mul16_ppmma  macros,  or 

* C multiplication  with  the  BNW0RD32  type. 

* 

* This  is  rather  uglier  than  adding,  but  fortunately  it's  only  used  in 

* division  which  is  not  used  too  heavily. 

* / 

#ifndef  bniMulN1_16 
#if  d e f i n e d ( mu l 1 6_ppmm ) 

BNW0RD1 6 

bn i Mu l Sub1_1 6 ( BNW0RD1 6 *out,  BNW0RD16  const  *in,  unsigned  len,  BNW0RD16  k) 

{ 

BNW0RD16  prod,  carry,  carryin; 
assertC len  > 0 ) ; 

BIG(  — in;) 

mu 1 1 6_ppmm ( c a r r y , prod,  *in,  k); 

LITTLE(in++;) 

carry  +=  (BIGLITTLE(*--out,*out++)  -=  prod)  > (BNW0RD16)~prod; 

while  (--len)  { 

B I G ( — in;); 
carryin  = carry; 

mu l 1 6_ppmma ( c a r r y , prod,  *in,  k,  carryin); 

L I TTLE ( i n + +; ) 

carry  +=  (BIGLITTLE(*--out,*out++)  -=  prod)  > (BNW0RDl6)~prod; 

> 

return  carry; 

} 

#elif  d e f i n ed ( BN WO R D 3 2 ) 

BNW0RD1 6 

bn i M u l S u b 1_1 6 ( B N WO R D 1 6 *out,  BNW0RD16  const  *in,  unsigned  len,  BNW0RD16  k) 
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{ 


BNW0RD32  p ; 
BNW0RD16  carry,  t; 

assertC  Len  > 0); 


p = (BNW0RD32 )BIGLITTLE ( * — i n , * i n + +)  * k; 
t = BIGLITTLEC* — out,*out); 
carry  = ( B N WO R D 1 6 ) ( p> > 1 6 ) + 

((BIGLITTLE(*out,*out++)=t-(BNW0RD16)p)  > t ) ; 


while 


> 


(--len)  { 

p = (BNW0RD32)BIGLITTLE(*  — in,*in  + +)  * k + carry; 
t = BIGLITTLEC*  — out,*out  ) ; 
carry  = ( B N WO R D 1 6 ) ( p> > 1 6 ) + 

( (BIGLITTLE(*out,*out++)=t-(BNW0RD16)p)  > t ) ; 


return  carry; 

> 

#e  l se 

terror  No  16x16  ->  32  multiply  available  for  16-bit  bignum  package 
# e nd  i f 

#endif  /*  IbniMulSubl  16  */ 


/* 

* Shift  n words  left  "shift"  bits.  0 < shift  < 16.  Returns  the 

* carry,  any  bits  shifted  off  the  left-hand  side  (0  <=  carry  < 2Ashift). 

* / 

#ifndef  bniLshift_16 
BNW0RD1  6 

bn i L s h i f t_1 6 ( B N WO R D 1 6 *num,  unsigned  len,  unsigned  shift) 

{ 

BNW0RD16  x,  carry; 

assertCshi ft  > 0); 
assertCshift  < 16); 

carry  = 0; 
while  (len--)  { 

BIG( — num;  ) 
x - * n u m ; 

*num  = (x<<shift)  | carry; 

LITTLE(num++; ) 

carry  = x >>  (16  — shift); 

> 

return  carry; 

> 

#endif  /*  ! bni Lshi ft 16  */ 

/ * 

* An  optimized  version  of  the  above,  for  shifts  of  1. 

* Some  machines  can  use  a dd- w i t h - c a r r y tricks  for  this. 

* / 

#ifndef  bniDouble_16 
BNW0RD1  6 

bn i Doub l e_1 6 ( BNWO R D 1 6 *num,  unsigned  len) 

{ 

BNW0RD16  x,  carry; 
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carry  = 0 ; 
while  (l  en-- ) { 

BIG(--num;  ) 
x = * n u m ; 

*num  = ( x < < 1 ) | carry; 

LITTLE(num++;) 

carry  = x >>  (16-1); 

> 

return  carry; 

> 

#endif  /*  ibniDouble  16  */ 


/* 

* Shift  n words  right  "shift"  bits.  0 < shift  < 16.  Returns  the 

* carry,  any  bits  shifted  off  the  right-hand  side  (0  <=  carry  < 2Ashift). 

* / 

#ifndef  bniRshift_16 
BNW0RD1 6 

bn i R s h i f t_1 6 ( BN W 0 R D 1 6 *num,  unsigned  len,  unsigned  shift) 

{ 

BNW0RD16  x,  carry  = 0; 

assertCshift  > 0); 
assert(shift  < 16); 

B I G L I TT L E ( n urn  -=  len,  num  +=  len); 

while  (l  en-- ) { 

LITTLEC  — num;) 
x = * n u m ; 

*num  = (x>>shift)  | carry; 

BIG(num  + + ; ) 

carry  = x <<  (16-shift); 

> 

return  carry  >>  (16-shift); 

> 

#endif  /*  SbniRshift  16  */ 


/* 


* Multiply  two  numbers  of  the  given  lengths.  prod  and  num2  may  overlap, 

* provided  that  the  low  lenl  bits  of  prod  are  free.  (This  corresponds 

* nicely  to  the  place  the  result  is  returned  from  bni Mont Reduce_1 6 . ) 

* 

* T0D0:  Use  Karatsuba  multiply.  The  overlap  constraints  may  have 

* to  get  rewhacked. 

*/ 


#ifndef  bniMu l_1 6 
void 


bn i M u l_1 6 ( BN WO R D 1 6 *prod, 

{ 


BNW0RD16  const  *num1, 
BNW0RD16  const  *num2. 


/*  Special  case  of  zero  */ 
if  ( ! lenl  ||  !len2)  { 

bn i Z e r o_1 6 ( p r od , Ien1+len2); 
return; 

} 


unsigned 

unsigned 


lenl, 
l e n 2 ) 


/*  Multiply  first  word  */ 
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bniMulN1_16(prod,  numl  , lenl,  BIGLITTLE(*--num2,*num2++)); 


> 

#end  i f 


/ * 

* Add  in  subsequent  words,  storing  the  most  significant 

* which  is  new  each  time. 

* / 


while 


> 


( --  l e n 2 ) { 

BIGLITTLEC  — prod,prod++); 

BIGLITTLE(*(prod-len1-1  ),*(prod+len1 ))  = 
bn i Mu l Add 1_1 6 ( p rod , numl,  lenl, 

BIGLITTLE(*--num2,*num2++) ) ; 


word. 


/ * IbniMul  16  * / 


/ * 

* bniMulX_16  is  a square  multiply  - both  inputs  are  the  same  length. 

* It's  normally  just  a macro  wrapper  around  the  general  multiply, 

* but  might  be  i mp  l e me n t a b l e in  assembly  more  efficiently  (such  as 

* when  product  scanning). 

* / 

#ifndef  bniMulX_16 

# i f def i ned ( BNW0RD32 ) &&  PRODUCT_SCAN 
/ * 

* Test  code  to  see  whether  product  scanning  is  any  faster.  It  seems 

* to  make  the  C code  slower,  so  PRODUCT_SCAN  is  not  defined. 

*/ 

static  void 

bn i Mu l X_1 6 ( BNW0RD1 6 *prod,  BNW0RD16  const  *num1,  BNW0RD16  const  *num2, 
unsigned  len) 

C 

BNW0RD32  x,  y; 

BNW0RD16  const  *p1,  *p2; 
unsigned  carry; 
unsigned  i,  j; 


/*  Special  case  of  zero  */ 
if  ( ! I e n ) 

return; 


x = (BNW0RD32)BIGLITTLE(num1 C-1 1 * num2C-1D,  numICO]  * num2C0]); 
BIGLITTLE (*--prod,  *prod++)  = (BNW0RDl6)x; 
x >>=  16; 


for  ( i 


> 

for  ( i 


= 1;  i < len;  i + + ) { 

carry  = 0; 
pi  = numl  ; 

p2  = BIGLITTLE(num2-i-1,num2+i+1); 
for  (j  = 0;  j <=  i;  j + + ) { 

BIGCy  = (BNW0RD32)* — pi  * *p2++;) 
LITTLECy  = ( B N W 0 R D 3 2 ) * p 1 ++  * * — p2;) 
x +=  y; 

carry  +=  (x  < y); 

> 

BIGLITTLE(*--prod,*prod++)  = (BNW0RD16)x; 
x = (x  >>  16)  | (BNW0RD32)carry  <<  16; 

= 1;  i < len;  i + + ) { 
carry  = 0; 
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pi  = BIGLITTLE(num1-i,num1+i); 
p 2 = BIGLITTLE(num2-len,num2+len); 
f or  (j  = i;  j < Len;  j + + ) { 

B I G ( y = (BNW0RD32  ) * — pi  * *p2++;) 

LITTLECy  = ( B N W 0 R D 3 2 ) * pi ++  * * — p2;) 
x +=  y; 

carry  +=  (x  < y ) ; 

> 

BIGLITTLEC*  — prod,*prod++)  = (BNW0RD16)x; 
x = (x  >>  16)  | (BNW0RD32)carry  <<  16; 

> 

BIGLITTLEC*  — prod,*prod)  = (BNW0RDl6)x; 

> 

PI  else  /*  ! def  i ned  ( BNW0RD32  ) ||  ! P R 0 D U C T_S C A N */ 

/*  Default  trivial  macro  definition  */ 

#define  b n i Mu l X_1 6 ( p r od , numl,  num2,  len)  bn i Mu l_1 6 ( p r od  , numl,  len,  num2, 
# e n d i f /*  ! def i ned ( BNW0RD32  ) ||  ! P R 0 D U C T_S C A N */ 

#endif  /*  llbmMulX  16  */ 


#if  ! d e f i n e d ( bn i Mo n t Mu l_1 6 ) &&  d e f i n ed ( BN WO R D 32 ) SS  PRODUCT_SCAN 

/* 

* Test  code  for  p r o d u c t - s c a n n i n g multiply.  This  seems  to  slow  the  C 

* code  down  rather  than  speed  it  up. 

* This  does  a multiply  and  Montgomery  reduction  together,  using  the 

* same  loops.  The  outer  loop  scans  across  the  product,  twice. 

* The  first  pass  computes  the  low  half  of  the  product  and  the 

* Montgomery  multipliers.  These  are  stored  in  the  product  array, 

* which  contains  no  data  as  of  yet.  x and  carry  add  up  the  columns 

* and  propagate  carries  forward. 

* 


* The  second  half  multiplies  the  upper  half,  adding  in  the  modulus 

* times  the  Montgomery  multipliers.  The  results  of  this  multiply 

* are  stored. 

* / 


static  void 

bniMontMul_16(BNW0RDl6 

*prod,  BNW0RD1 6 

BNW0RD1 6 

{ 

BNW0RD32 

const 

*mod,  unsigned 

x,  y; 

BNW0RD1 6 

const 

*p1,  *p2,  *pm; 

BNW0RD1 6 

*pp; 

BNW0RD1 6 

t; 

unsigned 

carry; 

unsigned 

i/  j ; 

/*  Special  case  of  zero  */ 
if  ( ! I e n ) 

return; 


const  *num1, 
len,  BNW0RD16 


BNW0RD1 6 
i n v ) 


const 


* n u m 2 , 


/ * 

* This  computes  directly  into  the  high  half  of  prod,  so  just 

* shift  the  pointer  and  consider  prod  only  "len"  elements  long 

* for  the  rest  of  the  code. 

* / 

BIGLITTLECprod  -=  len,  prod  +=  len); 


/*  Pass  1 - compute  Montgomery  multipliers  */ 

/*  First  iteration  can  have  certain  simplifications.  */ 


len) 
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x = (BNW0RD32)BIGLITTLE(num1C-i:  * num2C-1],  numICOD  * n u m 2 [ 0 II ) ; 
BIGLITTLE(prodC-13,  prodCO])  = t = inv  * (BNW0RD16)x; 
y = (BNW0RD32)t  * B I G L I T T L E ( m o d [ - 1 ] , mo d C 0 ] ) ; 
x +=  y; 

/*  Note:  GCC  2.6.3  has  a bug  if  you  try  to  eliminate  "carry"  */ 

carry  = (x  < y ) ; 

assertC (BNW0RD16)x  ==  0); 

x = x >>  16  | (BNW0RD32)carry  <<  16; 


for  (i  = 1;  i < len;  i + + ) { 

carry  = 0; 
pi  = numl  ; 

p2  = BIGLITTLE(num2-i-1,num2+i+1); 
pp  = prod; 

pm  = BIGLITTLE(mod-i-1,mod+i+1); 
for  (j  = 0;  j < i;  j + + ) { 

y = (BNW0RD32)BIGLITTLE(*  — pi  * *p2++,  *p1+  + * * 
x +=  y; 

carry  + = (x  < y); 

y = ( B NWO R D 3 2 ) B I G L I TT LE ( *--pp  * *pm++,  *pp  + + * * 
x +=  y; 

carry  +=  (x  < y); 

> 

y = (BNW0RD32)BIGLITTLE(p1 L - 1 3 * p 2 [ 0 3 , p 1 C 0 3 * p2  C — 1 □ ) ; 
x +=  y; 

carry  +=  (x  < y); 

assert(BIGLITTLE(pp  ==  prod-i,  pp  = = prod  + i)); 
BIGLITTLE(pp[-13,  p p H 0 3 ) = t = inv  * (BNW0RD16)x; 
assert(BIGLITTLE(pm  = = mod-1,  pm  ==  mod+1)); 
y = (BNW0RD32  ) t * B I G L I T T L E ( pm [ 0 3 , pm [ - 1 1 ) ; 
x +=  y; 

carry  +=  (x  < y ) ; 
assert((BNW0RD16)x  ==  0); 
x = x >>  16  | (BNW0RD32)carry  <<  16; 


/*  Pass  2 - compute  reduced  product  and  store  */ 
for  (i  = 1;  i < len;  i++)  { 
carry  = 0; 

pi  = BIGLITTLE(num1-i,num1+i); 
p2  = BIGLITTLE(num2-len,num2+len); 
pm  = BIGLITTLE(mod-i,mod+i); 
pp  = BIGLITTLE(prod-len,prod+len); 
for  (j  = i;  j < len;  j + + ) { 

y = (BNW0RD32)BIGLITTLE(* — pi  * *p2++,  *p1++  * * 
x +=  y; 

carry  +=  (x  < y); 

y = ( B N W 0 R D 3 2 ) B I G L I T T L E ( * — pm  * *pp++,  *pm++  * * 

x +=  y; 

carry  +=  (x  < y); 

> 

assert(BIGLITTLE(pm  ==  mod-len,  pm  ==  mod+len)  ); 
assert(BIGLITTLE(pp  ==  prod-i,  pp  ==  prod+i)); 
BIGLITTLE(ppC0],pplI-1  D)  = (BNW0RD16)x; 
x = (x  >>  16)  | (BNW0RD32)carry  <<  16; 


/*  Last  round  of  second  half,  simplified.  */ 
BIGLITTLE(*(prod-len),*(prod+len-1))  = (BNW0RDl6)x; 


-p2); 
-pm  ) ; 


-p2); 

- p p ) ; 
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carry  = (x  >>  16); 
while  (carry) 

carry  -=  b n i S u b N_1 6 ( p r od , mod,  len); 
while  ( bn i C mp_1 6 ( p r od , mod,  len)  >=  0) 

( v o i d ) bn i S u b N_1 6 ( p r od , mod,  len); 

} 

/*  Suppress  later  definition  */ 

//define  bn i Mo n t M u l_1 6 bn i Mon t Mu l_1 6 
//end  i f 

//if  ! de  f i ned  ( bn  i Squa  r e_1  6 ) SS  d e f i n e d ( BN  WO  R D 32  ) &&  PR0DUCT_ 

/ * 

* Trial  code  for  product-scanning  squaring.  This  seems  to 

* code  down  rather  than  speed  it  up. 

*/ 

void 

b n i S q u a r e_1 6 ( B N W 0 R D 1 6 *prod,  BNW0RD16  const  *num,  unsigned 
{ 


BNW0RD32 

x , y,  z ; 

BNW0RD1 6 

const  * p 1 , 

*p2; 

unsigned 

carry; 

unsigned 

i/  j ; 

/ * S p e c i a 
if  ( ! 1 e n ) 

l case  of  zero  * / 

return; 

/ * Word  0 

of  product 

*/ 

x = (BNW0RD32)BIGLITTLE(numC-i:  * numt-1],  numlOl  * 
B I G L I T T L E ( * --p r od  , *prod  + +)  = (BNW0RD16)x; 

x >>=  16; 

/*  Words  1 through  len-1  */ 
for  (i  = 1;  i < len;  i + + ) { 

carry  = 0; 

Y = 0; 

pi  = n urn ; 


p 2 = BIGLITTLE (num- 

i -1 , num+i + 

for  (j  = 0;  j < 

(i+1 )/2;  j++) 

BIGCz  = 

(BNW0RD32)* — 

LITTLE ( z 
y +=  z; 

— 

(BNW0RD32 ) 

carry  += 

> 

(y 

< z); 

y +=  z = y; 
carry  +=  carry  + 

(y 

< z ) ; 

if  ( ( i & 1 ) ==  0)  ( 

assert(BIGLITTLE( — pi 

BIGCz  = 

(BNW0RD32)*p2 

LITTLE ( z 

= 

( BNW0RD32 ) 

y +=  z; 
carry  + = 

(y 

< z); 

x +=  y; 

carry  +=  (x  < y); 

BIGLITTLE(*--prod,*prod++)  = (BNW0RD16)x; 
x = (x  >>  16)  | (BNW0RD32)carry  <<  16; 


SCAN 

slow  the  C 

len) 


n u m L 0 II ) ; 


) 


- P 2 ) ) ; 
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/*  Words  len  through  2*len-2  */ 
for  (i  = 1 ; i < len;  i + + ) { 

carry  = 0 ; 
y = 0; 

pi  = BIGLITTLE(num-i,num+i); 
p2  = BIGLITTLE(num-len,num+len); 
for  (j  = 0;  j < (len-i)/2;  j + + ) { 

B I G ( z = (BNW0RD32)*  — pi  * *p2++;) 

LITTLE(z  = (BNW0RD32)*p1++  * * — p 2 ; ) 
y +=  z; 

carry  +=  (y  < z); 

> 

Y +=  z = y; 

carry  + = carry  + (y  < z ) ; 
if  ((len-i)  & 1)  { 

as se r t ( BI  GLI  TTLE ( --pi  ==  p2,  pi  ==  --p2)); 

B I G ( z = (BNW0RD32)*p2  * * p 2 ; ) 

LITTLECz  = (BNW0RD32)*p1  * * p 1 ; ) 
y +=  z; 

carry  +=  (y  < z ) ; 

> 

x +=  y; 

carry  +=  (x  < y ) ; 

BIGLITTLEC* — prod,*prod++)  = (BNW0RD16)x; 
x = (x  >>  16)  | (BNW0RD32) carry  <<  16; 

> 

/*  Word  2 * l e n- 1 * / 

BIGLITTLEC*  — prod,*prod)  = (BNW0RD16)x; 

> 

/*  Suppress  later  definition  */ 
tfdefine  bniSquare_16  bniSquare_16 
ft  e nd  i f 

/ * 

* Square  a number,  using  optimized  squaring  to  reduce  the  number  of 

* primitive  multiples  that  are  executed.  There  may  not  be  any 

* overlap  of  the  input  and  output. 

* 

* Technique:  Consider  the  partial  products  in  the  multiplication 


★ 

of  " 

a b c d e " 

by 

i 

t s e l f : 

★ 

★ 

a 

b 

c 

d 

e 

★ 

★ 

a 

b 

c 

d 

e 

★ 

★ 

a e 

be 

c e 

d e 

e e 

* 

a d 

bd 

c d 

dd 

d e 

★ 

a c 

b c 

c c 

c d 

c e 

* 

a b 

bb 

b c 

bd 

be 

★ 

a a 

a b 

a c 

a d 

a e 

* Note  that  everything  above  the  main  diagonal: 

* ae  be  ce  de  = (abed)  * e 

* adbdcd  =(abc)*d 

* aebe  =(ab)*c 

* ab  = ( a ) * b 

* 

* is  a copy  of  everything  below  the  main  diagonal: 

* de 
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* c d c e 

* be  bd  be 

* abacadae 

* 

* Thus,  the  sum  is  2 * (off  the  diagonal)  + d i agonal  . 

★ 

* This  is  accumulated  beginning  with  the  diagonal  (which 

* consist  of  the  squares  of  the  digits  of  the  input),  which  is  then 

* divided  by  two,  the  off-diagonal  added,  and  multiplied  by  two 

* again.  The  low  bit  is  simply  a copy  of  the  low  bit  of  the 

* input,  so  it  doesn't  need  special  care. 

* 

* TODO:  Merge  the  shift  by  1 with  the  squaring  loop. 

* TODO:  Use  Karatsuba.  (a*W+b)A2  = aA2  * (WA2+W)  + bA2  * (W+1)  - (a-b)A2  * W. 
*/ 

#ifndef  bniSquare_16 
void 


re_1 6 ( BNW0RD1 6 *prod,  BNW0RD1 6 

const 

*num 

/ 

unsigned 

len) 

BNW0RD1 6 

t; 

BNW0RD1 6 

*prodx  = prod; 

/* 

Wo  r k i 

ng 

copy 

o f 

the 

a rgument 

* / 

BNW0RD1 6 

const  *numx  = num; 

/* 

W o r k i 

ng 

copy 

o f 

the 

argument 

*/ 

unsigned 

lenx  = len; 

/* 

W o r k i 

ng 

copy 

o f 

the 

argument 

*/ 

if  (lien) 

return; 


/*  First,  store  all  the  squares  */ 
while  ( lenx  — ) ( 

#ifdef  mul16_ppmm 

BNW0RD16  ph,  pi; 
t = BIGLITTLE(*--numx,*numx++); 
mull 6_p  pmm(ph,pl,t,t); 
BIGLITTLE(*--prodx,*prodx++)  = pi; 

BIGLITTLE ( * — prodx,*prodx  + + ) = ph; 

#elif  def i ned ( BNW0RD32 ) /*  use  BNW0RD32  */ 

BNW0RD32  p; 

t = BIGLITTLE(*--numx,*numx++); 
p = (BNW0RD32)t  * t; 

BIGLITTLE(*--prodx,*prodx++)  = (BNW0RD16)p; 
BIGLITTLE(*--prodx,*prodx++)  = (BNW0RD16)(p>>16); 
#else  /*  Use  bniMulN1_16  */ 

t = B I G L I T T L E ( n u m x C - 1 1 , * n u m x ) ; 

bn i Mu l N 1 1 6 ( prodx,  numx,  1,  t); 

BIGLITTLE(--numx,numx++); 

B I G L I T T L E ( p r o d x -=  2,  prodx  +=  2); 

# e n d i f 

> 

/*  Then,  shift  right  1 bit  */ 

( vo i d ) bn i R s h i f t_1 6 ( p rod , 2*len,  1); 

/*  Then,  add  in  the  off-diagonal  sums  */ 

lenx  = len; 

numx  = num; 

prodx  = prod; 

while  (--lenx)  t 

t = B I G L I T T L E ( *--n umx , * n umx  + + ) ; 
BIGLITTLE(--prodx,prodx  + +)  ; 
t = bniMulAdd1_16(prodx,  numx,  lenx,  t); 
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bniAdd1_16(BIGLITTLE(prodx-lenx,prodx+lenx),  Lenx+1,  t); 
BIGLITTLE(--prodx,prodx++) ; 

> 

/ * Shift  it  back  up  * / 
b n i D o u b l e_1 6 ( p r o d , 2*len); 

/*  And  set  the  Low  bit  appropriately  */ 

BIGLITTLE(prod[-1],prodC0])  |=  BIGLITTLE(numC-1],num[0])  & 1; 

> 

#endif  /*  ! bn i Squa re_1 6 */ 

/ * 

* bniNorm_16  - given  a number,  return  a modified  Length  such  that  the 

* most  significant  digit  is  non-zero.  Zero-Length  input  is  okay. 

* / 

#ifndef  bniNorm_16 
unsigned 

bn i N o r m_1 6 ( BN W 0 R D 1 6 const  *num,  unsigned  Len) 

{ 

BIGLITTLECnum  - = Len,num  +=  len); 

while  (Len  &&  B I G L I T T L E ( * n u m + + , * n u m ) ==  0) 

--Len; 
return  Len; 

> 

#endif  /*  bni Norm  16  */ 


/* 

* 


bniBits_16  - return  the  number  of  significant  bits  in  the  array. 

It  starts  by  normalizing  the  array.  Zero-Length  input  is  okay. 

Then  assuming  there's  anything  to  it,  it  fetches  the  high  word, 
generates  a bit  length  by  multiplying  the  word  Length  by  16,  and 
subtracts  off  16/2,  16/4,  16/8,  ...  bits  if  the  high  bits  are  clear 


* 

* 

★ 

★ 

* / 

#ifndef  bniBits_16 
unsigned 

bn i Bi t s_1 6 ( BNW0RD1 6 
{ 

BNW0RD16  t; 
unsigned  i; 


const  *num,  unsigned  Len) 


Len  = bn i No rm_1 6 ( num,  len); 
if  (Len)  t 

t = BIGLITTLE(*(num-len),*(num+(len-1))); 


a s s e 

r t ( t ) ; 

L e n 

*=  16; 

i = 

16/2; 

do  { 

if  ( t 

>> 

i ) 

t 

>>=  i 

else 

L 

en  - = 

> w h 

i L e ( ( i ! - 

= 2) 

! = 0) 

return  len; 


#endif  /*  bniBits_16  */ 


/* 
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* If  defined,  use  hand-rolled  divide  rather  than  compiler's  native. 

* If  the  machine  doesn't  do  it  in  line,  the  manual  code  is  probably 

* faster,  since  it  can  assume  normalization  and  the  fact  that  the 

* quotient  will  fit  into  16  bits,  which  a general  32-bit  divide 

* in  a compiler's  run-time  library  can't  do. 

*/ 

# i f n d e f BN_S L0W_D I V I D E_32 

/*  Assume  that  divisors  of  more  than  thirty-two  bits  are  slow  */ 
//define  B N_S  LO  W_D  I V I D E_3  2 (32  > 0x20) 

# e n d i f 


(nh<<16|nl)  % d,  and  place 
that  nh  < d,  and 
have 


/ * 

* Return 

* It  is  guaranteed 

* bit  set).  If  we 

* y u k ! 

* / 

//ifndef  bniDiv21_16 
#if  def i ned ( BNW0RD32  ) 

BNW0RD1 6 

bni D i v21_1 6 ( BNW0RD1 6 *q 
{ 

BNW0RD32  n = (BNW0RD32)nh 


the  quotient  digit  into  * q . 

that  d is  normalized  (with  its  high 


a double-width  type,  it's  easy.  If  not,  ooh. 


&&  ! BN  SLOW  DIVIDE  32 


BNW0RD16  nh,  BNW0RD16  nl,  BNW0RD16  d) 


< < 16  | n l ; 


/*  Divisor  must  be  normalized  */ 
assert (d  >>  (16-1)  ==  1); 


* q = n / d ; 
return  n % d; 


> 

# e l 

/ * 
k 
k 
* 
k 
* 

* 
k 
k 
• k 
* 

* 

* 

k 

* 

k 

k 

* 

k 

k 

k 

* 

* 

★ 

* 

* 

k 

k 


s e 


This  is  where  it  gets  ugly. 


halves,  using  Algorithm  D from  section  4.3.1 

the  quotient  estimate 


Do  the  division  in  two 

of  Knuth.  Note  Theorem  B from  that  section,  that 
is  never  more  than  the  true  quotient,  and  is  never  more  than 
too  low. 


two 


The  mapping  onto  conventional  long  division  is  (everything  a half  word) 

qh q l_ 

dh  dl  ) nh.h  nh.l  nl.h  nl.l 
- ( q h k d ) 


rrrr  rrrr  nl.l 
- ( q l * d ) 


rrrr  rrrr 


The  implicit  3/2- 
First,  estimate 
the  (nh.h  nh.l) 
low  part  of  the 
from  (nh.h  nh.l 
remainder,  whic 
try  to  subtract 
long,  shifting 
It  is  possible 
the  product  qh 


digit  d*qh  and  d*ql  subtractors  are  computed  this  way: 
a q digit  so  that  nh/dh  works.  Subtracting  qh*dh  from 
list  leaves  a 1/2-word  remainder  r.  Then  compute  the 
subtractor,  qh  * dl.  This  also  needs  to  be  subtracted 
nl.h)  to  get  the  final  remainder.  So  we  take  the 
h is  (nh.h  nh.l)  - qh*dl,  shift  it  and  add  in  nl.h,  and 
qh  * dl  from  that.  Since  the  remainder  is  1/2-word 
and  adding  nl.h  results  in  a single  word  r. 
that  the  remainder  we're  working  with,  r,  is  less  than 
* dl,  if  we  estimated  qh  too  high.  The  estimation 
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* technique  can  produce  a qh  that  is  too  Large  (never  too  small),  leading 

* to  r which  is  too  small.  In  that  case,  decrement  the  digit  qh,  add 

* shifted  dh  to  r (to  correct  for  that  error),  and  subtract  dl  from  the 

* product  we're  comparing  r with.  That's  the  "correct"  way  to  do  it,  but 

* just  adding  dl  to  r instead  of  subtracting  it  from  the  product  is 

* equivalent  and  a lot  simpler.  You  just  have  to  watch  out  for  overflow. 

* 

* The  process  is  repeated  with  (rrrr  rrrr  nl.l)  for  the  low  digit  of  the 

* quotient  ql. 

* 

* The  various  uses  of  16/2  for  shifts  are  because  of  the  note  about 

* automatic  editing  of  this  file  at  the  very  top  of  the  file. 

* / 

#define  highhalf(x)  ( (x)  >>  16/2  ) 

^define  lowhalf(x)  ( (x)  S ( ( ( B N W 0 R D 1 6 ) 1 <<  16/2)  — 1 ) ) 

BNW0RD1 6 

bni D i v2 1_1 6 ( BNW0RD1 6 *q,  BNW0RD1 6 nh,  BNW0RD1 6 nl,  BNW0RD16  d) 

{ 

BNW0RD16  dh  = highhalf(d),  dl  = lowhalf(d); 

BNW0RD16  qh,  ql,  prod,  r; 

/*  Divisor  must  be  normalized  */ 
assert((d  >>  (16-1))  ==  1 ) ; 

/*  Do  first  half-word  of  division  */ 
qh  = nh  / dh; 
r = nh  / dh; 
prod  = qh  * dl; 


/ * 


* Add  next  half-word  of  numerator 

* qh  may  be  up  to  two  too  large. 
*/ 

r = ( r <<  (16/2))  | highhalf(nl); 

if  ( r < prod)  f 

--qh;  r +=  d; 
if  (r  >=  d &&  r < prod)  { 
--qh;  r +=  d; 

> 

> 

r -=  prod; 


t o 


remainder  and  correct. 


/*  Do  second  half-word  of  division  */ 
q l = r / d h ; 
r = r % d h ; 
prod  = ql  * dl; 


r 

i f 


> 

r 


(r  <<  (16/2))  | lowhalf(nl); 


( r < prod) 

~ ■ r 

— q i- ; 

r +=  d ; 

if  ( r 

> = d & S 

r < prod)  { 

— q i ; 

r + = d ; 

> 

= prod; 

*q  = (qh  <<  (16/2))  | ql; 


return  r; 
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> 

# e n d i f 

#endif  /*  bniDiv21  16  */ 


/* 

* In  the  division  functions,  the  dividend  and 

* as  "n"  and  "d",  which  stand  for  "numerator" 

* 

* The  quotient  is  ( n L e n-d  l e n + 1 ) digits  Long. 

* the  high  (nlen-dlen)  words  of  the  dividend, 

* on  top  to  hold  the  top  word. 

*/ 


divisor  are  referred  to 
and  "denominator". 

It  may  be  overlapped  with 
but  one  extra  word  is  needed 


/* 

* Divide  an  n-word  number  by  a 1-word  number,  storing  the  remainder 

* and  n-1  words  of  the  n-word  quotient.  The  high  word  is  returned. 

* It  IS  Legal  for  rem  to  point  to  the  same  address  as  n,  and  for 

* q to  point  one  word  higher. 

* 

* TODO:  If  BN_S L0W_D I V I D E_32 , add  a divnhalf_16  which  uses  16-bit 

* dividends  if  the  divisor  is  half  that  Long. 

* TODO:  Shift  the  dividend  on  the  fly  to  avoid  the  Last  division  and 

* instead  have  a remainder  that  needs  shifting. 

* TODO:  Use  reciprocals  rather  than  dividing. 

* / 

#ifndef  bniDiv1_16 
BNW0RD1 6 

b n i D i v 1 _1 6 ( B N W 0 R D 1 6 *q,  BNW0RD16  *rem,  BNW0RD16  const  *n,  unsigned  Len, 
BNW0RD1 6 d) 

{ 

unsigned  shift; 
unsigned  xlen; 

BNW0RD16  r ; 

BNW0RD1 6 qhigh; 


assert( Len  > 0 ) ; 
assert(d); 


if  (Len  ==  1)  { 

r = * n ; 

*rem  = r % d ; 
return  r/d; 

> 


shift  = 0 ; 
r = d ; 

xlen  = 16/2; 
do  { 

if  ( r >>  xlen) 

r >>=  xlen; 

else 


shift  +=  xlen; 

> while  ((xlen  /=  2)  !=  0 ) ; 

assert ( (d  >>  (16-1-shift))  ==  1); 
d <<=  shift; 


BIGLITTLE(q  -=  len-1,q  +=  len-1); 
BIGLITTLE(n  -=  len,n  +=  Len); 
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r = BIGLITTLE (*n++,* — n); 
if  ( r < d ) { 

q h i g h = 0 ; 

> else  { 

qhigh  = r/d; 
r %=  d ; 

> 

xlen  = Len; 
while  (--xlen) 

r = bni Di v 2 1 _1 6 ( B I G L I T T L E ( q++ , --q ) , r, 

BIGLITTLE(*n++,* — n),  d); 


★ 

★ 

Final  correction  for  shift  - 

shift  the  quotient 

up  "shift" 

★ 

bits,  and 

merge  in  the  extra 

bits  of  quotient. 

Then  reduce 

★ 

the  final 

remainder  mod  the 

real  d . 

* / 

f 

(shift)  { 

Q_ 

V 

V 

II 

shift; 

qhigh  = (qhigh  <<  shift)  | b n i L s h i f t_1 6 ( q , len-1,  shift); 
BIGLITTLE(qC-1 ] , * q ) |=  r/d; 

r % = d ; 

> 

* r e m = r ; 
return  qhigh; 

> 

# e n d i f 


/ * 

* This 

* d w h 

* This 

* 

* This 
*/ 


function  performs  a "quick"  modulus  of 
ch  is  guaranteed  to  be  at  most  sixteen 
applies  regardless  of  the  word  size  the 


a 

b 


i 

l 


number  with  a divisor 
ts,  i.e.  less  than  65536. 
ibrary  is  compiled  with. 


function  is 


important 


to  prime  generation. 


for  sieving. 


#ifndef  bniModQ_16 

/*  If  there's  a custom  bniMod21_16,  no  normalization  needed  */ 

#ifdef  bniMod21_16 

unsigned 

bn i Mod Q_1 6 ( BN WO R D 1 6 const  *n,  unsigned  len,  unsigned  d) 

{ 

unsigned  i,  shift; 

BNW0RD16  r; 


assert ( len  > 0); 


BIGLITTLE(n  -=  len,n  +=  len); 


/*  Try  using  a compare  to  avoid  the  first  divide  */ 
r = BIGLITTLE(*n  + + ,*  — n)  ; 
if  ( r >=  d ) 

r % = d ; 
while  (--len) 

r = bni Mod21_1 6 ( r,  B I G L I TT L E ( * n + + , * — n),  d); 


return  r; 
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> 

#elif  def i ned(BNW0RD32 ) &S  ! B N_S  L 0 W_D I V I D E_3  2 
unsigned 

b n i M o d Q_1 6 ( B N W 0 R D 1 6 const  *n,  unsigned  Len,  unsigned  d) 

{ 

BNW0RD16  r; 
if  ( ! -- l e n ) 

return  BIGLITTLE(nC-i:,nCO:)  % d ; 

BIGLITTLECn  -=  l e n , n +=  len); 
r = BIGLITTLE(nC-1 3,nC0D); 

do  { 

r = (BNW0RD1 6)  ( ( ( (BNW0RD32  ) r<<1 6)  | B I G L I T T L E ( * n + + , * - - n ) ) % d); 

> while  (--ten); 

return  r; 

> 

#e  l i f 16  >=  0x20 

/ * 

* If  the  single  word  size  can  hold  65535*65536,  then  this  function 

* is  avi  table. 

* / 

#ifndef  highhalf 

#define  highhalf(x)  ( (x)  >>  16/2  ) 

#define  lowhalf(x)  ( (x)  S ((1  <<  16/2)— 1 ) ) 

# e n d i f 
unsigned 

b n i M o d Q_1 6 ( B N W 0 R D 1 6 const  *n,  unsigned  len,  unsigned  d) 

{ 

BNW0RD16  r,  x; 

BIGLITTLECn  -=  len,n  +=  len); 

r = BIGLITTLE(*n  + + ,*  — n); 
while  (--len)  { 

x = BIGLITTLE(*n  + + ,*  — n) ; 
r = (r%d  <<  16/2)  | highhalf(x); 
r = (r%d  <<  16/2)  | lowhalf(x); 

> 

return  r%d; 

> 

# e l s e 

/*  Default  case  - use  bniDiv21_16  */ 
unsigned 

b n i M o d Q_1 6 ( B N W 0 R D 1 6 const  *n,  unsigned  len,  unsigned  d) 

{ 

unsigned  i,  shift; 

BNW0RD16  r; 

BNW0RD1 6 q; 

assertC  len  > 0); 

shift  = 0 ; 
r = d; 
i = 16; 

while  (i  /=  2)  { 
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if  (r  >>  i) 

r > > = i ; 

else 


shift  +=  i ; 

> 

asserted  >>  (16-1-shift)  ==  1 ) ; 
d <<=  shift; 

BIGLITTLECn  -=  len,n  +=  len); 

r = BIGLITTLE(*n++,*  — n); 
if  (r  >=  d) 

r % = d ; 


while  (--ten) 

r = bniDiv21_16(&q,  r,  BIGLITTLE(*n++,*--n),  d); 


/ 


★ 

★ 

F i n a 

l correction  for  sh 

ift  - 

shift  the  quotient 

up  "shift" 

★ 

bits 

, and 

merge  in  the 

extra 

bits  of  quotient. 

Then  reduce 

★ 

the 

final 

remainder  mod 

the 

real  d . 

*/ 

f 

( s h i 

f t ) 

r /- 

d >>  shift; 

return  r; 

> 

# e n d i f 

#endif  /*  bniModQ  16  */ 


/ * 

* Reduce  n mod  d and  return  the  quotient.  That  is,  find: 

* q = n / d ; 

* n = n % d ; 

* d is  altered  during  the  execution  of  this  subroutine  by  normalizing  it. 

* It  must  already  have  its  most  significant  word  non-zero;  it  is  shifted 

* so  its  most  significant  bit  is  non-zero. 

* 

* The  quotient  q is  nlen-dlen+1  words  long.  To  make  it  possible  to 

* overlap  the  quptient  with  the  input  (you  can  store  it  in  the  high  dlen 

* words),  the  high  word  of  the  quotient  is  *not*  stored,  but  is  returned. 

* (If  all  you  want  is  the  remainder,  you  don't  care  about  it,  anyway.) 

* 

* This  uses  algorithm  D from  Knuth  (4.3.1),  except  that  we  do  binary 

* (shift)  normalization  of  the  divisor.  WARNING:  This  is  hairy! 

* 

* This  function  is  used  for  some  modular  reduction,  but  it  is  not  used  in 

* the  modular  exponentiation  loops;  they  use  Montgomery  form  and  the 

* corresponding,  more  efficient,  Montgomery  reduction.  This  code 

* is  needed  for  the  conversion  to  Montgomery  form,  however,  so  it 

* has  to  be  here  and  it  might  as  well  be  reasonably  efficient. 

* 

* The  overall  operation  is  as  follows  ("top"  and  "up"  refer  to  the 

* most  significant  end  of  the  number;  "bottom"  and  "down",  the  least): 

* 

* - Shift  the  divisor  up  until  the  most  significant  bit  is  set. 

* - Shift  the  dividend  up  the  same  amount.  This  will  produce  the 

* correct  quotient,  and  the  remainder  can  be  recovered  by  shifting 

* it  back  down  the  same  number  of  bits.  This  may  produce  an  overflow 
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★ 

★ 

★ 

* 

• k 
* 
k 
k 
k 
k 
* 
k 
* 
k 
k 
* 

* 
k 
* 
k 
k 
k 
k 
* 

* 
k 
* 

* / 

//  i f nde  f divn 
BNW0RD1 6 
bn i D i v 
{ 


word  is  always  strictly  less  than  the  most  significant 


of  the 


word,  but  the 
divisor  word. 

- Estimate  the  first  quotient  digit  qhat: 

- First  take  the  top  two  words  (one  of  which  is  the  overflow) 
dividend  and  divide  by  the  top  word  of  the  divisor: 

qhat  = (nh,nm)/dh.  This  qhat  is  >=  the  correct  quotient  digit 
and,  since  dh  is  normalized,  it  is  at  most  two  over. 

- Second,  correct  by  comparing  the  top  three  words.  If 

( d h , d L ) * qhat  > (nh,nm,ml),  decrease  qhat  and  try  again. 

The  second  iteration  can  be  simpler  because  there  can't  be  a third 
The  computation  can  be  simplified  by  subtracting  d h * q h a t from 
both  sides,  suitably  shifted.  This  reduces  the  left  side  to 
dl*qhat.  On  the  right,  ( n h , n m ) -d h * q h a t is  simply  the 
remainder  r from  (nh,nm)%dh,  so  the  right  is  (r,nl). 

This  produces  qhat  that  is  almost  always  correct  and  at 
most  (prob  ~ 2 / 2 A 1 6 ) one  too  high. 

- Subtract  qhat  times  the  divisor  (suitably  shifted)  from  the  dividend 
If  there  is  a borrow,  qhat  was  wrong,  so  decrement  it 

and  add  the  divisor  back  in  (once). 

- Store  the  final  quotient  digit  qhat  in  the  quotient  array  q. 

Repeat  the  quotient  digit  computation  for  successive  digits  of  the 
quotient  until  the  whole  quotient  has  been  computed.  Then  shift  the 
divisor  and  the  remainder  down  to  correct  for  the  normalization. 


TODO 

TODO 


Special  case  2-word  divisors. 

Use  reciprocals  rather  than  dividing 


1 6 


6(BNW0RD1 6 

*q. 

BNW0RD1 6 

BNW0RD1 6 

n h 

, nm. 

n l ; 

BNW0RD1  6 

dh 

, d l ; 

/* 

Top 

BNW0RD1 6 

qhat; 

/* 

Ext  i 

BNW0RD16 

r ; 

/* 

Rema 

BNW0RD1 6 

qh 

i gh; 

/* 

High 

unsigned 

i ; 

/ * 

Temp 

unsigned 

s h 

i ft; 

/* 

Bits 

unsigned 

q i 

e n = 

n l 

en-d  l 

# i f d e f 


*n,  unsigned  nlen,  BNW0RD16  *d,  unsigned  dlen) 

/*  Top  three  words  of  the  dividend  */ 
two  words  of  the  divisor  */ 
mate  of  quotient  word  */ 

inder  from  quotient  estimate  division  */ 
word  of  quotient  * / 

*/ 

shifted  by  normalization  */ 
en;  / * Size  of  quotient  (less  1)  * / 


mull 6_ppmm 
BNW0RD1 6 1 1 6 ; 

#elif  def i ned ( BNW0RD32  ) 

BNW0RD32  t 3 2 ; 

//else  /*  use  bniMulNl_16  */ 

BNW0RD1 6 t 2 L 2 1 ; 

//define  t 2 h i g h BIGLITTLE(t2C0T,t2C1]) 
//define  t2low  BIGLITTLE(t2C1  D,t2C0D) 

U e n d i f 


assert(dlen); 
assert(nlen  >=  dlen); 


/* 

* 

★ 

★ 

★ 

★ 


Special  cases  for  short  divisors.  The  general  case  uses  the 
top  top  2 digits  of  the  divisor  (d)  to  estimate  a quotient  digit, 
so  it  breaks  if  there  are  fewer  digits  available.  Thus,  we  need 
special  cases  for  a divisor  of  length  1.  A divisor  of  length 
2 can  have  a *lot*  of  a dm i n i s t r i v i a overhead  removed  removed. 
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* so  it's  probably  worth  s pe c i a l - c a s i n g that  case,  too. 

*/ 

if  (dlen  = = 1) 

return  b n i D i v 1 _1 6 ( q , B I G L I TT L E ( n-1 , n ) , n,  nlen, 

BIGLITTLECdC-1 ] , d C 0 ] ) ) ; 

# i f 0 

/ * 

* aaa  This  is  not  yet  written...  The  general  loop  will  do, 

* albeit  less  efficiently 

* / 

if  (dlen  ==  2 ) { 

/ * 

* divisor  two  digits  long: 

* use  the  3/2  technique  from  Knuth,  but  we  know 

* it's  exact. 

* / 

dh  = BIGLITTLECdC-l H,dC0]); 
dl  = BIGLITTLE(dC-2],dC1 ]); 
shift  = 0; 

if  ((sh  & ((BNW0RD16)1  <<  16-1-shift))  ==  0)  { 
d o { 

s h i f t + + ; 

> while  (dh  & (BNW0RDl6)1<<16-1-shift)  ==  0); 
dh  = dh  <<  shift  | dl  >>  (16  — shift); 
dl  <<=  shift; 


> 


# e nd  i f 


for  (shift  = 0;  (dh  S (BNW0RD16)1  <<  16-1-shift))  ==  0; 

s h i f t + + ) 

if  (shift)  f 

> 

dh  = dh  <<  shift  | dl  >>  (16  — shift); 
shift  = 0; 
while  ( d h 


dh  = BIGLITTLE(*(d-dlen),*(d+(dlen-1))); 
assert(dh); 

/*  Normalize  the  divisor  */ 
shift  = 0 ; 
r = d h ; 
i = 16/2; 
do  { 

if  ( r > > i ) 


else 

> while  ( ( i /= 


r >>=  i ; 

shift  + = i ; 
2 ) \-  0 ) ; 


n h = 0 ; 
if  (shift)  C 

bn i Ls h i f t_1 6 ( d , dlen,  shift); 
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dh  = BIGLITTLE(*(d-dlen),*(d+(dlen-1 ) ) ); 
nh  = bn i L s h i f t_1 6 ( n , nlen,  shift); 


/ * Assert  that  dh  is  now  normalized  * / 
assert (dh  >>  (16-1)); 


/*  Also  get  the  second-most  significant  word  of  the  divisor 
dl  = BIGLITTLE(*(d-(dlen-1 ) ) ,* ( d+ (d l en-2 ) ) ); 


/* 

* Adjust  pointers:  n to 

* first  subtract,  and  q 

* quotient  array. 

*/ 

BIGLITTLECn  -=  qlen,n  += 
BIGLITTLECq  -=  qlen,q  += 


point  to  least  significant  end  of 
to  one  the  mo s t - s i g n i f i c a n t end  of 


q l e n ) ; 
q l e n ) ; 


/*  Fetch  the  most  significant  stored  word  of  the  dividend  * 
nm  = B I G L I TT L E ( * ( n-d l e n ) , * ( n + ( d l e n- 1 ) ) ) ; 

/ * 

* Compute  the  first  digit  of  the  quotient,  based  on  the 

* first  two  words  of  the  dividend  (the  most  significant  of 

* is  the  overflow  word  h). 

*/ 

if  ( n h ) { 

assert(nh  < dh); 

r = bniDiv21_16(&qhat,  nh,  nm,  dh); 

> else  if  (nm  >=  dh)  { 

qhat  = nm/dh; 
r = nm  % dh; 

> else  C /*  Quotient  is  zero  */ 

q h i g h = 0 ; 
goto  divloop; 


/*  Now  get  the  third  most  significant  word  of  the  dividend 
nl  = BIGLITTLE(*(n-(dlen-1)),*(n+(dlen-2))); 


/ * 

* Correct  qhat,  the  estimate  of  quotient  digit. 

* qhat  can  only  be  high,  and  at  most  two  words  high, 

* so  the  loop  can  be  unrolled  and  abbreviated. 

*/ 


U i f d e f 


mull 6_ppmm 

mu 1 1 6_ppmm ( nm , 1 1 6 , qhat,  dl); 
if  (nm  > r ||  (nm  ==  r &&  t 1 6 > nl)) 
/*  Decrement  qhat  and  adjust 
qhat--; 


i f 


} 


( ( r +=  dh)  >=  dh)  { 

nm  -=  ( t 1 6 < dl); 
t 1 6 -=  dl; 

if  (nm  > r ||  (nm  == 
q h a t - - ; 


> 

#elif  d e f i n e d ( B N W 0 R D 3 2 ) 

1 3 2 = (BNW0RD32)qhat  * dl; 


{ 

compa  ri son 


r &&  t 1 6 > 


parameters 


n l ) ) 


*/ 


i r s t 
the 


which 


/ 
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if  ( 1 3 2 > ((BNW0RD32)r  <<  16)  + nl)  { 

/*  Decrement  qhat  and  adjust  comparison  parameters  */ 
q h a t - - ; 

if  ( ( r +=  dh)  > dh)  { 

1 32  -=  dl; 

if  ( 1 3 2 > ((BNWORD32)r  <<  16)  + nl) 
qhat--; 

> 

> 

#else  /*  Use  bniMulN1_16  */ 

bniMulN1_16(BIGLITTLE(t2+2,t2),  &dl,  1,  qhat); 
if  ( 1 2 h i g h > r ||  ( 1 2 h i g h = = r & & t2Low  > nl))  { 

/*  Decrement  qhat  and  adjust  comparison  parameters  */ 
qhat--; 

if  ( ( r +=  dh)  >=  dh)  { 

t 2 h i g h -=  (t2low  < dl); 
t2low  - = dl; 

if  C t 2 h i g h > r ||  ( 1 2 h i g h ==  r SS  t2low  > nl)) 

qhat--; 

> 

> 

ft  e nd  i f 


/*  Do  the  multiply  and  subtract  */ 
r = bn i Mu l S ub1_1 6 ( n , d , dlen,  qhat); 

/*  If  there  was  a borrow,  add  back  once.  */ 
if  (r  > nh)  { /*  Borrow?  */ 

( vo i d ) bn i AddN_1 6 ( n , d,  dlen); 
qhat--; 

> 

/*  Remember  the  first  quotient  digit.  */ 
qhigh  = qhat; 

/*  Now,  the  main  division  loop:  */ 

d i v l oop  : 

while  (qlen — ) { 

/ * Advance  n * / 

nh  = BIGLITTLE(*(n-dlen),*(n+(dlen-1))); 

BIGLITTLE (++n, — n) ; 

nm  = BIGLITTLE(*(n-dlen),*(n+(dlen-1))); 

if  (nh  ==  dh)  { 

qhat  = ~(BNW0RD16)0; 

/*  Optimized  computation  of  r = (nh,nm)  - qhat  * dh  */ 
r = nh  + nm; 
if  ( r < n h ) 

goto  subtract; 

> else  { 

assertCnh  < dh); 

r = bniDiv21_16(&qhat,  nh,  nm,  dh); 

> 

nl  = BIGLITTLE (*( n- (d l en-1 )),*( n+ ( d l en-2 ))) ; 

#ifdef  mul16_ppmm 

mu l 1 6_ppmm ( nm,  t16,  qhat,  dl); 

if  (nm  > r ||  (nm  = = r &&  1 1 6 > nl))  { 

/*  Decrement  qhat  and  adjust  comparison  parameters  */ 
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ft  e l i f 


qhat--; 

if  ((r  +=  dh)  >=  dh)  { 

nm  -=  ( t 1 6 < dl); 
t 1 6 -=  dl; 

if  (nm  > r ||  (nm  ==  r &&  t 1 6 > n l ) ) 


> 

defined(BNW0RD32) 

t32  = (BNW0RD32)qhat  * dl; 

if  ( 1 3 2 > ( (BNW0RD32 ) r<<1 6)  + nl)  i 

/*  Decrement  qhat  and  adjust  comparison  parameters 
q h a t ; 


if  ( ( r +=  dh)  >=  dh)  { 
t 3 2 - = d l ; 

if  ( 1 3 2 > ((BNW0RD32)r  <<  16)  + nl) 


> 


qhat--; 


*/ 


ft  else  / * 


ft  end  i f 


Use 


> 


bniMulN1_16  * / 

bniMulN1_16(BIGLITTLE(t2+2,t2),  &dl,  1,  qhat); 
if  ( 1 2 h i g h > r ||  ( 1 2 h i g h ==  r &&  t2low  > nl))  { 

/*  Decrement  qhat  and  adjust  comparison  parameters  */ 
qhat--; 

if  ( ( r +=  dh)  >=  dh)  { 

t2high  -=  ( t 2 l o w < dl); 
t2low  - = dl; 

if  ( 1 2 h i g h > r ||  ( t 2 h i g h ==  r &S  t2low  > nl)) 


> 


/* 

* As  a point  of  interest,  note  that  it  is  not  worth  checking 

* for  qhat  of  0 or  1 and  installing  special-case  code.  These 

* occur  with  probability  2A-16,  so  spending  1 cycle  to  check 

* for  them  is  only  worth  it  if  we  save  more  than  2A15  cycles, 

* and  a multiply-and-subtract  for  numbers  in  the  1024-bit 

* range  just  doesn't  take  that  long. 

* / 

subtract  : 

/* 

* n points  to  the  least  significant  end  of  the  substring 

* of  n to  be  subtracted  from.  qhat  is  either  exact  or 

* one  too  large.  If  the  subtract  gets  a borrow,  it  was 

* one  too  large  and  the  divisor  is  added  back  in.  It's 

* a dlen+1  word  add  which  is  guaranteed  to  produce  a 

* carry  out,  so  it  can  be  done  very  simply. 

*/ 

r = bniMulSub1_16(n,  d,  dlen,  qhat); 
if  (r  > nh)  { /*  Borrow?  */ 

( vo i d ) bn i AddN_1 6 ( n , d,  dlen); 
qhat--; 

> 

/*  Store  the  quotient  digit  */ 

BIGLITTLE(*q++,*--q)  = qhat; 

> 

/ * Tah  dah!  */ 
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if  (shift)  { 

bniRshift_16(d,  d l e n , shift); 
b n i R s h i f t_1 6 ( n , dlen,  shift); 

> 

return  qhigh; 

> 

tte nd  i f 


/ * 

* Find  the  negative  multiplicative  inverse  of  x (x  must  be  odd!)  modulo  2 A 1 6 . 

* 

* This  just  performs  Newton's  iteration  until  it  gets  the 

* inverse.  The  initial  estimate  is  always  correct  to  3 bits,  and 

* sometimes  4.  The  number  of  valid  bits  doubles  each  iteration. 

* (To  prove  it,  assume  x * y — 1 (mod  2An),  and  introduce  a variable 

* for  the  error  mod  2A2n.  x * y ==  1 + k*2An  (mod  2A2n)  and  follow 

* the  iteration  through.) 

* / 

#ifndef  b n i M o n t I n v 1 _1 6 
BNW0RD1 6 

b n i M o n 1 1 n v 1 _1 6 ( BN WO R D 1 6 const  x) 

{ 

BNW0RD1 6 y = x,  z; 

assert(x  & 1); 

while  ( ( z = x * y ) !=  1) 

y *=  2 - z; 
return  - y ; 

} 

#endif  /*  IbniMontlnvl  16  */ 


# i f def ined(BNW0RD32)  &&  PRODUCT_SCAN 
/ * 

* Test  code  for  product-scanning  Montgomery  reduction. 

* This  seems  to  slow  the  C code  down  rather  than  speed  it  up. 

* 


* The  first  loop  computes  the  Montgomery  multipliers,  storing  them  over 

* the  low  half  of  the  number  n. 

* 

* The  second  half  multiplies  the  upper  half,  adding  in  the  modulus 

* times  the  Montgomery  multipliers.  The  results  of  this  multiply 

* are  stored. 


*/ 


void 


b n i M o n t R e d u c e_1 6 ( B N W 0 R D 1 6 *n. 


BNW0RD32 
BNW0RD1 6 
BNW0RD1 6 
BNW0RD1 6 
unsigned 
unsigned 


x,  y; 

const  *pm; 

*pn; 

t; 


carry; 

i/  j ; 


BNW0RD16  const  *mod. 


unsigned  mien,  BNW0RD16 


i n v ) 


/*  Special  case  of  zero  */ 
if  ( ! m l e n ) 

return; 
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/ * Pass  1 - compute  Montgomery  multipliers  * / 

/*  First  iteration  can  have  certain  simplifications.  */ 
t = BIGLITTLElnC-l  ] , n [ 0 3 ')  ; 
x = t; 
t * = inv; 

BIGLITTLE(n[-1 3 , n [ 0 3 ) = t ; 

x + = (BNW0RD32)t  * BIGLITTLE(modlI-13,mod[0D);  / * Can't  overflow  * / 
assert ( (BNW0RD1 6)x  ==  0); 
x = x >>  16; 

for  (i  = 1;  i < mien;  i + + ) { 

carry  = 0; 
pn  = n; 

pm  = BIGLITTLE(mod-i-1,mod+i+1); 
for  (j  = 0;  j < i;  j + + ) C 

y = (BNW0RD32)BIGLITTLE(*--pn  * *pm  + + , *pn  + + * * - - p m ) ; 

x +=  y; 

carry  +=  (x  < y); 

> 

assert(BIGLITTLE(pn  ==  n - i , pn  ==  n + i ) ) ; 
y = t = BIGLITTLE(pnL-13,  p n [ 0 3 ) ; 
x +=  y; 

carry  + = (x  < y); 

BIGLITTLE(pn[-13,  p n C 0 3 ) = t = inv  * (BNW0RD16)x; 
assert(BIGLITTLE(pm  ==  mod-1,  pm  ==  mod+1)); 
y = (BNW0RD32)t  * B I G L I T T L E ( pm [ 0 ] , pm [ - 1 ] ) ; 
x +=  y; 

carry  +=  (x  < y); 

assertl  (BNW0RD16)x  ==  0); 

x = x >>  16  | (BNW0RD32)carry  <<  16; 

> 

BIGLITTLEln  -=  mien,  n +=  mien); 

/*  Pass  2 - compute  upper  words  and  add  to  n */ 
for  (i  = 1;  i < mien;  i + + ) { 

carry  = 0; 

pm  - BIGLITTLE(mod-i,mod+i); 
pn  = n; 

for  (j  = i;  j < mien;  j + + ) { 

y = (BNW0RD32)BIGLITTLE(*  — pm  * *pn  + + , *pm  + + * * — pn); 
x +=  y; 

carry  +=  (x  < y); 

> 

assert(BIGLITTLE(pm  ==  mod-mien,  pm  ==  mod+mlen)); 
a s s e r t ( B I G L I T T L E ( p n ==  n + mlen-i,  pn  ==  n-mlen  + i)); 
y = t = BIGLITTLE(*(n-i ),*(n+i-1 ) ) ; 
x +=  y; 

carry  +=  (x  < y); 

BIGLITTLE(*(n-i),*(n+i-1))  = (BNW0RD16)x; 
x = (x  >>  16)  | (BNW0RD32)carry  <<  16; 

> 

/*  Last  round  of  second  half,  simplified.  */ 
t = BIGLITTLE(*(n-mlen),*(n+mlen-1)); 
x + = t ; 

BIGLITTLE(*(n-mlen),*(n+mlen-1))  = (BNW0RDl6)x; 
carry  = (unsigned) (x  >>  16); 
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while  (carry) 

carry  -=  bn i SubN_1 6 ( n , mod,  mien); 
while  ( bn i Cmp_1 6 ( n , mod,  mien)  >=  0) 

( vo i d ) bn i SubN_1 6 ( n , mod,  mien); 

} 

#define  bn i Mon t Redu c e_1 6 b n i Mo n t R e d u c e_1 6 
# e nd i f 

/ * 

* Montgomery  reduce  n,  modulo  mod.  This  reduces  modulo  mod  and  divides  by 

* 2A(16*mlen).  Returns  the  result  in  the  *top*  mien  words  of  the  argument  n. 

* This  is  ready  for  another  multiplication  using  bniMul_16. 

* 

* Montgomery  representation  is  a very  useful  way  to  encode  numbers  when 

* you're  doing  lots  of  modular  reduction.  What  you  do  is  pick  a multiplier 

* R which  is  relatively  prime  to  the  modulus  and  very  easy  to  divide  by. 

* Since  the  modulus  is  odd,  R is  closen  as  a power  of  2,  so  the  division 

* is  a shift.  In  fact,  it's  a shift  of  an  integral  number  of  words, 

* so  the  shift  can  be  implicit  - just  drop  the  low-order  words. 

* 

* Now,  choose  R *larger*  than  the  modulus  m,  2A(16*mlen).  Then  convert 

* all  numbers  a,  b,  etc.  to  Montgomery  form  M(a),  M(b),  etc  using  the 

* relationship  M(a)  = a * R mod  m,  M(b)  = b * R mod  m,  etc.  Note  that: 

* - The  Montgomery  form  of  a number  depends  on  the  modulus  m. 

* A fixed  modulus  m is  assumed  throughout  this  discussion. 

* - Since  R is  relaitvely  prime  to  m,  multiplication  by  R is  invertible; 

* no  information  about  the  numbers  is  lost,  they're  just  scrambled. 

* - Adding  (and  subtracting)  numbers  in  this  form  works  just  as  usual. 

* M ( a + b ) = ( a + b ) * R mod  m = (a*R  + b*R)  mod  m = (M(a)  + M(b))  mod  m 

* - Multiplying  numbers  in  this  form  produces  a*b*R*R.  The  problem 

* is  to  divide  out  the  excess  factor  of  R,  modulo  m as  well  as  to 

* reduce  to  the  given  length  mien.  It  turns  out  that  this  can  be 

* done  *faster*  than  a normal  divide,  which  is  where  the  speedup 

* in  Montgomery  division  comes  from. 

* 

* Normal  reduction  chooses  a mo s t - s i g n i f i c a n t quotient  digit  q and  then 

* subtracts  q*m  from  the  number  to  be  reduced.  Choosing  q is  tricky 

* and  involved  (just  look  at  bniDiv_16  to  see!)  and  is  usually 

* imperfect,  requiring  a check  for  correction  after  the  subtraction. 

* 

* Montgomery  reduction  *adds*  a multiple  of  m to  the  *low-order*  part 

* of  the  number  to  be  reduced.  This  multiple  is  chosen  to  make  the 

* low-order  part  of  the  number  come  out  to  zero.  This  can  be  done 

* with  no  trickery  or  error  using  a precomputed  inverse  of  the  modulus. 

* In  this  code,  the  "part"  is  one  word,  but  any  width  can  be  used. 

* 

* Repeating  this  step  sufficiently  often  results  in  a value  which 

* is  a multiple  of  R (a  power  of  two,  remember)  but  is  still  (since 

* the  additions  were  to  the  low-order  part  and  thus  did  not  increase 

* the  value  of  the  number  being  reduced  very  much)  still  not  much 

* larger  than  m*R.  Then  implicitly  divide  by  R and  subtract  off 

* m until  the  result  is  in  the  correct  range. 

* 

* Since  the  low-order  part  being  cancelled  is  less  than  R,  the 

* multiple  of  m added  must  have  a multiplier  which  is  at  most  R-1. 

* Assuming  that  the  input  is  at  most  m*R-1,  the  final  number  is 

* at  most  m*(2*R-1)-1  = 2*m*R  - m - 1,  so  subtracting  m once  from 

* the  high-order  part,  equivalent  to  subtracting  m*R  from  the 
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★ 

while  number,  produces  a result 

which  i 

s at 

most 

m* R - 

m - 1 , 

★ 

"k 

which  divided  by 

R is  at  most  m- 

1 . 

k 

To  convert  *to*  Montgomery  form. 

you  need  a 

r e g u 

l a 

r r ema i nde  r 

k 

routine,  although 

you  can  just  c 

ompu  t e 

R * R 

X mod 

m ) 

and 

do  the 

k 

conversion  using 

Montgomery  mutt 

i p l i c a t i o n . 

To 

convert 

* f r om* 

* 

Montgomery  form. 

just  Montgomery 

reduce 

the 

number 

t 0 

★ 

sW 

remove  the  extra 

factor  of  R. 

A 

★ 

T0D0:  Change  to  a 

full  inverse  a 

nd  use 

Kara 

t suba 

' s 

multiplication 

★ 

rather  than  this 

word-at-a-time. 

* / 

tfifndef  b n i M o n t R e d u c e_1 6 
void 

b n i M o n t R ed u c e_1 6 ( BN WO R D 1 6 *n,  BNW0RD16  const  *mod,  unsigned  const  mien, 

BNW0RD16  inv) 

{ 

BNW0RD1 6 t; 

BNW0RD1 6 c = 0 ; 
unsigned  Len  = mien; 

/*  inv  must  be  the  negative  inverse  of  mod's  least  significant  word  */ 
assert ( (BNW0RD1 6)  ( i nv  * B I G L I T T L E ( mo d C - 1 H , m o d C 0 ] ) ) ==  ( B N W 0 R D 1 6 ) - 1 ) ; 

assertC  len); 

do  f 

t = bniMulAdd1_16(n,  mod,  mien,  inv  * BIGLITTLE(nC-1],nC0Il)); 
c +=  bniAdd1_16(BIGLITTLE(n-mlen,n+mlen),  len,  t); 

BIGLITTLE ( — n,+  + n)  ; 

> while  (--len); 

/* 

* All  that  adding  can  cause  an  overflow  past  the  modulus  size, 

* but  it's  unusual,  and  never  by  much,  so  a subtraction  loop 

* is  the  right  way  to  deal  with  it. 

* This  subtraction  happens  infrequently  - I've  only  ever  seen  it 

* invoked  once  per  reduction,  and  then  just  under  22.5%  of  the  time. 
*/ 

while  ( c ) 

c -=  bn i S u bN_1 6 ( n , mod,  mien); 
while  ( bn i Cmp_1 6 ( n,  mod,  mien)  >=  0) 

( v o i d ) bn i S u bN_1 6 ( n , mod,  mien); 

> 

#endif  /*  ! bn i Mo n t R e d u c e_1 6 */ 

/ * 

* A couple  of  helpers  that  you  might  want  to  implement  atomically 

* in  asm  somet i me  . 

*/ 

#ifndef  bniMontMul  16 


/ * 

★ 

Multiply 

"numl"  by  " 

num2",  modulo 

"mod",  all  of  length 

" len". 

and 

★ 

place  the 

result  in 

the  high  half 

o f 

"prod" . 

"inv"  is 

the  inverse 

k 

of  the  l e a s t - s i g n i f i 

cant  word  of 

the 

modulus. 

modu  l o 2 A 

1 6 . 

k 

k 

This  uses 

numbers  in 

Montgomery  form. 

Reduce 

using  "len"  and 

"inv 

k 

This  is  implemented 

as  a macro  to 

w i n 

on  c omp i 

lers  that 

don't 

d o 

k 

i n l i n i n g , 

since  it's 

so  trivial. 
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* / 

//define  b n i Mo n t M u l_1 6 ( p r o d , nl,  n2,  mod,  ten,  inv)  \ 

( bn i M u L X_1 6 ( p r od , nl,  n2,  Len),  b n i M o n t R e d u c e_1 6 ( p r o d , mod,  Len,  inv)) 
//endif  /*  ! b n i M o n t M u L _1 6 */ 

//ifndef  bn  i Mont  Squa  re_1  6 
/ * 

* Square  "num",  modulo  "mod",  both  of  length  "len",  and  place  the  result 

* in  the  high  half  of  "prod".  "inv"  is  the  inverse  of  the  l e a s t - s i g n i f i c a n t 

* word  of  the  modulus,  modulo  2A16. 

* This  uses  numbers  in  Montgomery  form.  Reduce  using  "len"  and  "inv". 

* 

* This  is  implemented  as  a macro  to  win  on  compilers  that  don't  do 

* inlining,  since  it's  so  trivial. 

* / 

//define  b n i Mon  t S q u a r e_1  6 ( p r od  , n,  mod,  len,  inv)  \ 

( bn i S q u a r e_1 6 ( p r o d , n,  len),  b n i M o n t R e d u c e_1 6 ( p r o d , mod,  len,  inv)) 

#endif  /*  ! bn i M o n t S q u a r e_1 6 */ 

/* 

* Convert  a number  to  Montgomery  form  - requires  mien  + nlen  words 

* of  memory  in  " n" . 

* / 

void 

b n i T o M o n t_1 6 ( B N W 0 R D 1 6 *n,  unsigned  nlen,  BNW0RD16  *mod,  unsigned  mien) 

{ 

/*  Move  n up  "mien"  words  */ 

bn i C o py_1 6 ( B I G L I T T L E ( n-m l e n , n +m l e n ) , n,  nlen); 
bn i Z e r o_1 6 ( n , mien); 

/*  Do  the  division  - dump  the  quotient  in  the  high-order  words  */ 

( v o i d ) b n i D i v_1 6 ( B I G L I T T L E ( n -m l e n , n +m l e n ) , n,  mlen+nlen,  mod,  mien); 

> 

/ * 

* Convert  from  Montgomery  form.  Montgomery  reduction  is  all  that  is 

* needed. 

* / 

void 

b n i F r omM o n t_1 6 ( BN W 0 R D 1 6 *n,  BNW0RD16  *mod,  unsigned  len) 

{ 

/*  Zero  the  high  words  of  n */ 
bniZero_16(BIGLITTLE(n-len,n+len),  len); 

bn i Mo n t R e d u c e_1 6 ( n , mod,  len,  bn i Mo n t I n v 1 _1 6 ( mod C B I G L I TT L E ( - 1 , 0 ) ] ) ) ; 

/*  Move  n down  len  words  */ 

b n i C o py_1 6 ( n , BIGLITTLE(n-len,n+len),  len); 

} 

/ * 

* The  windowed  exponentiation  algorithm,  precomputes  a table  of  odd 

* powers  of  n up  to  2Ak.  See  the  comment  in  bnExpMod_16  below  for 

* an  explanation  of  how  it  actually  works  works. 

* 

* It  takes  2A(k  — 1 ) — 1 multiplies  to  compute  the  table,  and  (e-1)/(k  + 1) 

* multiplies  (on  average)  to  perform  the  exponentiation.  To  minimize 

* the  sum,  k must  vary  with  e.  The  optimal  window  sizes  vary  with  the 

* exponent  length.  Here  are  some  selected  values  and  the  boundary  cases. 

* (An  underscore  _ has  been  inserted  into  some  of  the  numbers  to  ensure 

* that  magic  strings  like  16  do  not  appear  in  this  table.  It  should  be 
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* ignored.) 

* 


★ 

At 

e 

= 

1 

bits. 

k = 1 

(0.000000) 

is  best 

★ 

At 

e 

= 

2 

bits. 

k = 1 

(0.500000) 

is  best 

★ 

At 

e 

= 

4 

bits. 

k = 1 

( 1 .500000) 

is  best 

★ 

At 

e 

= 

8 

bits. 

k = 2 

(3.333333) 

< k=1  (3.500000) 

* 

At 

e 

= 

1 _6 

bits. 

(XI 

II 

(6 . 000000) 

is  best 

★ 

At 

e 

= 

26 

bits. 

k = 3 

(9.250000) 

< k=2  (9.333333) 

★ 

At 

e 

= 

3_2 

bits. 

k = 3 

( 1 0 .750000) 

is  best 

•k 

At 

e 

= 

6 4 

bits. 

k = 3 

( 1 8 .750000) 

is  best 

k 

At 

e 

= 

82 

bits. 

II 

(23.200000) 

< k=3  (23.250000) 

k 

At 

e 

= 

128 

bits. 

k = 4 

(3_2 .400000) 

is  best 

k 

At 

e 

= 

242 

bits. 

k = 5 

(55.1  66667) 

< k=4  (55.200000) 

k 

At 

e 

= 

256 

bits. 

k = 5 

(57.500000) 

is  best 

k 

At 

e 

= 

512 

bits. 

k = 5 

(100. 1 _6  6667) 

is  best 

k 

At 

e 

= 

674 

bits. 

k = 6 

( 1 27.1  42857  ) 

< k=5  ( 1 27 . 1_66667) 

k 

At 

e 

= 

1024 

bits. 

k = 6 

(177.1 42857) 

is  best 

k 

At 

e 

= 

1 794 

bits. 

k = 7 

(287.125000) 

< k = 6 ( 287.1  42857) 

k 

At 

e 

= 

2048 

bits. 

7T 

II 

-Nl 

(318.875000) 

is  best 

k 

-A- 

At 

e 

4096 

bits. 

7T 

II 

"Nl 

( 574 . 875000) 

is  best 

A 

k 

The 

numbers 

in  pa 

rentheses  are  the 

expected  number  of  multiplications 

* needed  to  do  the  computation.  The  normal  russian-peasant  modular 

* exponentiation  technique  always  uses  (e-1)/2.  For  exponents  as 

* small  as  192  bits  (below  the  range  of  current  factoring  algorithms), 

* half  of  the  multiplies  are  eliminated,  45.2  as  opposed  to  the  naive 

* 95.5.  Counting  the  191  squarings  as  3/4  a multiply  each  (squaring 

* proper  is  just  over  half  of  multiplying,  but  the  Montgomery 

* reduction  in  each  case  is  also  a multiply),  that's  143.25 

* multiplies,  for  totals  of  188.45  vs.  238.75  - a 21%  savings. 

* For  larger  exponents  (like  512  bits),  it's  483.92  vs.  639.25,  a 

* 24.3%  savings.  It  asymptotically  approaches  25%. 

* 

* Urn,  actually  there's  a slightly  more  accurate  way  to  count,  which 

* really  is  the  average  number  of  multiplies  required,  averaged 

* uniformly  over  all  2A(e-1)  e-bit  numbers,  from  2A(e-1)  to  (2Ae)-1. 

* It's  based  on  the  recurrence  that  for  the  last  b bits,  b <=  k,  at 

* most  one  multiply  is  needed  (and  none  at  all  1 / 2 A b of  the  time), 

* while  when  b > k,  the  odds  are  1/2  each  way  that  the  bit  will  be 

* 0 (meaning  no  multiplies  to  reduce  it  to  the  b-1-bit  case)  and 

* 1/2  that  the  bit  will  be  1,  starting  a k-bit  window  and  requiring 

* 1 multiply  beyond  the  b-k-bit  case.  Since  the  most  significant 

* bit  is  always  1,  a k-bit  window  always  starts  there,  and  that 

* multiply  is  by  1,  so  it  isn't  a multiply  at  all.  Thus,  the 

* number  of  multiplies  is  simply  that  needed  for  the  last  e-k  bits. 

* This  recurrence  produces: 

* 


★ 

At 

e 

= 

1 

bi 

t s , 

k = 1 

(0 . 000000) 

i 

s 

best 

* 

At 

e 

= 

2 

b i 

t s , 

k = 1 

(0 . 500000) 

i 

s 

best 

★ 

At 

e 

= 

4 

b i 

t s , 

k = 1 

( 1 .500000) 

i 

s 

best 

k 

At 

e 

= 

6 

bi 

ts. 

C\J 

II 

(2 . 437500) 

< 

k = 1 

(2.500000) 

k 

At 

e 

= 

8 

b i 

ts. 

C\J 

II 

(3.1  09375  ) 

i 

s 

best 

k 

At 

e 

= 

1 _6 

b i 

ts. 

k = 2 

( 5.777771  ) 

i 

s 

best 

k 

At 

e 

= 

24 

b i 

ts. 

k = 3 

(8 . 437629) 

< 

k = 2 

(8 . 444444) 

k 

At 

e 

= 

3_2 

b i 

ts. 

k = 3 

(10.437492) 

i 

s 

best 

k 

At 

e 

= 

6_4 

b i 

ts. 

k = 3 

(18.437500) 

i 

s 

best 

k 

At 

e 

= 

81 

b i 

ts. 

k = 4 

( 22 . 6_4  0 0 0 0 ) 

< 

k = 3 

( 22 . 687500  ) 

k 

At 

e 

= 

128 

b i 

ts. 

k = 4 

(3_2 .040000) 

i 

s 

best 

k 

At 

e 

= 

241 

b i 

ts. 

k = 5 

(54.611111) 

< 

7T 

II 

-P- 

( 54 . 6_40000 ) 
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★ 

At 

e 

- 256 

bits. 

k = 5 

(57.111111) 

is  best 

★ 

At 

e 

= 512 

bits. 

k = 5 

(99.777778) 

is  best 

★ 

At 

e 

= 673 

bits. 

o 

II 

(126.591837) 

< k = 5 (126.611111) 

★ 

At 

e 

= 1024 

bits. 

k = 6 

( 1 76.734694) 

is  best 

•k 

At 

e 

= 1793 

bits. 

k = 7 

(286.578125) 

< k=6  (286.591837) 

k 

At 

e 

= 2048 

bits. 

k = 7 

(318.453125) 

is  best 

k 

k 

At 

e 

= 4096 

bits. 

k = 7 

(574.453125) 

is  best 

k 

T h i 

s 

has  the 

roll 

over 

points  at  6, 

24,  81,  241,  673  and  1793  instead 

k 

o f 

8, 

26,  82 

, 242 

, 674 

, and  1794. 

Not  a very  big  difference. 

k 

(The 

numbers 

past 

that 

are  k=8  at 

4609  and  k=9  at  11521, 

* vs.  one  more  in  each  case  for  the  approximation.) 

* 

* Given  that  exponents  for  which  k>7  are  useful  are  uncommon, 

* a fixed  size  table  for  k <=  7 i s used  for  simplicity. 

k 

* The  basic  number  of  squarings  needed  is  e-1,  although  a k-bit 

* window  (for  k > 1)  can  save,  on  average,  k-2  of  those,  too. 

* That  savings  currently  isn't  counted  here.  It  would  drive  the 

* crossover  points  slightly  lower. 

* (Actually,  this  win  is  also  reduced  in  the  DoubleExpMod  case, 

* meaning  we'd  have  to  split  the  tables.  Except  for  that,  the 

* multiplies  by  powers  of  the  two  bases  are  independent,  so 

* the  same  logic  applies  to  each  as  the  single  case.) 

* 

* Table  entry  i is  the  largest  number  of  bits  in  an  exponent  to 

* process  with  a window  size  of  i+1.  Entry  6 is  the  largest 

* possible  unsigned  number,  so  the  window  will  never  be  more 

* than  7 bits,  requiring  2A6  = 0x40  slots. 

* / 

# d e f i n e B N E X P M 0 D_M A X_W I N D 0 W 7 

static  unsigned  const  b n E x p M o d T h r e s h T a b l e C B N E X P M 0 D_M  A X_W  I N D 0 W II  = { 

5,  23,  80,  240,  672,  1792,  (unsigned)-l 

/*  7,  25,  81,  241,  673,  1793,  (unsigned)-l  ###  The  old  approximations  */ 

>; 


/ * 

* Perform  modular  exponentiation,  as  fast  as  possible!  This  uses 

* Montgomery  reduction,  optimized  squaring,  and  windowed  exponentiation. 

* The  modulus  "mod"  MUST  be  odd! 

* 

* This  returns  0 on  success,  -1  on  out  of  memory. 

* 

* The  window  algorithm: 

* The  idea  is  to  keep  a running  product  of  bl  = n A ( h i g h-o rde r bits  of  exp), 

* and  then  keep  appending  exponent  bits  to  it.  The  following  patterns 


★ 

apply  to  a 

3-bit  window 

( k = 3)  : 

★ 

To 

append 

0 

square 

★ 

To 

append 

1 

square. 

multiply  by  nA1 

★ 

To 

append 

1 0 

square. 

multiply  by  nA1, 

square 

k 

To 

append 

1 1 

square. 

square,  multiply 

by  n A 3 

k 

To 

append 

1 00 

square. 

multiply  by  nA1, 

square. 

square 

k 

To 

append 

101 

square. 

square,  square. 

multiply 

by 

n A 5 

k 

To 

append 

1 1 0 

square. 

square,  multiply 

by  n A 3 , 

square 

k 

To 

append 

1 1 1 

square. 

square,  square. 

multiply 

by 

< 

c 

X 

★ 

Since  each 

pattern  involves  only  one  multiply. 

the 

longer  the  pattern 

★ 

the 

better 

, except  that 

a 0 (no  multipl 

i e s ) can 

be 

appended 

directly. 

★ 

We 

precompute 

a table  of  odd  powers  of 

n , up  to 

2 A k 

, and  can 

then 
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* multiply  k bits  of  exponent  at  a time.  Actually,  assuming  random 

* exponents,  there  is  on  average  one  zero  bit  between  needs  to 

* multiply  (1/2  of  the  time  there's  none,  1/4  of  the  time  there's  1, 

* 1/8  of  the  time,  there's  2,  1/16  of  the  time,  there's  3,  etc.),  so 

* you  have  to  do  one  multiply  per  k+1  bits  of  exponent. 

* 

* The  loop  walks  down  the  exponent,  squaring  the  result  buffer  as 

* it  goes.  There  is  a wbits+1  bit  lookahead  buffer,  buf,  that  is 

* filled  with  the  upcoming  exponent  bits.  (What  is  read  after  the 

* end  of  the  exponent  is  unimportant,  but  it  is  filled  with  zero  here.) 

* When  the  most-significant  bit  of  this  buffer  becomes  set,  i.e. 

* (buf  8 tblmask)  !=  0,  we  have  to  decide  what  pattern  to  multiply 

* by,  and  when  to  do  it.  We  decide,  remember  to  do  it  in  future 

* after  a suitable  number  of  squarings  have  passed  (e.g.  a pattern 

* of  "100"  in  the  buffer  requires  that  we  multiply  by  nA1  immediately; 

* a pattern  of  "110"  calls  for  multiplying  by  nA3  after  one  more 

* squaring),  clear  the  buffer,  and  continue. 

* 

* When  we  start,  there  is  one  more  optimization:  the  result  buffer 

* is  implcitly  one,  so  squaring  it  or  multiplying  by  it  can  be 

* optimized  away.  Further,  if  we  start  with  a pattern  like  "100" 

* in  the  lookahead  window,  rather  than  placing  n into  the  buffer 

* and  then  starting  to  square  it,  we  have  already  computed  nA2 

* to  compute  the  odd-powers  table,  so  we  can  place  that  into 

* the  buffer  and  save  a squaring. 

* 

* This  means  that  if  you  have  a k-bit  window,  to  compute  nAz, 

* where  z is  the  high  k bits  of  the  exponent,  1/2  of  the  time 

* it  requires  no  squarings.  1/4  of  the  time,  it  requires  1 

* squaring,  ...  1/2A(k-1)  of  the  time,  it  reqires  k-2  squarings. 

* And  the  remaining  1/2A(k-1)  of  the  time,  the  top  k bits  are  a 

* 1 followed  by  k-1  0 bits,  so  it  again  only  requires  k-2 

* squarings,  not  k-1.  The  average  of  these  is  1.  Add  that 

* to  the  one  squaring  we  have  to  do  to  compute  the  table, 

* and  you'll  see  that  a k-bit  window  saves  k-2  squarings 

* as  well  as  reducing  the  multiplies.  (It  actually  doesn't 

* hurt  in  the  case  k = 1,  either.) 

* 

* n must  have  mien  words  allocated.  Although  fewer  may  be  in  use 

* when  n is  passed  in,  all  are  in  use  on  exit. 

*/ 

i n t 

b n i E x p M o d_1 6 ( B N W 0 R D 1 6 *result,  BNW0RD16  const  *n,  unsigned  nlen. 


BNW0RD1 6 

const  * e , 

unsigned 

e l e n , 

BNW0RD16  *mod 

, unsigned 

mien) 

BNW0RD1 6 

* t a b l e L 1 

<< 

(BNEXPM0  D_M  A X 

_W I N D 0 W- 1 ) ] ; 

/ * 

Table  of  odd  powers 

o f 

n * / 

unsigned 

e b i t s ; 

/* 

Exponent  bits  * / 

unsigned 

w b i ts; 

/* 

Window 

size  * / 

unsigned 

tblmask; 

/* 

Mask  of 

exponentiation 

window  * / 

BNW0RD1 6 

b i tpos; 

/ * 

Mask  of 

current  look 

-ahead  bit 

*/ 

unsigned 

buf; 

/ * 

Buffer 

of  exponent  bits 

*/ 

unsigned 

multpos; 

/ * 

Where  to  do  pending 

multiply  * / 

BNW0RD1 6 

const  *mult; 

/ * 

What  to 

multiply  by 

* / 

unsigned 

i / 

/* 

Loop  counter  * / 

i n t i s o n e 

f 

/* 

Flag:  accum.  is  impl 

i c i 

t l y one 

* / 

BNW0RD1  6 

* a , * b ; 

/ * 

Working 

buffers/accumulators  */ 

BNW0RD1  6 

* t ; 

/ * 

Pointer 

into  the  working  buffers  */ 

BNW0RD1  6 

i n v ; 

/ * 

mod A-1 

modulo  2 A 1 6 * / 
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i n t y ; 


/*  bnYieldC)  result  */ 


assert(mlen); 
assertCnlen  <=  mien); 


/*  First,  a couple  of  trivial  cases.  */ 
elen  = bn i No rm_1 6 ( e , elen); 
if  ( ! e l e n ) { 

/*  x A 0 ==  1 */ 

bn i Z e r o_1 6 ( r e s u l t , mien); 

BIGLITTLE ( resu 1 1 [-1 1, resu  l t [0]  ) = 1; 
return  0; 

> 

ebits  = bn i B i t s_1 6 ( e , elen); 
if  (ebits  ==  1)  { 

/ * x A 1 ==  x * / 
if  (n  !=  result) 

b n i C o py_1 6 ( r e s u l t , n,  nlen); 
if  (mien  > nlen) 

bniZero_16(BIGLITTLE(result-nlen,result+nlen), 

mlen-nlen); 


return  0; 


> 


/*  Okay,  now  move  the  exponent  pointer  to  the  mo s t - s i g n i f i c a n t word  */ 
e = BIGLITTLE(e-elen,  e+elen-1); 


/*  Look  up  appropriate  k-1  for  the  exponent  - tblmask  = 1 <<(k  — 1 ) */ 
w b i t s = 0 ; 

while  (ebits  > bn E x pMod T h r e s h T a b l e C w b i t s ] ) 
w b i t s + + ; 

/*  Allocate  working  storage:  two  product  buffers  and  the  tables.  */ 
BNIALL0C(a,  BNW0RD16,  2*mlen); 
if  ( ! a) 

return  - 1 ; 

BNIALL0C(b,  BNW0RD1 6,  2*mlen); 
if  ( ! b)  f 

BNIFREE(a,  2*mlen); 
return  - 1 ; 

> 

/*  Convert  to  the  appropriate  table  size:  tblmask  = 1<<(k— 1 ) */ 
tblmask  = 1 u <<  wbits; 

/*  We  have  the  result  buffer  available,  so  use  it.  */ 
tableCO]  = result; 

/ * 

* Okay,  we  now  have  a m i n i ma  l - s i z ed  table  - expand  it. 

* This  is  allowed  to  fail!  If  so,  scale  back  the  table  size 

* and  proceed. 

* / 

for  (i  = 1;  i < tblmask;  i + + ) ( 

BNIALL0C(t,  BNW0RD16,  mien); 

if  (!t)  / * Out  of  memory!  Quit  the  loop.  */ 

break; 

tablelid  = t; 

> 
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/*  If  we  stopped,  with  i < tblmask,  shrink  the  tables  appropriately  */ 
while  (tblmask  > i)  { 
w b i t s ; 
tblmask  >>=  1 ; 

> 

/*  Free  up  our  overallocations  */ 
while  ( --i  > tblmask) 

BNIFREECtableCi],  mien); 

/*  Okay,  fill  in  the  table  */ 

/*  Compute  the  necessary  modular  inverse  */ 

inv  = bniMontInv1_16(modCBIGLITTLE(-1,0)]);  /*  LSW  of  modulus  */ 


/*  Convert  n to  Montgomery  form  */ 

/*  Move  n up  "mien"  words  into  a */ 
t = BIGLITTLE(a-mlen,  a + mlen)  ; 
bn i C o py_1 6 ( t , n,  nlen); 
bn i Z e ro_1 6 ( a , mien); 

/*  Do  the  division  - lose  the  quotient  into  the  high-order  words  * / 
( vo i d ) bn i D i v_1 6 ( t , a,  mlen+nlen,  mod,  mien); 

/*  Copy  into  first  table  entry  * / 
bn i C opy_1 6 ( t a b l e C 0 ] , a,  mien); 


/*  Square  a into  b */ 

bn i Mon t Squa r e_1 6 ( b , a,  mod,  mien,  inv); 


/*  Use  high  half  of  b to  initialize  the  table  */ 
t = BIGLITTLE(b-mlen,  b+mlen); 
for  (i  = 1;  i < tblmask;  i++)  { 

bni MontMu l_1 6(a,  t,  t a b l e C i - 1 T,  mod,  mien,  inv); 
b n i C o p y_1 6 ( t a b l e C i ] , B I G L I T T L E ( a -m  l e n , a + mlen),  mien); 

ft i f BNYIELD 


# e n d i f 


if  ( bn Y i e l d 

&& 

(y  = bn Y i e l d ( ) ) 

< 0) 

> 

goto 

y i 

eld; 

/* 

We  might  use  b = 

n A 2 

later...  * / 

/ * 

Initialze  the  fet 

c h 

pointer  */ 

bitpos  = (BNW0RD16)1 

<< 

((ebits-1)  & (16-1)); 

/* 

This  should  point 

t 0 

the  msbit  of  e 

*/ 

assert((*e  & bitpos) 

i - 

0); 

/*  Initialize  mask 


*/ 


/* 

* Pre-load  the  window.  Becuase  the  window  size  is 

* never  larger  than  the  exponent  size,  there  is  no  need  to 

* detect  running  off  the  end  of  e in  here. 

* 

* The  read-ahead  is  controlled  by  elen  and  the  bitpos  mask. 

* Note  that  this  is  *ahead*  of  ebits,  which  tracks  the 

* most  significant  end  of  the  window.  The  purpose  of  this 

* initialization  is  to  get  the  two  wbits+1  bits  apart, 

* like  they  should  be. 

* 
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* Note  that  bitpos  and  ellen  together  keep  track  of  the 

* Lookahead  read  pointer  in  the  exponent  that  is  used  here. 

* / 

but  = 0 ; 

for  (i  = 0;  i <=  wbits;  i++)  ( 

buf  = (buf  <<  1)  | ( ( * e & bitpos)  !=  0); 

bitpos  >>=  1 ; 
if  (Ibitpos)  ( 

BIGLITTLE(e++,e — ); 

bitpos  = (BNW0RD16)1  <<  (16-1); 

elen  — ; 

} 

> 

assert (buf  & tblmask); 


/ * 

* Set  the  pending  multiply  positions  to  a location  that  will 

* never  be  encountered,  thus  ensuring  that  nothing  will  happen 

* until  the  need  for  a multiply  appears  and  one  is  scheduled. 

* / 

multpos  = ebits;  /*  A NULL  value  */ 

mult  = 0;  /*  Force  a crash  if  we  use  these  */ 

/ * 

* Okay,  now  begins  the 

* slightly  magic,  so  it 

* but  it's  very  similar 

* / 

ebits--;  / * Start 

i s o n e = 1 ; 

/ * 

* This  is  just  Like  the  multiply  in  the  loop,  except  that 

* - We  know  the  msbit  of  buf  is  set,  and 

* - We  have  the  extra  value  nA2  floating  around. 

* So,  do  the  usual  computation,  and  if  the  result  is  that 

* the  buffer  should  be  multiplied  by  nA1  immediately 

* (which  we'd  normally  then  square),  we  multiply  it 

* (which  reduces  to  a copy,  which  reduces  to  setting  a flag) 

* by  nA2  and  skip  the  squaring.  Thus,  we  do  the 

* multiply  and  the  squaring  in  one  step. 

* / 

assert (buf  & tblmask); 
multpos  = ebits  - wbits; 
while  ((buf  & 1)  ==  0)  ( 

buf  >>=  1; 
multpos++; 

} 

/*  Intermediates  can  wrap,  but  final  must  NOT  */ 
assert(multpos  <=  ebits); 
mult  = tableCbuf>>1D; 
buf  = 0 ; 

/*  Special  case:  use  a l ready-computed  value  sitting  in  buffer  */ 
if  (multpos  ==  ebits) 
i s o n e = 0 ; 


real  work.  The  first  step  is 
's  done  outside  the  main  loop, 
to  what's  inside. 

processing  the  first  bit...  */ 


/ * 

* At  this  point,  the  buffer  (which  is  the  high  half  of  b)  holds 
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* either  1 (implicitly,  as  the  "isone"  flag  is  set),  or  nA2. 
*/ 


/ * 

* The  main  loop.  The  procedure  is: 

* - Advance  the  window 

* - If  the  mo s t - s i g n i f i c a n t bit  of  the  window  is  set, 

* schedule  a multiply  for  the  appropriate  time  in  the 

* future  (may  be  immediately) 

* - Perform  any  pending  multiples 

* - Check  for  termination 

* - Square  the  buffer 

* 

* At  any  given  time,  the  acumulated  product  is  held  in 

* the  high  half  of  b. 

* / 

for  ( ; ; ) { 

e b i t s — ; 


/*  Advance  the  window  */ 
assert (buf  < tblmask); 
buf  <<=  1 ; 

/ * 

* This  reads  ahead  of  the  current  exponent  position 

* (controlled  by  ebits),  so  we  have  to  be  able  to  read 

* past  the  Isb  of  the  exponents  without  error. 

* / 

if  ( e l e n ) { 

buf  |=  ( ( * e S bitpos)  !=  0 ) ; 
bitpos  >>=  1; 
if  (Ibitpos)  f 

BIGLITTLE(e++,e--); 

bitpos  = (BNW0RD16)1  <<  (16-1); 

e l e n - - ; 

} 

> 

/*  Examine  the  window  for  pending  multiplies  */ 
if  (buf  & tblmask)  ( 

multpos  = ebits  - wbits; 
while  ((buf  & 1)  ==  0)  { 
buf  >>=  1 ; 
mu l tpos++; 

> 

/*  Intermediates  can  wrap,  but  final  must  NOT  */ 
assert(multpos  <=  ebits); 
mult  = tableCbuf>>1]; 
buf  = 0 ; 

> 

/*  If  we  have  a pending  multiply,  do  it  */ 
if  (ebits  ==  multpos)  C 

/*  Multiply  by  the  table  entry  remembered  previously  */ 
t = BIGLITTLE(b-mlen,  b+mlen); 
if  (isone)  T 

/*  Multiply  by  1 is  a trivial  case  */ 
bn i C opy_1 6 ( t , mult,  mien); 
isone  = 0 ; 

> else  ( 
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bn i Mo n t M u l_1 6 ( a , t,  mult,  mod,  mien,  i 
/ * Swap  a and  b * / 
t=a;a=b;b=t; 

> 

> 


/ * Are  we  done?  * / 
if  ( ! e b i t s ) 

break; 


# i f BNYIELD 


# end  i f 

> /* 


/*  Square  the  input  */ 
if  ( ! i sone)  f 

t = BIGLITTLE(b-mlen,  b+mlen); 
bn i Mont Squa re_1 6 ( a , t,  mod,  mien, 
/ * Swap  a and  b * / 
t=a;a=b;b=t; 

> 

if  (bnYield  &&  (y  = bnYieldC))  < 0) 
goto  yield; 

for  (;;)  * / 


i n v ) ; 


assert ( ! i sone); 
assert! !buf); 


/*  DONE!  */ 


/*  Convert  result  out  of  Montgomery  form  */ 
t = BIGLITTLE(b-mlen,  b+mlen); 
b n i C o py_1 6 ( b , t,  mien); 
bn i Z e r o_1 6 ( t , mien); 

bn i M o n t R e d u c e_1 6 ( b , mod,  mien,  inv); 
bn i C o py_1 6 ( r e s u l t , t,  mien); 

/ * 

* Clean  up  - free  intermediate  storage. 

* Do  NOT  free  t a b l e C 0 U , which  is  the  result 

* buffer. 

* / 

y = 0; 

# i f BNYIELD 
yield: 

U e n d i f 

while  (--tblmask) 

BNIFREECtableCtblmaskH,  mien); 
BNIFREECb,  2*mlen); 

BNIFREECa,  2*mlen); 


> 


return  y; 


/*  Success  * / 


/ * 

* Compute  and  return  n1Ae1  * n2Ae2  mod  "mod". 

* result  may  be  either  input  buffer,  or  something  separate. 

* It  must  be  "mien"  words  long. 

* 

* There  is  a current  position  in  the  exponents,  which  is  kept  in  elbi 

* (The  exponents  are  swapped  if  necessary  so  el  is  the  longer  of  the 

* At  any  given  time,  the  value  in  the  accumulator  is 


n v ) ; 


t s . 
two.) 
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* n 1 A ( e 1 > > e 1 b i t s ) ★ n 2 A ( e 2 > > e 1 b i t s ) mod  "mod". 

* As  elbits  is  counted  down,  this  is  updated,  by  squaring  it  and  doing 

* any  necessary  multiplies. 

* To  decide  on  the  necessary  multiplies,  two  windows,  each  wlbits+1  bits 

* wide,  are  maintained  in  bufl  and  buf2,  which  read  *ahead*  of  the 

* elbits  position  (with  appropriate  handling  of  the  case  when  elbits 

* drops  below  wlbits+1).  When  the  mo s t - s i g n i f i c a n t bit  of  either  window 

* becomes  set,  indicating  that  something  needs  to  be  multiplied  by 

* the  accumulator  or  it  will  get  out  of  sync,  the  window  is  examined 

* to  see  which  power  of  nl  or  n2  to  multiply  by,  and  when  (possibly 

* later,  if  the  power  is  greater  than  1)  the  multiply  should  take 

* place.  Then  the  multiply  and  its  location  are  remembered  and  the 

* window  is  cleared. 

* 

* If  we  had  every  power  of  nl  in  the  table,  the  multiply  would  always 

* be  wlbits  steps  in  the  future.  But  we  only  keep  the  odd  powers, 

* so  instead  of  waiting  wlbits  squarings  and  then  multiplying 

* by  n1Ak,  we  wait  wlbits-k  squarings  and  multiply  by  nl. 

* 

* Actually,  w2bits  can  be  less  than  wlbits,  but  the  window  is  the  same 

* size,  to  make  it  easier  to  keep  track  of  where  we're  reading.  The 

* appropriate  number  of  low-order  bits  of  the  window  are  just  ignored. 

*/ 

i n t 


bn i Doub  l eExpMod_ 

16(BNW0RD16 

★result. 

BNW0RD1 6 

const 

* n 1 , 

unsigned  nl  len. 

BNW0RD1 6 

const 

* e 1 , 

unsigned  ellen. 

BNW0RD1 6 

const 

* n 2 , 

unsigned  n2len. 

BNW0RD1 6 

const 

★ e 2 , 

unsigned  e2len. 

f 

BNW0RD1 6 

★ mod. 

unsigned 

mien) 

BNW0RD1 6 

* t a b l e 1 M 

<<  (BNEXPMOD 

_M  A X 

_W  INDOW-1 )3; 

/ * 

Table  of  odd 

powers  of  nl  */ 

BNW0RD1  6 

*table2M 

<<  (BNEXPMOD 

_M  A X 

_W  INDOW-1  ) ]; 

/* 

Table  of  odd 

powers  of  n2  */ 

unsigned 

elbits,  e2bits; 

/* 

Exponent  bits 

*/ 

unsigned 

wlbits,  w2bits; 

/* 

Window  sizes 

* / 

unsigned 

t b l m a s k ; 

/ * 

Mask  of  exponentiation  window  */ 

BNW0RD1 6 

b i tpos; 

/* 

Mask  of  current  look-ahead  bit  */ 

unsigned 

bufl,  buf2 

/ 

/* 

Buffer  of  exponent  bits  */ 

unsigned 

multlpos. 

mult2pos; 

/* 

Where  to  do  pending  multiply  ★/ 

BNW0RD1 6 

const  * m u 1 1 1 , * m u 1 1 2 ; 

/ * 

What  to  multiply  by  ★/ 

unsigned 

i ; 

/ ★ 

Loop  counter 

*/ 

i n t isone; 

/* 

Flag:  accum. 

is  implicitly  one  */ 

BNW0RD1 6 

* a , * b ; 

/* 

Working  buffers/accumulators  */ 

BNW0RD1 6 

*t; 

/* 

Pointer  into 

the  working  buffers  */ 

BNW0RD1 6 

i n v ; 

/* 

modA-1  modulo 

2 A 1 6 */ 

inty;  /*bnYield()  result*/ 

assert(mlen); 
assert(n1  len  <=  mien); 
assert(n2len  <=  mien); 

/★  First,  a couple  of  trivial  cases.  ★ / 
el len  = bn i No r m_1 6 ( e 1 , el  len); 
e2len  = bn i No rm_1 6 ( e2 , e2len); 

/*  Ensure  that  the  first  exponent  is  the  longer  */ 
elbits  = bniBits_16(e1,  ellen); 
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e 2 b i t s = 

bn i B i t s_1 6(e2,  e2l 

en); 

if  ( e 1 b i 

ts  < e2bits)  t 
i = ellen;  ellen  = 

e 2 l e n ; e 2 l 

e n = i 

i = elbits;  elbits 

= e 2 b i t s ; 

e 2 b i t s 

t = (BNW0RD16  * ) n 1 ; 

n 1 = n 2 ; 

n 2 = t 

> 

t = (BNW0RD16  * ) e 1 ; 

el  = e 2 ; 

e 2 = t 

assertCelbits  >=  e 2 b i t s ) ; 

/*  Handle  a trivial  case  */ 
if  ( ! e 2 l e n ) 

return  b n i E x p M o d_1 6 ( r e s u l t , nl,  nl  len,  el,  ellen,  mod,  mien); 
assert(e2bits); 

/*  The  code  below  fucks  up  if  the  exponents  aren't  at  least  2 bits  */ 
if  (elbits  ==  1)  { 

assert(e2bits  ==  1 ) ; 

BNIALLOCCa,  BNW0RD16,  n 1 l e n + n 2 l e n ) ; 
if  ( ! a ) 

return  - 1 ; 

bniMul_16(a,  nl,  nllen,  n2,  n 2 l e n ) ; 

/*  Do  a direct  modular  reduction  */ 
if  (nllen  + n2  len  >=  mien) 

( v o i d ) bn i D i v_1 6 ( a + m l e n , a,  nl len  + n2  len,  mod,  mien); 
bn i C o py_1 6 ( r e s u l t , a,  mien); 

BNIFREECa,  n1len+n2len); 
return  0; 

> 

/*  Okay,  now  move  the  exponent  pointers  to  the  mo s t - s i g n i f i c a n t word  */ 
el  = BIGLITTLE(e1-e1 len,  el+ellen-1); 
e 2 = BIGLITTLE(e2-e2len,  e2  + e2len-1); 

/*  Look  up  appropriate  k-1  for  the  exponent  - tblmask  = 1<<(k— 1 ) */ 
wlbits  = 0; 

while  (elbits  > bn E x pM od T h r e s h T a b l e H w 1 b i t s ] ) 
w1bits++; 
w2bits  = 0; 

while  (e2bits  > bn  E x pModT  h r e s h T a b l e C w 2 b i t s II ) 
w2bi ts++; 

assert(w1bits  >=  w 2 b i t s ) ; 

/*  Allocate  working  storage:  two  product  buffers  and  the  tables.  */ 
BNIALL0C(a,  BNW0RD16,  2 * m l e n ) ; 
if  ( ! a ) 

return  - 1 ; 

BNIALL0C(b,  BNW0RD1 6,  2*mlen); 
if  ( ! b)  ( 

BNIFREE(a,  2*mlen); 
return  - 1 ; 

> 

/*  Convert  to  the  appropriate  table  size:  tblmask  = 1<<(k— 1 ) */ 
tblmask  = 1 u <<  wlbits; 

/*  Use  buf2  for  its  size,  temporarily  */ 
buf2  = 1 u <<  w2bits; 
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BNIALLOCCt,  BNW0RD16,  mien); 
if  ( ! t ) { 

BNIFREECb,  2 * m l e n ) ; 

BNI FREE(a,  2*mlen)  ; 
return  - 1 ; 

> 

tablelCO]  = t; 
table2C03  = result; 

/* 

* Okay,  we  now  have  some  m i n i ma  l - s i z ed  tables  - expand  them. 

* This  is  allowed  to  fail!  If  so,  scale  back  the  table  sizes 

* and  proceed.  We  allocate  both  tables  at  the  same  time 

* so  if  it  fails  partway  through,  they'll  both  be  a reasonable 

* size  rather  than  one  huge  and  one  tiny. 

* When  i passes  buf2  (the  number  of  entries  in  the  e2  window, 

* which  may  be  less  than  the  number  of  entries  in  the  el  window), 

* stop  allocating  e2  space. 

*/ 

for  (i  = 1;  i < tblmask;  i++)  C 

BNIALLOCCt,  BNW0RD16,  mien); 

if  (!t)  /*  Out  of  memory!  Quit  the  loop.  */ 

break; 
tablelCid  = t; 
if  (i  < buf2)  { 

BNIALLOCCt,  BNW0RD16,  mien); 
if  ( ! t ) C 

BNIFREECtablelCi],  mien); 
break; 

} 

table2Ci  □ = t; 

> 

} 

/*  If  we  stopped,  with  i < tblmask,  shrink  the  tables  appropriately  */ 
while  (tblmask  > i)  C 
wlbits--; 
tblmask  >>=  1; 

> 

/*  Free  up  our  overallocations  */ 
while  (--i  > tblmask)  { 

if  (i  < buf2) 

BNIFREE(table2Li  U , mien)  ; 

BNIFREECtablel Ci  ],  mien); 

> 

/*  And  shrink  the  second  window  too,  if  needed  */ 
if  (w2bits  > wlbits)  f 

w2bits  = wlbits; 
buf2  = tblmask; 

> 

/* 

* From  now  on,  use  the  w2bits  variable  for  the  difference 

* between  wlbits  and  w2bits. 

* / 

w2bits  = w1bits-w2bits; 

/*  Okay,  fill  in  the  tables  */ 
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/*  Compute  the  necessary  modular  inverse  */ 

inv  = bniMontInv1_16(modCBIGLITTLE(-1,0)3);  / * LSW  of  modulus  * / 


/*  Convert  nl  to  Montgomery  form  */ 

/*  Move  nl  up  "mien"  words  into  a */ 
t = BIGLITTLE(a-mlen,  a + mlen)  ; 
bn i C o py_1 6 ( t , nl,  nllen); 
bn i Z e ro_1 6 ( a , mien); 

/*  Do  the  division  - lose  the  quotient  into  the  high-order  words  */ 
( vo i d ) bn i D i v_1 6 ( t , a,  mlen+nllen,  mod,  mien); 

/*  Copy  into  first  table  entry  */ 
bn i C o py_1 6 ( t a b l e 1 E 0 ] , a,  mien); 


/ * Square  a into  b * / 

b n i M o n t S q u a r e_1 6 ( b , a,  mod,  mien,  inv); 


/*  Use  high  half  of  b to  initialize  the  first  table  */ 
t = BIGLITTLE(b-mlen,  b+mlen); 
for  (i  = 1;  i < tblmask;  i++)  { 

bniMontMul_16(a,  t,  tablelLi-13,  mod,  mien,  inv) 
b n i C o py_1 6 ( t a b l e 1 C i D , B I G L I T T L E ( a -m l e n , a + mlen), 

# i f BNYIELD 

if  (bnYield  &&  (y  = bnYieldC))  < 0) 
goto  yield; 


# e n d i f 


> 


mien 


/*  Convert  n2  to  Montgomery  form  */ 

t = BIGLITTLE(a-mlen,  a+mlen); 

/*  Move  n2  up  "mien"  words  into  a */ 
bn i Copy_1 6 ( t , n2,  n2len); 
b n i Z e r o_1 6 ( a , mien); 

/*  Do  the  division  - lose  the  quotient  into  the  high-order  words  */ 
( vo i d ) bn i D i v_1 6 ( t , a,  mlen+n2len,  mod,  mien); 

/*  Copy  into  first  table  entry  */ 
bn i C o py_1 6 ( t a b l e 2 C 0 D , a,  mien); 


/*  Square  it  into  a */ 

bn i Mon t Squa r e_1 6 ( a , table2C0D,  mod,  mien,  inv); 
/*  Copy  to  b,  low  half  */ 
bn i C o py_1 6 ( b , t,  mien); 


/* 

Use 

b to 

initialize  the 

second  table  */ 

for 

( i 

= i; 

i < buf2;  i + + ) 

{ 

bn  i 

MontMu l_1 6 ( a , b. 

table2Ci-13,  mod 

b n i 

Copy_16(table2Ci 

3,  t,  mien); 

U i f BNYIELD 

i f 

(bnYield  &&  (y  = 

bnYieldl))  < 0) 

goto  yield; 

#end  i f 

/ * 

* Okay,  a recap:  at  this  point,  the  low  part  of  b holds 

* n 2 A 2 , the  high  part  holds  n1A2,  and  the  tables  are 

* initialized  with  the  odd  powers  of  nl  and  n2  from  1 
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* through  2*tblmask-1  and  2*buf2-1. 

★ 

* We  might  use  those  squares  in  b later,  or  we  might  not. 

*/ 

/*  Initialze  the  fetch  pointer  */ 

bitpos  = (BNW0RD16)1  <<  ((elbits— 1)  & (16-1));  / * Initialize  mask  * / 

/*  This  should  point  to  the  msbit  of  el  */ 
assert( (*e1  S bitpos)  !=  0); 

/ * 

* Pre-load  the  windows.  Becuase  the  window  size  is 

* never  larger  than  the  exponent  size,  there  is  no  need  to 

* detect  running  off  the  end  of  el  in  here. 

* 

* The  read-ahead  is  controlled  by  ellen  and  the  bitpos  mask. 

* Note  that  this  is  *ahead*  of  elbits,  which  tracks  the 

* most  significant  end  of  the  window.  The  purpose  of  this 

* initialization  is  to  get  the  two  w 1 b i t s + 1 bits  apart, 

* like  they  should  be. 

* 

* Note  that  bitpos  and  ellen  together  keep  track  of  the 

* lookahead  read  pointer  in  the  exponent  that  is  used  here. 

* e2len  is  not  decremented,  it  is  only  ever  compared  with 

* ellen  as  *that*  is  decremented. 


★ / 

bufl  = 

b u f 2 = 0; 

for  ( i 

= 0;  i <=  wlbits;  i++)  { 

bufl  = (bufl  <<  1 ) | ( (*e1  & 

if  (ellen  <=  e2len) 

bitpos)  !=  0); 

b u f 2 = ( bu  f 2 <<  1)  | 

bitpos  >>=  1; 
if  (Ibitpos)  { 

BIGLITTLE(e1++,e1 — ); 
if  (ellen  <=  e2len) 

((*e2  & bitpos) 

BIGLITTLE(e2++,e2 — ); 

> 

bitpos  = (BNW0RD16)1 
el  l e n - - ; 

> 

<<  (16-1); 

assert (bufl  S tblmask); 

/ * 

* Set  the  pending  multiply  positions  to  a location  that  will 

* never  be  encountered,  thus  ensuring  that  nothing  will  happen 

* until  the  need  for  a multiply  appears  and  one  is  scheduled. 

* / 

multlpos  = mult2pos  = elbits;  /*  A NULL  value  */ 

multi  = mult2  = 0;  / * Force  a crash  if  we  use  these  * / 

/* 

* Okay,  now  begins  the  real  work.  The  first  step  is 

* slightly  magic,  so  it's  done  outside  the  main  loop, 

* but  it's  very  similar  to  what's  inside. 

*/ 

isone  = 1;  / * Buffer  is  implicitly  1,  so  replace  * by  copy  * / 

elbits--;  / * Start  processing  the  first  bit...  * / 
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/ * 

* This  is  just  Like  the  multiply  in  the  loop,  except  that 

* - We  know  the  msbit  of  bufl  is  set,  and 

* - We  have  the  extra  value  n1A2  floating  around. 

* So,  do  the  usual  computation,  and  if  the  result  is  that 

* the  buffer  should  be  multiplied  by  n1A1  immediately 

* (which  we'd  normally  then  square),  we  multiply  it 

* (which  reduces  to  a copy,  which  reduces  to  setting  a flag) 

* by  n1A2  and  skip  the  squaring.  Thus,  we  do  the 

* multiply  and  the  squaring  in  one  step. 

* / 

assert(buf1  & tblmask) ; 
multlpos  = elbits  - wlbits; 
while  ((bufl  & 1)  ==  0)  { 
bufl  >>=  1 ; 
mu l t 1 pos++; 

> 

/*  Intermediates  can  wrap,  but  final  must  NOT  */ 
a s s e r t ( mu  1 1 1 po s <=  elbits); 
multi  = table1Cbuf1>>1]; 
bufl  = 0 ; 

/ * Special  case:  use  already-computed  value  sitting  in  buffer  * / 
if  (multlpos  ==  elbits) 
i s o n e = 0 ; 


/ * 

* The  first  multiply  by  a power  of  n2.  Similar,  but 

* we  might  not  even  want  to  schedule  a multiply  if  e2  is 

* shorter  than  el,  and  the  window  might  be  shorter  so 

* we  have  to  leave  the  low  w2bits  bits  alone. 

*/ 

if  (buf2  & tblmask)  { 

/*  Remember  low-order  bits  for  later  */ 
i = buf2  & ( (1 u <<  w2bits)  - 1 ) ; 
buf2  >>=  w2bits; 

mult2pos  = elbits  - wlbits  + w2bits; 
while  ( (buf 2 & 1 ) ==  0)  { 
buf2  >>=  1; 
mult2pos++; 

> 

assert(mult2pos  <=  elbits); 
mult2  = t a b l e 2 C bu f 2 > > 1 ] ; 
b u f 2 = i ; 

if  (mult2pos  ==  elbits)  { 

t = BIGLITTLE(b-mlen,  b+mlen); 
if  (isone)  { 

bn i C o py_1 6 ( t , b,  mien);  /*  Copy  low  to  high  */ 
isone  = 0 ; 

> else  T 

bniMontMul_16(a,  t,  b,  mod,  mien,  inv); 
t=a;a=b;b=t; 


/ * 

* At  this  point,  the  buffer  (which  is  the  high  half  of  b) 
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* holds  either  1 (implicitly,  as  the  "isone"  flag  is  set), 

* n1A2,  n2A2  or  n1A2  * n2A2. 

*/ 

/ * 

* The  main  loop.  The  procedure  is: 

* - Advance  the  windows 

* - If  the  mo s t - s i g n i f i c a n t bit  of  a window  is  set, 

* schedule  a multiply  for  the  appropriate  time  in  the 

* future  (may  be  immediately) 

* - Perform  any  pending  multiples 

* - Check  for  termination 

* - Square  the  buffers 

* 

* At  any  given  time,  the  acumulated  product  is  held  in 

* the  high  half  of  b. 

*/ 

for  ( ; ; ) ( 

elbits-- ; 

/*  Advance  the  windows  */ 
assert(buf1  < tblmask); 
b u f 1 < < = 1 ; 

assert(buf2  < tblmask); 
b u f 2 < < = 1 ; 

/ * 

* This  reads  ahead  of  the  current  exponent  position 

* (controlled  by  elbits),  so  we  have  to  be  able  to  read 

* past  the  Isb  of  the  exponents  without  error. 

*/ 

if  ( e 1 l e n ) ( 

bufl  |=  ( ( * e 1 S bitpos)  !=  0 ) ; 
if  (el  len  <=  e2len) 

buf2  |=  ( ( * e 2 S bitpos)  !=  0 ) ; 
bitpos  >>=  1; 
if  (Ibitpos)  ( 

BIGLITTLE(e1+  + ,e1  — ); 
if  (ellen  <=  e2len) 

BIGLITTLE(e2  + + ,e2  — ) ; 
bitpos  = (BNW0RD16)1  <<  (16-1); 

el len--; 

} 

} 

/*  Examine  the  first  window  for  pending  multiplies  */ 
if  (bufl  & tblmask)  ( 

multlpos  = elbits  - wlbits; 
while  ( (bufl  & 1 ) ==  0)  C 
bufl  >>=  1; 
mult1pos++; 

> 

/*  Intermediates  can  wrap,  but  final  must  NOT  */ 
assertlmultlpos  <=  elbits); 
multi  = table1Cbuf1>>1D; 
bufl  = 0; 

> 

/ * 

* Examine  the  second  window  for  pending  multiplies. 
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* Window  2 can  be  smaller  than  window  1,  but  we 

* keep  the  same  number  of  bits  in  buf2,  so  we  need 

* to  ignore  any  low-order  bits  in  the  buffer  when 

* computing  what  to  multiply  by,  and  recompute  them 

* later. 

* / 

if  (buf2  & tblmask)  { 

/*  Remember  low-order  bits  for  later  */ 
i = buf2  & ( ( 1 u <<  w2bits)  - 1 ) ; 
buf2  >>=  w 2 b i t s ; 

mult2pos  = elbits  - wlbits  + w2bits; 
while  ((buf2  & 1)  ==  0)  { 

buf2  >>=  1 ; 
mult2pos++; 

> 

assert(mult2pos  <=  elbits); 
mult2  = table2Cbuf2>>13; 
b u f 2 = i ; 

> 


/*  If  we  have  a pending  multiply  for  el,  do  it  */ 
if  (elbits  ==  multlpos)  t 

/*  Multiply  by  the  table  entry  remembered  previously  */ 
t = BIGLITTLE(b-mlen,  b+mlen); 
if  (isone)  i 

/ * Multiply  by  1 is  a trivial  case  * / 
b n i C o py_1 6 ( t , multi,  mien); 
isone  = 0 ; 

> else  { 

bn i Mo n t M u l_1 6 ( a , t,  multi,  mod,  mien,  inv); 

/ * Swap  a and  b * / 
t=a;a=b;b=t; 

> 

> 

/*  If  we  have  a pending  multiply  for  e2,  do  it  */ 
if  (elbits  ==  mult2pos)  { 

/*  Multiply  by  the  table  entry  remembered  previously  */ 
t = BIGLITTLE(b-mlen,  b+mlen); 
if  (isone)  { 

/*  Multiply  by  1 is  a trivial  case  */ 
bn i C opy_1 6 ( t , mu  It  2,  mien); 
isone  = 0 ; 

> else  { 

bniMontMul_16(a,  t,  mult2,  mod,  mien,  inv); 

/ * Swap  a and  b */ 
t=a;a=b;b=t; 

> 

> 

/*  Are  we  done?  */ 
if  (lelbits) 

break; 

/*  Square  the  buffer  */ 
if  ( ! isone)  { 

t = BIGLITTLE(b-mlen,  b+mlen); 

bn i Mo n t S q u a r e_1 6 ( a , t,  mod,  mien,  inv); 
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# i f BNYIELD 


# e nd i f 

> /* 


/ * Swap  a and  b * / 
t=a;a=b;b=t; 

> 

if  (bnYield  &&  (y  = bnYield())  < 0) 
goto  yield; 

for  ( ; ; ) * / 


assertt lisone); 
assert (!  bufl  ); 
assert ( ! b u f 2 ) ; 


/*  DONE!  */ 


/*  Convert  result  out  of  Montgomery  form  * / 
t = BIGLITTLE(b-mlen,  b+mlen); 
bn i Copy_1 6 ( b,  t,  mien); 
bn i Z e r o_1 6 ( t , mien); 

bn i Mon t R ed u c e_1 6 ( b , mod,  mien,  inv); 
bn i C o py_1 6 ( r e s u l t , t,  mien); 


/*  Clean  up  - free  intermediate  storage  */ 
y = 0; 

# i f BNYIELD 
yield: 

# e nd  i f 

b u f 2 = tblmask  >>  w2bits; 
while  (--tblmask)  { 

if  (tblmask  < buf2) 

BNIFREE(table2Ctblmask],  mien); 
BNIFREE(table1[tblmask],  mien); 

} 


t = tablelCO]; 


BNI FREE ( t. 

mien 

); 

BNIFREE(b, 

2 * m l 

e n ) 

BNIFREE(a, 

2 * m l 

e n ) 

return  y; 

/* 

(mod  mod ) , 

Th 

i s 

Success  * / 


is  an  optimized  version 
The  input  value  of  n is  ignored;  it  is 
words  valid. 


/* 

* 2 A e x p 

* tests 

* "mien 
*/ 

i n t 

b n i T w o E x pM o d_1 6 ( B N W 0 R D 1 6 *n,  BNW0RD16  const  *exp, 
BNW0RD16  *mod,  unsigned  mien) 


for  use  in  Fermat 
returned  with 


unsigned  elen. 


unsigned 
unsigned 
BNW0RD1 6 
BNW0RD1 6 
BNW0RD1 6 
BNW0RD1 6 
i nt  y; 


e;  /*  Copy  of  high  words  of  the  exponent  * / 

bits;  /*  Assorted  counter  of  bits  * / 
const  *bitptr; 
bitword,  bitpos; 

*a,  *b,  * a 1 ; 
inv; 

/*  Result  of  bnYield()  */ 


assert(mlen); 
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bitptr  = BIGLITTLE(exp-elen,  exp+elen-1); 

bitword  = * b i t p t r ; 

assert(bitword); 

/*  Clear  n for  future  use.  */ 
bn i Z e r o_1 6 ( n , mien); 

bits  = bn i Bi t s_1 6 ( exp,  elen); 

/*  First,  a couple  of  trivial  cases.  */ 
if  (bits  <=  1)  ( 

/*  2 A 0 ==  1,  2 A 1 ==  2 */ 

BIGLITTLE(nC-1 ] , n H 0 3 ) = (BNW0RD16)1<<elen; 
return  0 ; 

> 

/*  Set  bitpos  to  the  most  significant  bit  */ 
bitpos  = (BNW0RD16)1  <<  ((bits-1)  & (16-1)); 

/*  Now,  count  the  bits  in  the  modulus.  */ 
bits  = bn i B i t s_1 6 ( mod , mien); 

assert (bi ts  > 1);  / * a 1-bit  modulus  is  just  stupid...  * / 

/ * 

* We  start  with  1<<e,  where  "e"  is  as  many  high  bits  of  the 

* exponent  as  we  can  manage  without  going  over  the  modulus. 

* This  first  loop  finds  "e". 

*/ 

e = 1 ; 

while  (elen)  i 

/*  Consume  the  first  bit  */ 
bitpos  >>=  1; 
if  (Ibitpos)  < 

if  ( !— elen) 

break; 

bitword  = B I G L I T T L E ( * + + b i t p t r , * -- b i t p t r ) ; 
bitpos  = (BNW0RD1 6) 1 <<(1 6—1 ); 

> 

e = (e  <<  1)  | ((bitpos  S bitword)  !=  0); 

if  (e  >=  bits)  { /*  Overflow!  Back  out.  */ 

e >>=  1 ; 
break; 

} 

> 

/ * 

* The  bit  in  "bitpos"  being  examined  by  the  bit  buffer  has  NOT 

* been  consumed  yet.  This  may  be  past  the  end  of  the  exponent, 

* in  which  case  elen  = = 1. 

*/ 

/*  Okay,  now,  set  bit  "e"  in  n.  n is  already  zero.  */ 
inv  = (BNW0RD16)1  <<  (e  S (16-1)); 
e /=  16; 

BIGLITTLE(nC-e-1 □ , n C e □ ) = inv; 

/ * 

* The  effective  length  of  n in  words  is  now  "e+1". 

* This  is  used  a little  bit  later. 

*/ 
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if  ( ! e L en  ) 

return  0; 


/ * That  was  easy!  * / 


/ * 

* We  have  now  processed  the  first  few  bits.  The  next  step 

* is  to  convert  this  to  Montgomery  form  for  further  squaring 
*/ 

/*  Allocate  working  storage:  two  product  buffers  */ 
BNIALLOCCa,  B N W 0 R D 1 6 , 2 * m l e n ) ; 
i f ( ! a) 

return  - 1 ; 

BNIALLOCCb,  BNW0RD16,  2*m  l en  ) ; 
if  ( ! b)  { 

BNIFREECa,  2 * m l e n ) ; 
return  - 1 ; 

> 


/* 

LSW  of 

modul 

us  * / 

must 

be 

odd  * / 

up  " m 

l e n " 

words 

into 

b */ 

bi  t 

- i t 

' s pointing 

to  b * / 

/*  Convert  n to  Montgomery  form  */ 
inv  = BIGLITTLECmodC-l  3,modC0]); 
assertCinv  & 1);  / * Modul 

inv  = bniMontInv1_16(inv); 

/*  Move  n (length  e+1,  remember? 

/*  Note  that  we  lie  about  al  for 
al  = B I G L I T T L E ( b-m  l e n , b + m l e n ) ; 
bniCopy_16(a1,  n,  e + 1); 
b n i Z e r o_1 6 ( b , mien); 

/*  Do  the  division  - dump  the  quotient  into  the  high-order  words  */ 
( vo i d ) bn i D i v_1 6 ( a 1 , b,  mlen  + e + 1,  mod,  mien); 

/* 

* Now  do  the  first  squaring  and  modular  reduction  to  put 

* the  number  up  in  al  where  it  belongs. 

* / 

bn i Mont Squa re_1 6 ( a , b,  mod,  mien,  inv); 

/*  Fix  up  al  to  point  to  where  it  should  go.  */ 
al  = BIGLITTLE(a-mlen,a+mlen); 


/ * 

* Okay, 

* b i s 

* / 

for  ( ; ; ) 


now,  al  holds  the  number  being  accumulated,  and 
a scratch  register.  Start  working: 


/ * 

* 

★ 

*/ 
i f 


Is  the  bit  set?  If  so,  double  al  as  well. 

A modular  doubling  like  this  is  very  cheap. 


( b i t po  s 
/* 

★ 

★ 

★ 

★ / 
i f 


& bitword)  { 

Double  the  number.  If  there  was  a carry  out  OR 
the  result  is  greater  than  the  modulus,  subract 
the  modu  l us  . 

( bn i Doub l e_1 6 ( a 1 , mien)  || 
b n i C mp_1 6 ( a 1 , mod,  mien)  > 0) 

( vo i d ) b n i S ubN_1 6 ( a 1 , mod,  mien); 


/*  Advance  to  the  next  exponent  bit  */ 


322 


lib/bn/bni  1 6.c 


# i f BNYIELD 


# e n d i f 

> 


bitpos  > > = 1 ; 
if  (ibitpos)  { 

if  ( !— elen) 

break;  / * Done!  * / 

bitword  = BIGLITTLE(*++bitptr,*--bitptr); 
bitpos  = (BNW0RD16)1<<(16-1); 

> 

/ * 

* The  e l e n / b i t wo r d / b i t po s bit  buffer  is  known  to  be 

* non-empty,  i.e.  there  is  at  Least  one  more  unconsumed  bit. 

* Thus,  it's  safe  to  square  the  number. 

* / 

bn i M o n t S q u a r e_1 6 ( b , al,  mod,  mien,  inv); 

/*  Rename  result  (in  b)  back  to  a (al,  really).  */ 

al  = b;  b = a;  a = al; 

al  = BIGLITTLE(a-mlen,a+mlen); 

if  (bnYield  &&  (y  = bnYield())  < 0) 
goto  yield; 


/*  DONE! 


Just  a little  bit  of  cleanup...  */ 


/ * 

* Convert  result  out  of  Montgomery  form...  this  is 

* just  a Montgomery  reduction. 

* / 

b n i C o p y_1 6 ( a , al,  mien) ; 
bn i Z e r o_1 6 ( a 1 , mien); 

bn  i Mo n t R e d u c e_1 6 ( a , mod,  mien,  inv); 
bn i C o py_1 6 ( n , al,  mien); 

/*  Clean  up  - free  intermediate  storage  */ 
y = 0; 
ft  i f BNYIELD 
yield: 
ft  e nd  i f 

BNIFREE(b,  2*mlen); 

BNIFREE(a,  2*mlen); 


} 


return  y; 


/*  Success  * / 


/ * 

* Returns  a substring  of  the  big-endian  array  of  bytes  representation 

* of  the  bignum  array  based  on  two  parameters,  the  least  significant 

* byte  number  (0  to  start  with  the  least  significant  byte)  and  the 

* length.  I.e.  the  number  returned  is  a representation  of 

* (bn  / 2 A ( 8*  l sby t e ) ) % 2 A (8*buflen). 

* 

* It  is  an  error  if  the  bignum  is  not  at  least  buflen  + Isbyte  bytes 

* long. 

* 

* This  code  assumes  that  the  compiler  has  the  minimal  intelligence 

* neded  to  optimize  divides  and  modulo  operations  on  an  unsigned  data 

* type  with  a power  of  two. 


323 


lib/bn/bnil  6.c 


*/ 

void 

bn i E x t ra c t B i gBy t e s_1 6 ( BNWORD 1 6 const  *n,  unsigned  char  *buf, 
unsigned  Isbyte,  unsigned  buflen) 

{ 

BNW0RD1 6 t = 0;  / * Needed  to  shut  up  uninitialized  var  warnings  * / 
unsigned  shift; 

Isbyte  + = buflen; 


shift  = (8  * Isbyte)  % 16; 

Isbyte  / = (16/8);  / * Convert  to  word  offset  * / 

BIGLITTLECn  -=  Isbyte,  n +=  Isbyte); 

if  (shift) 

t = BIGLITTLE(nC-1 ],nC03); 

while  (buflen--)  { 

if  (ishift)  { 

t = BIGLITTLE (*n++,* — n); 
shift  = 16; 

> 

shift  -=  8; 

*buf++  = (unsigned  char)(t>>shift); 

> 

> 

/ * 

* Merge  a big-endian  array  of  bytes  into  a bignum  array. 

* The  array  had  better  be  big  enough.  This  is 

* equivalent  to  extracting  the  entire  bignum  into  a 

* large  byte  array,  copying  the  input  buffer  into  the 

* middle  of  it,  and  converting  back  to  a bignum. 

* 

* The  buf  is  " len"  bytes  long,  and  its  *last*  byte  is  at 

* position  "Isbyte"  from  the  end  of  the  bignum. 

* 

* Note  that  this  is  a pain  to  get  right.  Fortunately,  it's  hardly 

* critical  for  efficiency. 

* / 


void 

bniInsertBigBytes_16(BNW0RD16  *n,  unsigned  char  const 

unsigned  Isbyte,  unsigned  buflen) 


{ 


*bu  f , 


BNW0RD16  t = 0;  /*  Shut  up  uninitialized  varibale  warnings 


* / 


Isbyte  + = buflen; 


BIGLITTLE(n  -=  l s b y t e / ( 1 6 / 8 ) , n +=  l s b y t e / ( 1 6 / 8 ) ) ; 

/*  Load  up  leading  odd  bytes  */ 
if  (Isbyte  % (16/8))  C 

t = BIGLITTLE(* — n,*n++); 
t >>=  (Isbyte  * 8)  % 16; 

> 

/*  The  main  loop  - merge  into  t,  storing  at  each  word  boundary.  */ 
while  (buflen--)  { 

t = (t  <<  8)  | *buf++; 
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> 


if  ((--Isbyte  % (16/8))  ==  0) 

BIGLITTLE ( *n++,* — n)  = t; 


/*  Merge  odd  bytes  in  t into  Last  word  */ 

Isbyte  = (Lsbyte  * 8)  % 16; 
if  (Lsbyte)  { 

t <<=  Lsbyte; 

t |=  ( ( ( BNW0RD1  6 ) 1 <<  Lsbyte)  - 1)  & BIGLITTLE(nC0II,nlI-1  ]); 
BIGLITTLE(n[0:,nC-1 ])  = t; 

> 


> 


return; 


/* 

* Returns  a substring  of  the  L i 1 1 L e-e nd i a n array  of  bytes  representation 

* of  the  bignum  array  based  on  two  parameters,  the  Least  significant 

* byte  number  (0  to  start  with  the  Least  significant  byte)  and  the 

* Length.  I.e.  the  number  returned  is  a representation  of 

* (bn  / 2A(8* Lsbyte) ) % 2 A (8*bufLen). 

* 

* It  is  an  error  if  the  bignum  is  not  at  Least  bufLen  + Lsbyte  bytes 

* Long. 

* 


* This  code  assumes  that  the  compi Ler  has  the  minimaL  inteLLigence 

* neded  to  optimize  divides  and  moduLo  operations  on  an  unsigned  data 

* type  with  a power  of  two. 

*/ 


void 

bniExtractLittLeByte  s_1 6(BNW0RD16 
unsigned  Lsbyte,  unsigned 


BNW0RD16  t = 0;  / * Needed 


const  *n,  unsigned  char  *buf, 
bufLen) 

to  shut  up  uninitiaLized  var  warnings 


* / 


BIGLITTLE(n  -=  L s b y t e / ( 1 6 / 8 ) , n +=  L s by t e / ( 1 6 / 8 ) ) ; 


if  (Lsbyte  % (16/8))  { 

t = BIGLITTLE(*  — n,*n  + +); 
t >>=  (Lsbyte  % (16/8))  * 8 ; 

> 

whiLe  (bufLen--)  { 

if  ( ( L s by  t e + + % (16/8)  ) ==  0) 

t = BIGLITTLE(*  — n,*n  + +) ; 
*buf  + + = (unsigned  c h a r ) t ; 
t >>=  8; 

> 

> 


/ * 

* Merge  a L i t t L e - e n d i a n array  of  bytes  into  a bignum  array. 

* The  array  had  better  be  big  enough.  This  is 

* equi va  Lent  to  extracting  the  entire  bignum  into  a 

* Large  byte  array,  copying  the  input  buffer  into  the 

* middLe  of  it,  and  converting  back  to  a bignum. 

* 

* The  buf  is  "Len"  bytes  Long,  and  its  first  byte  is  at 

* position  "Lsbyte"  from  the  end  of  the  bignum. 
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* 


* Note  that  this  is  a pain  to  get  right.  Fortunately,  it's  hardly 

* critical  for  efficiency. 

* / 


void 

bniInsertLittleBytes_16(BNW0RDl6  *n 

unsigned  Isbyte, 


/ 


unsigned  char 
unsigned  buflen 


const 

) 


*bu  f , 


BNW0RD16  t 


0;  / * Shut  up  uninitialized  varibale  warnings 


*/ 


/ * Move  to  most-significant  end  * / 
Isbyte  + = buflen; 
buf  +=  buflen; 


BIGLITTLECn  --  Isbyte  / (16/8),  n +=  lsbyte/(16/8)); 


/*  Load  up  leading  odd  bytes  */ 
i f ( Isbyte  % (16/8))  { 

t = BIGLITTLEU  — n,*n++); 
t >>=  ( Isbyte  * 8 ) % 16; 

> 


/ * 
w h i 


> 


The  main  loop  - merge  into  t,  storing  at  each  word  boundary. 
I e ( buf l en--  ) { 

t = (t  <<  8)  | * — buf; 

if  (( — Isbyte  % (16/8))  ==  0) 

BIGLITTLE(*n++,*  — n)  — t; 


* / 


/*  Merge  odd  bytes  in  t into  last  word  */ 

Isbyte  = (Isbyte  * 8)  % 16; 
if  (Isbyte)  C 

t <<=  Isbyte; 

t |=  ( ( (BNW0RD16)1  <<  Isbyte)  - 1)  & B I G L I T T L E ( n l 0 ] , n C - 1 ] ) ; 
BIGLITTLE(nC0D,nC-1  ])  = t; 

> 


return; 

> 

#ifdef  DEADCODE  /*  This  was  a precursor  to  the  more  flexible  bn i E x t r a c t By t e s */ 
/* 

* Convert  a big-endian  array  of  bytes  to  a bignum. 

* Returns  the  number  of  words  in  the  bignum. 

* Note  the  expression  "16/8"  for  the  number  of  bytes  per  word. 

* This  is  so  the  word-size  adjustment  will  work. 

*/ 

unsigned 

bn  i F romBy t es_1 6 ( BNWOR D1 6 *a,  unsigned  char  const  *b,  unsigned  blen) 

{ 

BNW0RD16  t; 

unsigned  alen  = (blen  + (16/8  — 1 ))/(16/8); 

BIGLITTLE(a  - = alen,  a +=  alen); 

while  (blen)  {. 

t = 0; 
do  { 

t = t <<  8 | *b++; 

> while  (--blen  & (16/8—1)); 
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BIGLITTLE(*a++,*  — a)  = t; 

> 

return  alen; 

> 

ft  e nd  i f 


/* 

* Computes  the  GCD  of  a and  b.  Modifies  both  arguments;  when  it  returns, 

* one  of  them  is  the  GCD  and  the  other  is  trash.  The  return  value 

* indicates  which:  0 for  a,  and  1 for  b.  The  length  of  the  retult  is 

* returned  in  rlen.  Both  inputs  must  have  one  extra  word  of  precision. 

* alen  must  be  >=  blen. 

* 

* TODO:  use  the  binary  algorithm  (Knuth  section  4.5.2,  algorithm  B). 

* This  is  based  on  taking  out  common  powers  of  2,  then  repeatedly: 

* gcd(2*u,v)  = gcd(u,2*v)  = gcd(u,v)  - isolated  powers  of  2 can  be  deleted. 

* gcd(u,v)  = gcd(u-v,v)  - the  numbers  can  be  easily  reduced. 

* It  gets  less  reduction  per  step,  but  the  steps  are  much  faster  than 

* the  division  case. 

* / 
i n t 

b n i G c d_1 6 ( B N W 0 R D 1 6 *a,  unsigned  alen,  BNW0RD16  *b,  unsigned  blen, 
unsigned  * r l e n ) 

{ 

# i f BNYIELD 

i n t y; 

ft  e n d i f 

assertlalen  >=  blen); 


while  (blen  !=  0)  { 

( vo i d ) bn i D i v_1 6 ( B I G L I TT L E ( a -b l e n , a +b l en ) , a,  alen,  b,  blen); 
alen  = bn i No rm_1 6 ( a , blen); 
if  (alen  ==  0)  { 

*r  len  = blen; 
return  1; 

> 

( v o i d ) bn i D i v_1 6 ( B I G L I TT L E ( b-a l e n , b + a l e n ) , b,  blen,  a,  alen); 
blen  = bn i No rm_1 6 ( b , alen); 


# i f BNYIELD 


ft  e nd  i f 


if  (bnYield  SS  (y  = bnYield())  < 0) 
return  y; 


*rlen  = alen; 
return  0; 


/ * 

* Invert  "a"  modulo  "mod"  using  the  extended  Euclidean  algorithm. 

* Note  that  this  only  computes  one  of  the  cosequences,  and  uses  the 

* theorem  that  the  signs  flip  every  step  and  the  absolute  value  of 

* the  cosequence  values  are  always  bounded  by  the  modulus  to  avoid 

* having  to  work  with  negative  numbers. 

* gcd(a,mod)  had  better  equal  1.  Returns  1 if  the  GCD  is  NOT  1. 

* a must  be  one  word  longer  than  "mod".  It  is  overwritten  with  the 

* result. 

* TODO:  Use  Richard  Schroeppel's  *much*  faster  algorithm. 

*/ 

i n t 
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bn i I n v_1 6 ( B N WO R D 1 6 *a,  unsigned  a Len,  BNW0RD16  const  *mod,  unsigned  mien) 

{ 

BNW0RD16  *b;  / * Hold  a copy  of  mod  during  GCD  reduction  * / 

BNW0RD1 6 *p;  /*  Temporary  for  products  added  to  tO  and  tl  */ 

BNW0RD16  * 1 0 , * 1 1 ; / * Inverse  accumulators  * / 

BNW0RD16  cy; 

unsigned  blen,  tOlen,  tllen,  plen; 
i n t y ; 

a len  = bn i No rm_1 6 ( a , alen); 
if  ( ! a l e n ) 

return  1;  / * No  inverse  * / 

mien  = bniNorm_16(mod,  mien); 
assert  (alen  <=  mien); 

/ * Inverse  of  1 is  1 * / 

if  (alen  ==  1 &&  B I G L I T T L E ( a C - 1 3 , a l 0 ] ) ==  1)  { 

bn i Z e r o_1 6(BIGLITTLE(a-alen/a  + alen),  mlen-alen); 
return  0; 

> 

/*  Allocate  a pile  of  space  */ 

BNIALLOC(b,  BNW0RD1 6,  mlen+1); 
if  (b)  { 

/* 

* Although  products  are  guaranteed  to  always  be  less  than  the 

* modulus,  it  can  involve  multiplying  two  3-word  numbers  to 

* get  a 5-word  result,  requiring  a 6th  word  to  store  a 0 

* temporarily.  Thus,  mien  + 1. 

*/ 

BNIALLOC(p,  BNW0RD16,  mlen+1); 
if  (p)  { 

BNIALLOC(tO,  BNW0RD16,  mien); 
if  (tO)  { 

BNIALL0C(t1,  BNW0RD1 6,  mien); 
if  ( tl  ) 

goto  allocated; 

BNIFREE(tO,  mien); 

> 

BNIFREE(p,  mlen+1); 

} 

BNIFREE(b,  mlen+1); 

> 

return  - 1 ; 

allocated: 

/ * Set  tO  to  1 */ 
t 0 l e n = 1 ; 

BIGLITTLE(t0[-1],t0[0T)  = 1; 

/*  b = mod  * / 

bn i C o py_1 6 ( b , mod,  mien); 

/*  blen  = mien  (implicitly)  */ 

/*t1=b/a;b=b%a*/ 

cy  = bn i D i v_1 6 ( t 1 , b,  mien,  a,  alen); 
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*(BIGLITTLE(t1-(mlen-alen)-1,t1+(mlen-alen)))  = cy; 
tllen  = bn i No rm_1 6 ( t 1 , mlen-alen+1); 
blen  = bn i N o rm_1 6 ( b , a Len); 


/* 
w h i 


while  (b  > 1)  * / 

le  (blen  > 1 ||  B I G L I TT L E ( b L - 1 1 , b L 0 1 ) !=  (BNW0RD16)1)  C 

/ * q = a / b;  a=a  %b;  * / 

if  (alen  < blen  ||  (alen  ==  blen  &&  bniCmp_16(a,  a,  alen)  < 0)) 
assert(O); 

cy  = bn i D i v_1 6 ( B I G L I TT L E ( a -b l e n , a +b l e n ) , a,  alen,  b,  blen); 
*(BIGLITTLE(a-alen-1,a+alen))  = cy; 

plen  = bn i N o r m_1 6 ( B I G L I TT L E ( a -b l e n , a +b l e n ) , alen-blen+1); 
assert(plen); 

alen  = bn i No rm_1 6 ( a , blen); 
if  ( ! a l e n ) 

goto  failure;  / * GCD  not  1 * / 


/ * tO  +=  q * 1 1 ; * / 
assert(plen  + t1  len  < = mlen  + 1); 

bniMul_16(p,  BIGLITTLE(a-blen,a+blen),  plen,  tl,  tllen); 
plen  = bn i N o rm_1 6 ( p , plen  + tllen); 
assertCplen  <=  mien); 
if  (plen  > tOlen)  { 

bniZero_16(BIGLITTLE(t0-t0len,t0+t0len),  plen-tOlen); 
tOlen  = plen; 

> 

cy  = b n i Add N_1 6 ( t 0 , p,  plen); 
if  ( c y ) { 

if  (tOlen  > plen)  ( 

cy  = bn i Add  1 _1 6 ( B I G L I T T L E ( t 0-p l e n , t 0 + p l e n ) , 

tOlen-plen,  cy); 

> 

if  ( c y ) { 

BIGLITTLE(t0C-t0len-1d,t0Ct0len])  = cy; 

1 0 l e n + + ; 


/*  if  (a  <=  1)  return  a ? tO  : FAIL;  */ 

if  (alen  <=  1 &S  B I G L I T T L E ( a [ - 1 ] , a C 0 ] ) ==  (BNW0RD16)1)  { 
if  (alen  ==  0) 

goto  failure;  /*  FAIL  */ 
assert(tOlen  <=  mien); 
bn i C o py_1 6 ( a , tO,  tOlen); 

bn i Z e r o_1 6 ( B I G L I TT L E ( a - 1 0 l e n , a + tOlen),  mlen-tOlen); 
goto  success; 


/*q=b/a;b=b%a;*/ 

if  (blen  < alen  ||  (blen  ==  alen  &&  bniCmp_16(b,  a,  alen)  < 0)) 
assert(O)  ; 

cy  = bn i D i v_1 6 ( B I G L I TT L E ( b-a l e n , b+a l e n ) , b,  blen,  a,  alen); 
*(BIGLITTLE(b-blen-1 ,b+blen) ) = cy; 

plen  = b n i N o rm_1 6 ( B I G L I TT L E ( b-a l e n , b + a l e n ) , b l en-a  l en  + 1 ) ; 
assert (plen); 

blen  = bn i N o rm_1 6 ( b , alen); 
if  ( ! b l e n ) 

goto  failure;  / * GCD  not  1 */ 
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#i  f BNYI ELD 


#end  i f 

> 


/ * tl  +=  q * tO;  * / 
assertCplen+tOlen  < = mlen+1); 

bniMul_16(p,  BIGLITTLE(b-alen,b+alen),  plen,  1 0 , tOLen); 
plen  = bn i No rm_1 6 ( p,  plen  + tOlen); 
assert (plen  <=  mien); 
if  (plen  > tllen)  { 

bn i Zer o_1 6(BIGLITTLE(t1-t1 Ien,t1+t1 len),  plen-tl len); 
tllen  = plen; 

> 

cy  = bn i AddN_1 6 ( t 1 , p , plen); 
if  ( c y ) L 

if  (tllen  > plen)  { 

cy  = bn i Add  1 _1 6 ( B I G L I TT L E ( 1 1 -p l e n , t 0 + p l e n ) , 

tllen-plen,  cy); 

> 

if  ( c y ) { 

BIGLITTLE(t1C-t1  Len-1D,t1Ct1  lenD)  = cy; 
tl  len  + + ; 

> 

> 

if  (bnYield  &S  (y  = bnYieldC)  < 0)) 
goto  yield; 


if  ( ! b l e n ) 

goto  failure;  /*  gcd(a,  mod)  !=  1 --  FAIL  * / 

/*  return  mod-tl  */ 

bn i C o py_1 6 ( a , mod,  mien); 

assertCtllen  <=  mien); 

cy  = b n i S u bN_1 6 ( a , tl,  tllen); 

if  ( c y ) { 

assertCmlen  > tllen); 

cy  = bniSub1_16(BIGLITTLE(a-t1len,  a + tllen),  mlen-tl  len,  cy); 
a s s e r t ( ! c y ) ; 

} 


success: 

BNIFREECtl,  mien); 

BNIFREECtO,  mien); 

BNIFREECp,  mlen+1); 

BNIFREECb,  mlen+1); 

return  0; 

f ai  lure  : /*  GCD  is  not  1 - no  inverse  exists!  */ 

y = i; 

# i f BNYIELD 
yield: 

#end  i f 

BNIFREECtl,  mien); 

BNIFREECtO,  mien); 

BNIFREECp,  mlen+1); 

BNIFREECb,  mlen+1); 


} 


return  y; 
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bnil6.h 

/* 

* $ I d : bn i 1 6 . h , v 1.2. 2.1  1 996/1  1 /1  4 04:09:22  cbertsch  Exp  $ 

*/ 

//ifndef  BNI1 6_H 
//define  BN  II 6_H 

//include  "bni.h" 

//ifndef  BNW0RD1  6 

//error  16-bit  bignum  library  requires  a 16-bit  data  type 
U e nd i f 

//ifndef  bniCopy_16 

void  b n i C o p y_1 6 ( B N W 0 R D 1 6 *dest,  BNW0RD16  const  *src,  unsigned  len); 
//  e nd  i f 

//ifndef  bniZero_16 

void  bn i Z e r o_1 6 ( BN WO R D 1 6 *num,  unsigned  len); 

//  e nd  i f 

//ifndef  bniNe  g_1  6 

void  b n i N e g_1 6 ( B N W 0 R D 1 6 *num,  unsigned  len); 

//end  i f 

//ifndef  bniAddl  16 


BNW0RD1 6 bni Add1_1 6CBNW0RD1 6 
//  e n d i f 

//ifndef  bniSub1_16 

*num. 

unsigned 

len,  BNW0RD1 6 

carry); 

BNW0RD1 6 bni Sub1_1 6CBNW0RD1 6 
ft  e nd  i f 

* n u m , 

unsigned 

len,  BNW0RD16 

borrow); 

//ifndef  bniAddN_16 

BNW0RD1 6 bni A d d N_1 6 ( B N W 0 R D 1 6 

U e n d i f 

//ifndef  bniSubN_16 

* n um  1 

, BNW0RD16 

const  *num2. 

unsigned 

len); 

BNW0RD16  bn i SubN_1 6 ( BNW0RD1 6 

U e n d i f 

★ numi 

, BNW0RD1 6 

const  *num2. 

unsigned 

len); 

//ifndef  bniCmp_16 

int  bn i C mp_1 6 ( BN WO R D 1 6 const 
# e n d i f 

*num1 

, BNW0RD1 6 

const  *num2. 

unsigned 

len); 

//ifndef  bniMulN1_16 

void  bniMulN1_16(BNW0RD16  * o u t , BNW0RD16  const  * i n , unsigned  len,  BNW0RD16  k); 
//end  i f 


//ifndef  bn  i M u l Add  1 _1  6 
BNW0RD1 6 

bniMulAdd1_16(BNW0RD16  *out,  BNW0RD16 
# end i f 


//ifndef  bn  i Mu  l Sub1_1  6 

BNW0RD1 6 bni Mu l Sub1_1 6(BNW0RD1 6 *out, 

BNW0RD1 6 k); 


//  e n d i f 


const  *in,  unsigned 


BNW0RD16  const  *in. 


len,  BNW0RD1 6 


unsigned  len. 


k) 


//ifndef  bniLshift_16 

BNW0RD16  b n i L s h i f t_1 6 ( B N W 0 R D 1 6 *num,  unsigned  len,  unsigned  shift); 
//  e n d i f 

//ifndef  bniDouble_16 

BNW0RD16  b n i D o u b l e_1 6 ( B N W 0 R D 1 6 *num,  unsigned  len); 
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# e nd  i f 

#ifndef  bniRshift_16 

BNW0RD16  bniRshift_16(BNW0RD16  *num,  unsigned  len,  unsigned  shift); 

# e nd i f 

# i f nde  f bn  i Mu l_1 6 

void  bn  i Mu L_1 6 ( B N W 0 R D 1 6 *prod,  BNW0RD16  const  *num1  , unsigned  lenl, 

BNW0RD16  const  * n u m 2 , unsigned  l e n 2 ) ; 

# e nd  i f 

#ifndef  bniSquare_16 

void  b n i S q u a r e_1 6 ( B N W 0 R D 1 6 *prod,  BNW0RD16  const  *num/  unsigned  len); 

# e nd  i f 

#ifndef  bniNorm_16 

unsigned  bn  i No rm_1 6 ( B N WO R D 1 6 const  *num,  unsigned  len); 
ft  e nd  i f 

#ifndef  bniBits_16 

unsigned  bniBits_16(BNW0RD16  const  * n u m , unsigned  len); 

# e nd  i f 

#ifndef  b n i E x t r a c t B i g By t e s_1  6 

void  b n i E x t r a c t B i g By t e s_1 6 ( BNWO R D 1 6 const  *bn,  unsigned  char  *buf, 
unsigned  Isbyte,  unsigned  buflen); 

# e nd i f 

#ifndef  bn  i I n s e r t B i g y t e s_1  6 

void  bn  i I n s e r t B i g B y t e s_1 6 ( B N W 0 R D 1 6 *n,  unsigned  char  const  *buf, 
unsigned  Isbyte,  unsigned  buflen); 

# e nd  i f 

#ifndef  bn  i E x t r a c t L i 1 1 l e By t e s_1  6 

void  bn  i E x t r a c t L i 1 1 l e By t e s_1 6 ( BN WO R D 1 6 const  *bn,  unsigned  char  *buf, 
unsigned  Isbyte,  unsigned  buflen); 

# e n d i f 

#ifndef  b n i I n s e r t L i t t l e B y t e s_1 6 

void  bn i I n s e r t L i t t l e By t e s_1 6 ( BN WO R D 1 6 *n,  unsigned  char  const  *buf, 
unsigned  Isbyte,  unsigned  buflen); 

# e n d i f 

#ifndef  bniDiv21_16 

BNW0RD1 6 bniDiv21_16(BNW0RD16  *q,  BNW0RD16  nh,  BNW0RD16  nl,  BNW0RD1 6 d); 

#end i f 

#ifndef  bniDiv1_16 

BNW0RD16  bn i D i v1_1 6 ( BNW0RD1 6 *q,  BNW0RD16  *rem, 

BNW0RD16  const  *n,  unsigned  len,  BNW0RD16  d); 

#end  i f 

#ifndef  bniModQ_16 

unsigned  b n i M o d Q_1 6 ( B N W 0 R D 1 6 const  *n,  unsigned  len,  unsigned  d); 

U e nd i f 

#ifndef  bniDi v_1 6 
BNW0RD1 6 

bn i D i v_1 6 ( BNWO R D 1 6 *q,  BNW0RD16  *n,  unsigned  nlen,  BNW0RD16  *d,  unsigned  dlen); 

# e n d i f 


#ifndef  bn i Mo n t I n v 1 _1 6 

BNW0RD1 6 bn i Mon t I n v 1 _1 6 ( BN WO R D 1 6 const  x); 

# e nd  i f 

#ifndef  bn i M o n t R ed u c e_1  6 

void  b n i M o n t R e d u c e_1 6 ( B N W 0 R D 1 6 *n,  BNW0RD16  const  *mod, 

BNW0RD1 6 inv); 


# e nd  i f 


unsigned 


const  mien. 
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#ifndef  bniToMont_16 

void  bn i T 0M0 n t_1 6 ( BNWO R D 1 6 *n,  unsigned  nlen,  BNW0RD16  *mod,  unsigned  mien); 
# e n d i f 

//ifndef  b n i F r omM  o n t_1  6 

void  bn i F r omMo n t_1 6 ( BN  WO R D 1 6 *n,  BNW0RD16  *mod,  unsigned  len); 

U e n d i i 


#ifndef  bniExpMod_16 

int  bn i ExpMod_1 6 ( BNW0RD1 6 *result,  BNW0RD16  const  *n,  unsigned  nlen, 

BNW0RD16  const  *exp,  unsigned  elen,  BNW0RD16  *mod,  unsigned  mien); 

# e n d i t 

ftifndef  bn i D o u b l e E x pMod_1 6 

int  bn i D o u b l e E x pM od_1 6 ( BN WO R D 1 6 *resu  It, 

BNW0RD16  const  *n1,  unsigned  nl  len,  BNW0RD16  const  *e1,  unsigned  ellen 
BNW0RD16  const  *n2,  unsigned  n2len,  BNW0RD16  const  * e 2 , unsigned  e2len 
BNW0RD16  *mod,  unsigned  mien); 

# e nd i f 

#itndef  bn  i T w o E x pM od_1 6 

int  bn  i T w o E x pMod_1 6 ( BN WO R D 1 6 *n,  BNW0RD16  const  *exp,  unsigned  elen, 

BNW0RD16  *mod,  unsigned  mien); 


U e nd i f 

#ifndef  bniGcd_16 

int  b n i G c d_1 6 ( B N W 0 R D 1 6 *a,  unsigned  alen,  BNW0RD16  *b,  unsigned  blen, 
unsigned  *rlen); 

# e n d i f 

#ifndef  bnilnv_16 

int  bn i I n v_1 6 ( BN WO R D 1 6 *a,  unsigned  alen,  BNW0RD16  const  *mod,  unsigned  mien); 
U e nd i f 


#endif  / * 
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bni68000.c 

/ * 

* bni68000.c  - 16-bit  bignum  primitives  tor  the  68000  (or  68010)  processors. 

ie 

* This  was  written  for  Metrowerks  C,  and  while  it  should  be  reasonably 

* portable,  NOTE  that  Metrowerks  lets  a cal  lee  trash  aO,  al,  dO,  dl,  and  d2. 

* Some  680x0  compilers  make  d2  cal  lee-save,  so  instructions  to  save  it 

* will  have  to  be  added. 

* 

* This  code  supports  16  or  32-bit  ints,  based  on  UINT_MAX. 

* Regardless  of  UINT_MAX,  only  bignums  up  to  64K  words  (1  million  bits) 

* are  supported.  (68k  hackers  will  recognize  this  as  a consequence  of 

* using  dbra.) 

* 

* These  primitives  use  little-endian  word  order. 

* (The  order  of  bytes  within  words  is  irrelevant  to  this  issue.) 

* 

* $ I d : bni  68000.c,v  1.2. 2.1  1 996/1  1 /1  4 04:09:22  cbertsch  Exp  $ 

*/ 

^include  <limits.h> 

^include  "bni.h"  /*  Should  include  bni68000.h  */ 

/ * 

* The  Metrowerks  C compiler  (1.2.2)  produces  bad  68k  code  for  the 

* following  input,  which  happens  to  be  the  inner  loop  of  bniSubl, 

* so  a few  less  than  critical  routines  have  been  recoded  in  assembly 

* to  avoid  the  bug.  (Optimizer  on  or  off  does  not  matter.) 

* 

* unsigned 

* decrement (unsi gned  *num,  unsigned  len) 

* { 

* d o { 

* if  ((*num++)-~  !=  0) 


★ 

return 

0; 

★ 

> while 

(--len); 

★ 

return 

i; 

* > 

★ / 

asm  BNW0RD1 6 

bn i Sub1_ 

r 

16(BNW0RD16  *num,  unsigned 

len,  BNW0RD16  borrow) 

1 

mo  v e a . 1 

4(sp),a0 

/* 

n u m * / 

#i f UINT 

_M  A X = = 

Oxf f f f 

mo  v e . w 

10(sp),d0 

/* 

borrow 

*/ 

#else 

mo  v e . w 

12(sp),d0 

/ * 

borrow 

*/ 

ft  e nd  i f 

s u b . w 

d0,(a0)+ 

b c c 

done 

ft  if  UINT 

_M  A X = = 

Oxf f f f 

mo  v e . w 

8(sp),d0 

/* 

len  * / 

ft  else 

move  . w 

10(sp),d0 

/* 

len  * / 

ft  e nd  i f 

s ubq  . w 

# 2 , dO 

b c s 

done 

loop: 
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done: 


subq.w  U 1 , ( a 0 ) + 
dbcc  d 0 , l o o p 

moveq.L  # 0 , dO 
addx.w  d 0 , dO 
rts 


asm  BNW0RD16 

bn i Add1_1 6 ( BNW0RD1 6 *num,  unsigned  Len,  BNW0RD16  carry) 
{ 


# e l s e 
U e nd  i f 


Seise 
U e n d i f 

loop: 

done: 


movea . 1 

4 ( s p ) , a 0 

/* 

num  * / 

_M  A X = = 

Oxf f f f 

m o v e . w 

10(sp),d0 

/* 

carry  * / 

m o v e . w 

12(sp),d0 

/* 

carry  * / 

add  . w 

dO,(aO)+ 

b c c 

d o n e 

_M  A X = = 

Oxf f f f 

move  . w 

8 ( s p ) , dO 

/ * 

len  * / 

move  . w 

10(sp),d0 

/* 

len  * / 

subq.w  # 2 , dO 
b c s done 

addq.w  #1,(a0)+ 
dbcc  d 0 , l oo p 


moveq.L  # 0 , d 0 
addx.w  d 0 , d 0 
rts 


asm  void 

b n i M u l N 1 _1  6 ( B N W 0 R D 1 6 *out,  BNW0RD16  const  *in,  unsigned  len,  BNW0RD16  k) 
{ 


mo ve . w 

d 3 , - ( s p ) 

/ * 

2 bytes  of  stack  frame  * 

mo ve  . 1 

2+4(sp),a1 

/* 

out  * / 

move.  1 

2+8(sp),a0 

/* 

in  * / 

U i f UINT 

_MAX  == 

Oxf f f f 

m o v e . w 

2+12(sp),d3 

/* 

len  * / 

mo ve . w 

2+14(sp),d2 

/ * 

k */ 

Seise 

mo  v e . w 

2+14(sp),d3 

/ * 

len  (low  16  bits)  * / 

m o v e . w 

2+16(sp),d2 

/* 

k * / 

U e n d i f 

move  . w 

( a 0 ) + , d 1 

/ * 

First  multiply  */ 

m u l u . w 

d 2 , d 1 

mo ve . w 

d1,(a1  ) + 

clr.w 

d 1 

swap 

d 1 

subq.w 

#1  ,d3 

/ * 

Setup  for  loop  unrolling 

l s r . w 

#1  ,d3 

b c s . s 

m 1 6_e  v e n 

b e q . s 

m 1 6_s  h o r t 

336 


lib/bn/bn  i68000.c 


m 1 6 even 


s u bq  . w 

#1  , d 3 

move.  1 

d 1 , d 0 

move  . w 

(a0)+,d1 

mu  l u . w 

d 2 , d 1 

a d d . 1 

d0,d1 

move  . w 

d1,(a1)+ 

clr.w 

d 1 

swap 

d 1 

move  . w 

(aO)+,dO 

m u l u . w 

d 2 , d 0 

add  . 1 

d 1 , dO 

mo v e . w 

dO , ( a 1 ) + 

clr.w 

dO 

swap 

dO 

d b r a 

d3,m1 6_l oop 

mo ve  . w 

dO,  ( a 1 ) 

m o v e . w 

(sp)+,d3 

rts 

t : 

move  . w 

d 1 , ( a 1 ) 

mo ve  . w 

(sp)+,d3 

rts 

/*  Set  up  software  pipeline  properly  */ 


asm  BNW0RD16 

bn i Mu l Add  1 _1 6 ( BN WO R D 1 6 *out,  BNW0RD16  const  *in,  unsigned  len,  BNW0RD16  k) 
{ 


move  . w 

d4,-(sp) 

clr.w 

d 4 

m o v e . w 

d3,-(sp) 

/* 

4 bytes  of  stack  frame  */ 

move.  1 

4+4(sp),a1 

/ * 

out  * / 

move.  1 

4 + 8 ( sp  ) , aO 

/ * 

in  * / 

// i f UINT 

_M  A X = = 

Oxf f f f 

mo ve  . w 

4+12(sp),d3 

/ * 

len  * / 

mo ve  . w 

4+14(sp),d2 

/ * 

k * / 

//else 

mo v e . w 

4+14(sp),d3 

/* 

len  (low  16  bits)  */ 

mo v e . w 

4+16(sp),d2 

/ * 

k */ 

Send  i f 

move . w 

(a0)+,d1 

/* 

First  multiply  */ 

mu  l u . w 

d 2 , d 1 

add  . w 

d1,(a1)+ 

clr.w 

d 1 

swap 

d 1 

addx  . w 

d4  , d 1 

s u bq  . w 

//I  ,d3 

/* 

Setup  for  loop  unrolling  */ 

Isr.w 

#1  ,d3 

b c s . s 

ma 1 6_even 

b e q . s 

ma 1 6_s  hort 
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s u bq  . w 
move.  I 

ma 1 6_L  oop : 

move.w 
mu l u . w 
add  . L 
add  . w 
clr.w 
swap 
addx  . w 

ma 1 6_e  v e n : 

move.w 
mu  L u . w 
a d d . L 
add  . w 
clr.w 
swap 
a d d x . w 

d b r a 

move.w 
move.w 
r t s 

ma16_ short: 

move.w 
move  . I 
move.w 
rts 

> 


U 1 ,d3 
d 1 , d 0 


(a0)+,d1 
d 2 , d 1 
dO  , d 1 
d1,(a1)+ 
d 1 
d 1 

d4,d1 


(aO)+,dO 
d 2 , d 0 
d 1 , dO 
d 0 , ( a 1 ) + 
dO 
dO 

d4,d0 

d3,ma 1 6_l oop 

( s p ) + , d 3 
( s p ) + , d 4 


(sp)+,d3 
d 1 , d 0 
(sp)+,d4 


/*  Set  up  software  pipeline  properly  */ 


asm  BNW0RD1 6 

bniMulSub1_16(BNW0RDl6  *out. 


move.w 

d4,-(sp) 

clr.w 

d 4 

move.w 

d3,-(sp) 

move.  1 

4+4(sp),a1 

move.  1 

4+8(sp),a0 

# i f UINT 

_M  A X = = 

Oxf  f f f 

move.w 

4+12(sp),d3 

move.w 

4+1 4(sp) ,d2 

# e l s e 

move.w 

4+1 4(sp) ,d3 

move.w 

4+16(sp),d2 

# e n d i f 

move.w 

(a0)+,d1 

mu  l u . w 

d 2 , d 1 

s u b . w 

d 1 , ( a 1 ) + 

clr.w 

d 1 

swap 

d 1 

addx  . w 

d4,d1 

BNW0RD1 6 const 

* i 

n , un  s 

i gned 

/* 

4 bytes 

o f 

stack 

frame 

/ * 

out  * / 

/* 

in  * / 

/* 

ten  * / 

/* 

k */ 

/* 

l en  (low 

1 6 

bits) 

*/ 

/* 

k */ 

/* 

First  mu 

1 1 i 

ply  * / 

len. 


*/ 


BNW0RD16  k) 
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subq . u 
Lsr.w 
b c s . s 
beq  . s 

subq  .w 
move  . I 

ms  1 6_l oop : 

move  . w 
mulu.w 
a d d . L 
sub.w 
c l r . w 
swap 
a d d x . w 

m s 1 6_e  v e n : 

mo ve  . w 
mulu.w 
add  . I 
sub.w 
c l r . w 
swap 
addx  . w 

d b r a 

m o v e . w 
mo  v e . w 
rts 

ms  1 6_s  hort : 

move  . w 
move  . I 
move  . w 
rts 

> 


#1  ,d3 
#1  ,d3 
ms  1 6_e  v e n 
m s 1 6_s  hort 

#1  ,d3 
d 1 , d 0 


(a0)+,d1 
d 2 , d 1 
dO  , d 1 
d 1 , ( a 1 ) + 
d 1 
d 1 

d 4 , d 1 


(aO)+,dO 
d2  , dO 
d 1 , d 0 
dO,  ( a 1 ) + 
dO 
dO 

d 4 , dO 

d 3 , m s 1 6_loop 

( s p ) + , d 3 
(sp)+,d4 


(sp)+,d3 
d 1 , d 0 
(sp)+,d4 


/*  Setup  for  loop  unrolling  */ 


/*  Set  up  software  pipeline  properly  */ 


/*  The  generic  long/short  divide  doesn't  know  that  nh  < d */ 


asm  BNW0RD16 

bni Di v21_1 6CBNW0RD1 6 *q,  BNW0RD16  nh,  BNW0RD16  nl,  BNW0RD16  d) 
{ 


move.  1 

8(sp),d0 

d i v u . w 

12(sp),d0 

mo ve  . 1 

4(sp),a0 

move  . w 

dO,  ( aO ) 

clr.w 

dO 

swap 

rts 

dO 

> 

asm 

unsigned 

b n i M o d Q_1 6 ( B N W 0 R D 1 6 const 

mo ve  . 1 

4(sp),a0 

moveq  . 1 

# 0 , d 1 

ft  if 

U I N T_M  A X = = 

Oxf f f f 

mo  v e . w 

8(sp),d1 

mo ve  . w 

10(sp),d2 

/*  nh  *and*  nl  */ 


unsigned  len,  BNW0RD16  d) 
/ * n * / 

/ * len  * / 

/*  d */ 
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//else 

move.w  10(sp),d1 
move.w  12(sp),d2 

#end  i f 


/ * len  (low  16  bits)  * / 
/*  d */ 


add. I d 1 , a 0 

add. I d1,a0  /*  n +=  len  */ 

moveq.l  # 0 , dO 
subq.w  # 1 , d 1 


mq 1 6_l oop : 

move.w 
d i v u . w 
d b r a 

mq 1 6_d  one: 

c l r . w 

swap 

rts 

> 


-CaO),dO 
d 2 , d 0 

d 1 , mq  1 6_l oop 


dO 

dO 


/*  Assemble  remainder  and  new  word  */ 
/*  Put  remainder  in  high  half  of  dO  */ 


/* 

* Detect  if  this  is  a 32-bit  processor  (68020+  *or*  CPU32). 

* Both  the  68020+  and  CPU32  processors  (which  have  3 2 x 32 -> 64-b i t 

* multiply,  what  the  32-bit  math  library  wants)  support  scaled  indexed 

* addressing.  The  68000  and  68010  ignore  the  scale  selection 

* bits,  treating  it  as  *1  all  the  time.  So  a 32-bit  processor 

* will  evaluate  -2 ( aO, aO  . w*2  ) as  1 +1  * 2 — 2 = 1. 

* A 16-bit  processor  will  compute  1+1-2  = 0. 

* 

* Thus,  the  return  value  will  indicate  whether  the  chip  this  is 

* running  on  supports  3 2 x 3 2 - > 6 4 - b i t multiply  (mulu.l). 

*/ 

asm  i n t 
is68020(void) 

{ 


machine 

68020 

lea 

1 ,a0 

ft  i f 0 

l e a 

-2(a0,a0.w*2),a0 

/*  Metrowerks  won't  asm  this,  arrgh  */ 

//else 

d c . w 

0x41 f 0 , 0 x 8 2 f e 

ft  e n d i f 

move.  1 

rts 

a 0 , dO 

> 

/ * 

* Since  I had  to  h a n d-a s s emb l e that  fancy  addressing  mode,  I had  to  study 

* up  on  680x0  addressing  modes. 

* A summary  of  680x0  addressing  modes. 

* A 68000  effective  address  specifies  an  operand  on  an  instruction,  which 

* may  be  a register  or  in  memory.  It  is  made  up  of  a 3-bit  mode  and  a 

* 3-bit  register  specifier.  The  meanings  of  the  various  modes  are: 

* 

* 000  reg  - Dn,  n specified  by  " reg" 

* 001  reg  - An,  n specified  by  "reg" 

* 010  reg  - (An) 

* 011  reg  - (An)+ 

* 100  reg  - -(An) 
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* 101  reg  - d16(An),  one  16-bit  displacement  word  follows,  sign-extended 

* 110  reg  - Fancy  addressing  mode  off  of  An,  see  extension  word  below 

* 111  000  - abs.W,  one  16-bit  signed  absolute  address  follows 

* 111  001  - abs.L,  one  32-bit  absolute  address  follows 

* 111  010  - d16(PC),  one  16-bit  displacemnt  word  follows,  sign-extended 

* 111  011  - Fancy  addressing  mode  off  of  PC,  see  extension  word  below 

* 111  100  - ^immediate,  followed  by  16  or  32  bits  of  immediate  value 

* 111  101  - unused,  reserved 

* 111  110  - unused,  reserved 

* 111  111  - unused,  reserved 

* 

* Memory  references  are  to  data  space,  except  that  PC-relative  references 

* are  to  program  space,  and  are  read-only. 

* 

* Fancy  addressing  modes  are  followed  by  a 16-bit  extension  word,  and  come 

* in  "brief"  and  "full"  forms. 

* The  "brief"  form  looks  like  this.  Bit  8 is  0 to  indicate  this  form: 

* 

*1111111 

*654321  0987654321  0 

* + + + + + + + + + + + + + + + + + 

* | A / D | register  |L/W|  scale  | 0 | 8-bit  signed  displacement  | 

* + + + + + + + + + + + + + + + + + 

* 

* The  basic  effective  address  specifies  a 32-bit  base  register  - A0  through 

* A7  or  PC  (the  address  of  the  following  instruction). 

* The  A/D  and  register  fields  specify  an  index  register.  A/D  is  1 for 

* address  registers,  and  0 for  data  registers.  L/W  specifies  the  length 

* of  the  index  register,  1 for  32  bits,  and  0 for  16  bits  (sign-extended). 

* The  scale  field  is  a left  shift  amount  (0  to  3 bits)  to  apply  to  the 

* sign-extended  index  register.  The  final  address  is  d8 ( An , Rn  . X * S C A L E ) , 

* also  written  ( d 8 , A n , R n . X* S C A L E ) . X is  "W"  or  "L",  SCALE  is  1,  2,  4 or  8. 

* "*1"  may  be  omitted,  as  may  a d8  of  0. 

* 

* The  68000  supports  this  form,  but  only  with  a scale  field  of  0. 

* It  does  NOT  (says  the  MC68030  User's  Manual  M C 6 8 0 3 0 U M / A D , section  2.7) 

* decode  the  scale  field  and  the  following  format  bit.  They  are  treated 

* as  0 . 

* I recall  (I  don't  have  the  data  book  handy)  that  the  CPU32  processor 

* core  used  in  the  683xx  series  processors  supports  variable  scales, 

* but  only  the  brief  extension  word  form.  I suspect  it  decodes  the 

* format  bit  and  traps  if  it  is  not  zero,  but  I don't  recall. 


•k 

— ~ ~ ' r 

k 

4. 

The 

"full" 

form 

(680x0, 

f\J 

II 

A 

X 

processors 

only) 

looks 

like  this: 

A 

★ 

1 

1 1 

1 

1 1 

1 

★ 

6 

5 4 

3 

2 1 

0 9 

8 7 6 

5 

4 3 

2 1 0 

* + + + + + + + + + + + + + + + + + 

* | A / D | register  |L/W|  scale  | 1 | BS|  I S | B D size|  0 | P | 0 D size| 

* + + + + + + + + + + + + + + + + + 

k 

* The  first  8 bits  are  interpreted  the  same  way  as  in  the  brief  form, 

* except  that  bit  8 is  set  to  1 to  indicate  the  full  form. 

* BS,  Base  Suppress,  if  set,  causes  a value  of  0 to  be  used  in  place  of 

* the  base  register  value.  If  this  is  set,  the  base  register 

* specified  is  irrelevant,  except  that  if  it  is  the  PC,  the  fetch  is 

* still  done  from  program  space.  The  specifier  "ZPC"  can  be  used  in 

* place  of  "PC"  in  the  effective  address  mnemonic  to  represent  this 

* case. 
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* IS,  Index  Suppress,  if  set,  causes  a value  of  0 to  be  used  in  place 

* of  the  scaled  index  register.  In  this  case,  the  first  7 bits  of  the 

* extension  word  are  irrelevant. 

* BD  size  specifies  the  base  displacement  size.  A value  of  00 

* in  this  field  is  illegal,  while  01,  10  and  11  indicate  that  the 

* extension  word  is  followed  by  0,  1 or  2 16-bit  words  of  base  displacement 

* (zero,  sign-extended  to  32  bits,  and  mo s t - s i g n i f i c a n t word  first, 

* respectively)  to  add  to  the  base  register  value. 

* Bit  3 is  unused. 

* The  P bit  is  the  pre/post  indexing  bit,  and  only  applies  if  an  outer 

* displacement  is  used.  This  is  explained  later. 

* 0D  size  specifies  the  size  of  an  outer  displacement.  In  the  simple 

* case,  this  field  is  set  to  00  and  the  effective  address  is 

* ( d i s p , A n , R n . X * S C A L E ) or  ( d i s p , P C , R n . X * S C A L E ) . 

* In  this  case  the  P bit  must  be  0.  Any  of  those  compnents  may  be 

* suppressed,  with  a BD  size  of  01,  the  BS  bit,  or  the  IS  bit. 

* If  the  0D  size  is  not  00,  it  encodes  an  outer  displacement  in  the  same 

* manner  as  the  BD  size,  and  0,  1 or  2 16-bit  words  of  outer  displacement 

* follow  the  base  displacement  in  the  instruction  stream.  In  this  case, 

* this  is  a d o u b l e - i n d i r e c t addressing  mode.  The  base,  base  displacement, 

* and  possibly  the  index,  specify  a 32-bit  memory  word  which  holds  a value 

* which  is  fetched,  and  the  outer  displacement  and  possibly  the  index  are 

* added  to  produce  the  address  of  the  operand. 

* If  the  P bit  is  0,  this  is  pre- indexed,  and  the  index  value  is  added 

* before  the  fetch  of  the  indirect  word,  producing  an  effective  address 

* of  ( C d i sp  , An  , Rn  . X* S C A LE  ] , d i s p ) . If  the  P bit  is  1,  the  post-indexed  case, 

* the  memory  word  is  fectched  from  base+base  displacement,  then  the  index 

* and  outer  displacement  are  added  to  compute  the  address  of  the  operand. 

* This  effective  address  is  written  ( C d i s p , An  ] , R n . X*  S C A LE  , d i s p ) . 

* (In  both  cases,  "An"  may  also  be  "PC"  or  "ZPC".) 

* Any  of  the  components  may  be  omitted.  If  the  index  is  omitted  (using  the 


★ 

I s 

bit). 

the  P bit  is  irrelevant,  but  must 

be  written 

as  0 . 

★ 

Thus 

/ 

legal  combinations  of  IS,  P and  0D  si 

z e are: 

★ 

0 

0 

00 

- 

( d i s p , A n , R n . X * S C A L E ) , also  written 

disp(An,Rn 

. X*S  C ALE  ) 

★ 

0 

0 

01 

- 

( [ d i s p , A n , R n . X * S C A L E ] ) 

★ 

0 

0 

1 0 

- 

(Cdisp,An,Rn.X*SCALED,d16) 

* 

0 

0 

1 1 

- 

(Cdisp,An,Rn.X*SCALE],d32) 

★ 

0 

1 

01 

- 

(Cdisp,An],Rn.X*SCALE) 

★ 

0 

1 

1 0 

- 

(Edi  sp,AnH,Rn.X*SCALE,d16) 

★ 

0 

1 

1 1 

- 

(Cdisp,An3,Rn.X*SCALE,d32) 

★ 

1 

0 

00 

- 

(disp,An),  also  written  disp(An) 

★ 

1 

0 

01 

- 

(Cdisp,An3) 

* 

1 

0 

1 0 

- 

(Cdisp,AnD,d16) 

★ 

★ / 

1 

0 

1 1 

— 

(Edisp,AnH,d32) 

/*  45678901234567890123456789012345678901234567890123456789012345678901234567*/ 
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bni68000.h 


/ * 

* bni68000.h  - 16-bit  bignum  primitives  for  the  68000  (or  68010)  processors. 

* 

* These  primitives  use  little-endian  word  order. 

* (The  order  of  bytes  within  words  is  irrelevant.) 

* 

* $ I d : bni68000.h,v  1.2  1 996/1  1 /1  2 01:42:41  mhw  Exp  $ 

*/ 

//define  BN_L I TT L E_E N D I AN  1 

typedef  unsigned  short  bnword16 
//define  BNW0RD16  bnword16 

bnword16  bniSub1_16(bnword16  *num,  unsigned  len,  bnword16  borrow) ; 
bnword16  bniAdd1_16(bnword16  *num,  unsigned  len,  bnword16  carry) ; 
void  bniMulN1_16(bnword16  * o u t , bnword16  const  *in,  unsigned  len,  bnword16  k); 
bnwordl 6 


bniMulAddl 
bnwordl 6 

_16(bnword16 

* o u t , 

bnword16 

const  *in. 

unsigned 

len. 

bnword16 

k); 

bniMulSubl 

_16(bnword16 

*0  u t , 

bnword16 

const  *in. 

unsigned 

len. 

bnwordl 6 

k); 

bnword16  bniDiv21_16(bnword16  *q,  bnword16  nh,  bnword16  nl,  bnword16  d); 
unsigned  bn i M odQ_1 6 ( bn wo rd 1 6 const  *n,  unsigned  len,  bnword16  d); 

int  is68020(void); 


/ * //  d e f i 

tt  d e f i n e 

//define 

//define 

//define 

//define 

//define 

//define 


ne  the  values 
bniSub1_16  bni 
bniAdd1_16  bni 
bniMulN1_16  bn 
bniMulAdd1_16 
bniMulSub1_16 
bn i D i v2 1_1 6 bn 
bniModQ  16  bni 


to  exclude 
S u b 1 _1  6 
Add1_1 6 
i Mu l N 1 _1 6 
bn i Mu  l Addl 
bniMulSubl. 
iDiv21_16 
ModQ  16 


the  C versions 


1 6 
1 6 


*/ 


/*  Also  include  the  68020  definitions  for  16/32  bit  switching  versions.  */ 
//include  <bni  68020.h> 
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bni68020.c 

/ * 

* bni68020.c  - 32-bit  bignum  primitives  for  the  68020+  (Or  683xx)  processors. 

* 

* Written  by  Colin  Plumb 

* 

* $ I d : bni  68020.c,v  1.3. 2.1  1 996/1  1 /1  4 04:09:22  cbertsch  Exp  $ 

* 

* This  was  written  for  Metrowerks  C,  and  while  it  should  be  reasonably 

* portable,  NOTE  that  Metrowerks  lets  a ca  l lee  trash  aO,  al,  dO,  dl,  and  d2. 

* Some  680x0  compilers  make  d2  cal  lee-save,  so  instructions  to  save  it 

* will  have  to  be  added. 

* 

* This  code  supports  16  or  32-bit  ints,  based  on  UINT_MAX. 

* Regardless  of  UINT_MAX,  only  bignums  up  to  64K  words  (2  million  bits) 

* are  supported.  (68k  hackers  will  recognize  this  as  a consequence  of 

* using  dbra.) 

* 

* These  primitives  use  little-endian  word  order. 

* (The  order  of  bytes  within  words  is  irrelevant  to  this  issue.) 

* 

* T0D0:  Schedule  this  for  the  68040's  pipeline.  (When  I get  a 68040  manual.) 

★ / 

^include  <limits.h> 

#include  "bni.h"  /*  Should  include  bni68020.h  */ 

/ * 

* The  Metrowerks  C compiler  (1.2.2)  produces  bad  68k  code  for  the 

* following  input,  which  happens  to  be  the  inner  loop  of  bniSubl, 

* so  a few  less  than  critical  routines  have  been  recoded  in  assembly 

* to  avoid  the  bug.  (Optimizer  on  or  off  does  not  matter.) 

* 

* unsigned 

* decrement(unsigned  *num,  unsigned  len) 

* { 

* do  ( 

* if  ((*num  + +)—  !=  0) 

* return  0; 

* > while  (--len); 

* return  1; 

* } 

★ / 

asm  BNW0RD32 

bn i S u b 1_3 2 ( BNW0 R D 32  *num,  unsigned  len,  BNW0RD32  borrow) 


mo  v e a 

. 1 

4 ( s p ) , a 0 

/* 

num  * / 

U i f UINT 

_M  A X 

= = 

Oxf f f f 

move  . 

l 

1 0 ( sp  ) ,d0 

/ * 

borrow 

★ / 

# e l s e 

move  . 

l 

1 2 ( sp)  ,d0 

/* 

borrow 

★ / 

#endi f 

s ub  . 1 

d0,(a0)+ 

b c c 

done 

tt  i f UINT 

_M  A X 

= = 

Oxf f f f 

move. 

w 

o 

~o 

s 

Q. 

CO 

00 

/ * 

len  * / 

ft  e l s e 

mo ve  . 

w 

1 0( sp)  ,d0 

/* 

len  * / 
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U e nd i f 

subq.w 

# 2 , d 0 

b c s 

done 

Loop: 

s u bq  . L 

#1 , (a0)+ 

d b c c 

d 0 , Loop 

done: 

moveq  . L 

o 

-O 

V 

o 

% 

T. 

addx  . w 

rts 

d0,d0 

asm  BNW0RD32 

bn i Add1_32 ( BNW0RD32  *num,  unsigned 
{ 


movea  . L 

4 ( s p ) , a 0 

/* 

U i f UINT 

_M  A X = = 

Oxf f f f 

move  . L 

10(sp),d0 

/* 

# e L s e 

move  . L 

1 2 ( sp)  ,d0 

/ * 

U e nd i f 

add  . L 

d0,(a0)+ 

b c c 

d o n e 

# i f UINT 

_M  A X = = 

Oxf f f f 

move.w 

8 ( s p ) , dO 

/* 

# e L s e 

move  . w 

10(sp),d0 

/ * 

U e n d i f 

subq.w 

# 2 , dO 

b c s 

done 

Loop: 

addq  . L 

#1 , (a0)+ 

d b c c 

d 0 , Loop 

done: 

moveq  . L 

# 0 , dO 

a d d x . w 

rts 

d 0 , dO 

> 


asm  void 

bni Mu  INI _3 2 (BNW0RD32  *out,  BNW0RD32 
machine  68020 


mo vem . L 
moveq  . L 

d3-d5,-(sp) 

# 0 , d4 

/* 

mo ve  . L 

16(sp),a1 

/* 

move.  L 

20(sp),a0 

/ * 

# i f UINT 

_M  A X = = 

Oxf f f f 

move.w 

24(sp),d5 

/ * 

mo ve  . L 

26(sp),d2 

/ * 

ft  e L s e 

move.w 

26(sp),d5 

/* 

mo ve  . L 

28(sp),d2 

/ * 

U e n d i f 

mo ve  . L 

( a 0 ) + , d 3 

/* 

mu  L u . L 
move  . L 

d 2 , d 1 : d 3 
d3,(a1  ) + 

/ * 

len,  BNW0RD32  carry) 
n u m * / 
carry  * / 
carry  * / 

Len  * / 

Len  * / 


const  *i n,  unsigned  Len,  BNW0RD32  k) 

12  bytes  of  extra  data  */ 

out  * / 
in  * / 

Len  * / 
k */ 

Len  * / 
k */ 

First  muLtipLy  * / 

dc.w  0x4c02,  0x3401  */ 
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s u bq  . w 

# 1 , d 5 

Isr.w 

#1  ,d5 

b c s . s 

m32_even 

beq  . s 

m3  2_s  hort 

subq  . w 

# 1 , d 5 

move  . 1 

d 1 , d 0 

mo ve  . 1 

(a0)+,d3 

mu  l u . 1 

d 2 , d 1 : d 3 

add  . 1 

dO  , d 3 

addx  . 1 

d 4 , d 1 

move.  1 

d 3 , ( a 1 ) + 

mo ve  . 1 

(a0)+,d3 

mu  l u . 1 

d 2 , d 0 : d 3 

a d d . 1 

d 1 , d 3 

addx.  1 

d 4 , d 0 

mo  ve  . 1 

d3, (al  ) + 

d b r a 

d 5 , m3  2_l o o p 

move.  1 

dO,  (al  ) 

mo vem  . 1 

(sp)+,d3-d5 

r t s 

t : 

move.  1 

d 1 , ( a 1 ) 

mo vem  . 1 

(sp)+,d3-d5 

rts 

/*  Setup  for  Loop  unrolling  */ 


/*  Set  up  software  pipeline  properly  */ 


/*  dc.w  0x4c02,  0x3401  */ 


/*  dc.w  0x4c02,  0x3400  */ 


asm  BNW0RD32 

b n i M u l A d d 1 _3 2 ( B N W 0 R D 3 2 *out,  BNW0RD32  const  *in,  unsigned  len,  BNW0RD32  k) 
{ 


machine 

68020 

m o v e m . 1 

d3-d5,-(sp) 

/* 

12  bytes  of  extra  data 

★ / 

mo veq  . 1 

# 0 , d 4 

move.  1 

16(sp),a1 

/* 

out  * / 

move.  1 

20(sp),a0 

/* 

in  * / 

U i f UINT 

_M  A X = = 

Oxf f f f 

mo  v e . w 

24(sp),d5 

/* 

len  * / 

move.  1 

26(sp),d2 

/* 

k */ 

# e l s e 

mo ve  . w 

2 6 ( s p ) , d 5 

/* 

len  * / 

move.  1 

2 8 ( s p ) , d 2 

/* 

k */ 

# e n d i f 

mo ve  . 1 

( a 0 ) + , d 3 

/* 

First  multiply 

*/ 

mu  l u . 1 

d 2 , d 1 : d 3 

/ * 

dc.w  0x4c02, 

0x3401 

*/ 

a d d . 1 

d3, (al  ) + 

addx.  1 

d 4 , d 1 

s u bq  . w 

#1  ,d5 

/* 

Setup  for  loop 

unrolling  * / 

Isr.w 

#1 ,65 

b c s . s 

ma32  even 
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beq  . s 

subq  . u 
move  . L 

ma32_l oop : 

mo ve  . L 
mu  L u . L 
add  . L 
addx  . L 
a d d . L 
addx  . I 
ma  3 2_e  v e n : 

move.  L 
mu  L u . L 
a dd  . I 
addx  . L 
add  . L 
addx  . L 

d b r a 


ma  3 2_s  hort 

# 1 , d 5 
d 1 , d 0 


( a 0 ) + , d 3 
d 2 , d 1 : d 3 
d0,d3 
d4  , d 1 
d 3 , ( a 1 ) + 
d 4 , d 1 


(a0)+,d3 
d 2 , d 0 : d 3 
d 1 , d 3 
d4,d0 
d 3 , (a1)  + 
d 4 , d 0 

d5,ma32_loop 


movem.L  (sp)+,d3-d5 
rts 

m a 3 2_s  hort: 

move  . I d1,d0 
movem.L  (sp)+,d3-d5 
rts 


/*  Set  up  software  pipeline  properly  */ 


/*  dc.w  0x4c02,  0x3401  */ 


/*  dc.w  0x4c02,  0x3400  */ 


asm  BNW0RD32 

bn i Mu l S u b 1 _3 2 ( B N W 0 R D 3 2 *out,  BNW0RD32  const  *i n,  unsigned  len,  BNW0RD32  k) 
{ 


machine 

68020 

mo vem  . 1 

d3-d5,-(sp) 

/* 

12  bytes  of  extra  data  */ 

mo veq  . 1 

# 0 , d 4 

mo ve  . 1 

16(sp),a1 

/* 

out  * / 

mo ve  . 1 

20(sp),a0 

/ * 

in  * / 

ft  i f UINT 

_M  A X = = 

Oxf f f f 

mo ve  . w 

24(sp),d5 

/* 

ten  * / 

mo ve  . 1 

26(sp),d2 

/* 

k * / 

#e  Ise 

m o v e . w 

26(sp),d5 

/ * 

len  * / 

move.  1 

28(sp),d2 

/* 

k */ 

# e n d i f 

move  . 1 

(a0)+,d3 

/* 

First  multiply  */ 

m u l u . 1 

d 2 , d 1 : d 3 

/* 

dc.w  0x4c02,  0x3401  */ 

s u b . 1 

d3,  (al  ) + 

addx.  1 

d4,d1 

subq  . w 

#1  ,d5 

/ * 

Setup  for  loop  unrolling  */ 

Isr  . w 

#1  ,d5 

b c s . s 

m s 3 2_e  v e n 

beq  . s 

m s 3 2_s  hort 

s u bq  . w 

# 1 , d 5 

/ * 

Set  up  software  pipeline  properly 
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move.  L 

m s 3 2 L o o p : 

move.  L 
mu  L u . L 
a d d . L 
addx  . L 
s u b . I 
a d d x . L 

m s 3 2_e  v e n : 

move.  L 
mu  l u . L 
a dd  . L 
addx.  L 
s u b . L 
addx  . L 

d b r a 


d 1 , dO 


(a0)+,d3 
d 2 , d 1 : d 3 
d 0 , d 3 
d 4 , d 1 
d 3 , ( a 1 ) + 
d4  , d 1 


( a 0 ) + , d 3 
d 2 , d 0 : d 3 
d 1 , d 3 
d 4 , dO 
d 3 , ( a 1 ) + 
d 4 , dO 

d5,ms32_loop 


movem.l  (sp)+,d3-d5 
rts 


/*  dc.w  0x4c02,  0x3401  */ 


/*  dc.w  0x4c02,  0x3400  */ 


m s 3 2_s  hort : 

move.L  d 1 , d 0 
movem.l  (sp)+,d3-d5 
rts 


asm  BNW0RD32 

bni Di v 2 1 _3 2 ( B N W 0 R D 3 2 *q,  BNW0RD32  nh,  BNW0RD32  nl,  BNW0RD32  d) 

{ 

machine  68020 
move.  I 8(sp),d0 
move.L  12(sp),d1 
move.  I 4(sp),a0 

divu.l  16(sp),d0:d1  /*  dc.w  0x4c6f,  0x1400,  16  */ 

move.L  d 1 , ( a 0 ) 

rts 


asm  unsigned 

b n i M o d Q_3 2 ( B N W 0 R D 3 2 const  *n,  unsigned  Len,  unsigned  d) 
{ 


machine 
mo ve  . L 

68020 

4 ( s p ) , a 0 

/* 

n * / 

# if  UINT 

move.  L 
_MAX  == 
mo veq  . L 

mo  v e . w 

d 3 , a 1 

Oxf f f f 
# 0 , d 2 

8 ( s p ) , d 1 

/ * 

Len  * / 

mo  v e . w 

10(sp),d2 

/ * 

d */ 

# e L s e 

mo  v e . w 

10(sp),d1 

/ * 

Len  * / 

mo ve  . L 

12(sp),d2 

/* 

d */ 

# e n d i f 

dc.w 

0 x 4 1 f 0 , Oxlcfc 

/ * 

Lea  -4 ( a 0 , d 1 . L* 4 ) , a 0 */ 

/*  First  time,  divide  32/32  - may  be  faster  than  64/32  */ 
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move.  L 
d i v u l . L 
subq  . w 
bm  i 

(aO)  ,d3 

d 2 , d 0 : d 3 /*  dc.w  0x4c02,  0x3000  */ 

# 2 , d 1 
mq32_done 

mq32_loop: 

move  . L 
d i v u . L 
d b r a 

-<a0),d3 

d2,d0:d3  /*  dc.w  0 x 4 c 02 , 0 x 3400  */ 

di ,mq32_l oop 

mq  3 2_d  one: 

move  . L 

rts 

a 1 , d 3 

/*  45678901234567890123456789012345678901234567890123456789012345678901234567*/ 
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bni68020.h 


/ * 

* bni68020.h  - 32-bit  bignum  primitives  for  the  68020  (or  683xx)  processors. 

* 

* These  primitives  use  Little-endian  word  order. 

* (The  order  of  bytes  within  words  is  irrelevant.) 

* 

* $ I d : bni68020.h,v  1.2  1 996/1  1 /1  2 01:42:42  mhw  Exp  $ 

* / 

//define  BN  L I T T L E_E N D I A N 1 


typedef  unsigned  long  bnword32; 

//define  BNW0RD32  bnword32 

bnword32  bniSub1_32(bnword32  *num,  unsigned  len,  bnword32  borrow); 

bnword32  bniAdd1_32(bnword32  *num,  unsigned  len,  bnword32  carry); 

void  bniMulNI _3  2(bnword32  *out,  bnword32  const  *in,  unsigned  len,  bnword32  k); 

bnword32 


bniMulAddl 

bnword32 

_32(bnword32 

* o u t , 

bnword32 

const  *in. 

unsigned 

len. 

bnword32 

k); 

bniMulSubl 

_32(bnword32 

★ out. 

bnword32 

const  *in. 

unsigned 

len. 

bnword32 

k); 

bnword32  bniDiv21_32(bnword32  *q,  bnword32  nh,  bnword32  nl,  bnword32  d); 
unsigned  b n i M o d Q_3 2 ( b n w o r d 3 2 const  *n,  unsigned  len,  unsigned  d); 


/*  //define  the  values  to  exclude  the  C 
//define  bniSub1_32  bniSub1_32 
//define  bniAdd1_32  bniAdd1_32 
//define  bniMulN1_32  bniMulNl_32 
//define  b n i M u l Ad  d 1 _3  2 b n i M u l Ad  d 1 _3  2 
//define  bn  i M u l S u b 1 _3  2 b n i M u l S u b 1 _3  2 
//define  bniDiv21_32  bniDiv21_32 
#define  bniModQ  32  bniModQ_32 


versions  * / 
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bni80386.asm 


f f f 
r f r 
f f f 


Assembly  primitives  tor 
$Id:  bn i 80386 . a sm, v 1.3 


bignum  library,  80386  family,  32-bit  code. 
1996/11/12  01:42:42  mhw  Exp  $ 


r f r 

;;;  Several  primitives  are  included  here.  Only  bniMulAddl  is  * r e a l l y * 

;;;  critical,  but  once  that's  written,  bniMulNl  and  bniMulSubl  are  quite 
;;;  easy  to  write  as  well,  so  they  are  included  here  as  well. 

;;;  bniDiv21  and  bniModQ  are  so  easy  to  write  that  they're  included,  too. 


f r r 

;;;  All  functions  here  are  for  32-bit  flat  mode.  I.e.  near  code  and 
;;;  near  data,  although  the  near  offsets  are  32  bits. 

f f f 

;;;  The  usual  80x86  calling  conventions  have  AX,  BX,  CX  and  DX 
;;;  volatile,  and  SI,  D I , SP  and  BP  preserved  across  calls. 

;;;  This  includes  the  "E"xtended  forms  of  all  of  those  registers 


f F F 

;;;  However,  just  to  be  confusing,  recent  32-bit  DOS  compilers  have 
;;;  quietly  changed  that  to  require  EBX  preserved  across  calls,  too. 
; ; ; Joy. 


.386 


;_T  EXT 

segment  para  public  use32 

' CODE  ' 

;_T  EXT 

ends 

i f d e f 

aversion 

if  aversion  le 

510 

FLAT 

group 

_T  EXT 

end  i f 

else 

FLAT 

group 

_T  EXT 

e nd  i f 

assume 

cs : FLAT,  ds : FLAT, 

ss  : FLAT 

_T  EXT 

segment 

para  public  use32 

' CODE  ' 

public 

_bn i Mu l N 1 _3  2 

public 

_bn i Mu l Add  1 3 2 

public 

bn i Mu l S u b 1 _3  2 

public 

_bn i D i v2 1 3 2 

public 

b n i ModQ_32 

; ; Register  usage: 

; ; eax  - low  half  of  product 
;;  ebx  - carry  to  next  iteration 
; ; ecx  - multiplier  (k) 

; ; edx  - high  half  of  product 
; ; esi  - source  pointer 
; ; edi  - dest  pointer 
; ; ebp  - loop  counter 


; ; Stack  frame: 


/ / 

/ / 

+ -- 

1 

k 

- + 

1 

esp+20 

esp+24 

esp+28 

/ F 

F F 

+ -- 

1 

l e n 

- + 

1 

e s p + 1 6 

esp+20 

esp+24 

F F 

F F 

+ -- 

1 

i n 

- + 

1 

e s p + 1 2 

e s p + 1 6 

esp+20 

F F 

F F 

+ -- 

1 

out 

- + 

1 

e s p + 8 

esp+1 2 

e s p + 1 6 

; 16-byte  aligned  because  486  cares 


16-byte  aligned  because  486  cares 


esp+32  esp+36 
esp+28  esp+32 
esp+24  esp+28 
esp+20  esp+24 
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a r 

a a 

+ 

| return 

-+  esp+4 

1 

e s p + 8 

esp+1 2 

e s p + 1 6 

esp+20 

/ a 

a a 

+ 

| e s i 

-+  e s p 

1 

esp  + 4 

e s p + 8 

esp+1 2 

e s p + 1 6 

r r 

r a 

+ 

1 ebp 

- + 

1 

e s p 

esp  + 4 

e s p + 8 

esp+1 2 

; ; + + 

e s p 

esp  + 4 

e s p + 8 

;;  1 ebx  | 

; ; + + 

e s p 

esp  + 4 

; ; 1 e d i | 

; ; + + 

e s p 

align 

1 6 

_b  n i M u l N 1 _3  2 

proc  near 

push 

e s i 

A 

U 

mo  v 

esi,Ces p+123 

A 

V 

load 

i n 

push 

ebp 

A 

u 

mo  v 

ebp, Cesp+203 

A 

V 

load 

l e n 

push 

ebx 

A 

u 

mo  v 

e c x , C e s p + 2 8 3 

A 

V 

load 

k 

push 

ed  i 

A 

u 

m o v 

edi ,Cesp+20H 

A 

V 

load 

out 

;;  First  multiply  step  has  no 

carry  i 

n . 

m o v 

eax,Cesi  ] 

A 

u 

l e a 

ebx,Cebp*4-43 

A 

V 

loop 

unrolling 

m u l 

e c x 

A 

NP 

first 

multiply 

m o v 

Cedi ],eax 

A 

U 

and 

e b x , 1 2 

A 

V 

loop 

unrolling 

add 

e s i , e bx 

A 

u 

loop 

unrolling 

add 

edi , e b x 

A 

V 

loop 

unrolling 

j mp 

DWORD  PTR  m 3 2 

_jumptableCebx] 

; NP 

align 

4 

m32_j  umptab l e : 

dd 

m32_c  a s eO 

dd 

m32_c  a s e 1 

dd 

m32_case2 

dd 

m 3 2_c  a s e 3 

nop 

align 

8 

nop 

nop 

nop 

; Get  loop  ni 

c e l y 

aligned 

m32__ca  s eO  : 

sub 

ebp, 4 

A 

U 

j be 

SHORT  m32_done  ; 

V 

m32_l oop : 

mo  v 

eax,Cesi+43 

A 

U 

mo  v 

e bx , ed  x 

A 

V 

Remember  carry 

add 

e s i , 1 6 

A 

u 

add 

ed i , 1 6 

A 

V 

mu  l 

e c x 

A 

NP 

Loop  unrolling 


for  later 
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add 

e a x , e bx 

r 

u 

a d c 

e dx  , 0 

r 

u 

mo  v 

Cedi-123, eax 

r 

V 

m3 2_c a s e 3 : 

mo  v 

eax,Cesi-83 

r 

u 

mo  v 

ebx, edx 

r 

V 

mu  L 

e c x 

r 

NP 

add 

e a x , e bx 

r 

u 

a d c 

edx  , 0 

r 

u 

mo  v 

Cedi-83, eax 

r 

V 

m3 2_c  a s e 2 : 

mo  v 

eax,Cesi-43 

r 

u 

mo  v 

ebx, edx 

r 

V 

mu  L 

e c x 

/ 

NP 

add 

e a x , e bx 

r 

u 

a d c 

edx  , 0 

r 

u 

mo  v 

Cedi-43, eax 

f 

V 

m3 2_c  a s e 1 : 

mo  v 

eax,Cesi3 

r 

u 

mo  v 

ebx, edx 

r 

V 

m u L 

e c x 

r 

NP 

add 

eax, ebx 

r 

U 

a d c 

e d x , 0 

r 

U 

mo  v 

Cedi  3, eax 

r 

V 

sub 

e bp  , 4 

r 

u 

j a 

SHORT  m32_L  oo p 

r 

V 

m32_done : 

mo  v 

Cedi +4 3, edx 

r 

u 

pop 

ed  i 

r 

V 

pop 

ebx 

r 

u 

pop 

e bp 

/ 

V 

pop 

e s i 

r 

u 

ret 

r 

NP 

_bn i Mu  L N1_32 

endp 

a L i g n 

1 6 

_bn  i Mu  L Add1_32 

proc  near 

push 

e s i 

r 

u 

mo  v 

esi,Cesp+123 

/ 

V 

push 

ed  i 

r 

u 

mo  v 

edi,Cesp+123 

r 

V 

push 

ebp 

r 

u 

mo  v 

ebp,Cesp+243 

r 

V 

push 

ebx 

r 

u 

mo  v 

ecx,Cesp+323 

f 

V 

;;  First  muLtipLy  step  has  no 

carry 

mo  v 

eax,Cesi 3 

r 

u 

mo  v 

ebx, Cedi  3 

/ 

V 

mu  L 

e c x 

r 

NP 

add 

ebx , ea  x 

r 

u 

Lea 

eax,Cebp*4-43 

f 

V 

a d c 

edx  , 0 

r 

u 

and 

e a x , 1 2 

r 

V 

mo  v 

Cedi  3, ebx 

r 

u 

Add  carry  in  from  previous  word 

Remember  carry  for  Later 

Add  carry  in  from  previous  word 

Remember  carry  for  Later 

Add  carry  in  from  previous  word 

Remember  carry  for  Later 

Add  carry  in  from  previous  word 


Load  in 
Load  out 
Load  L e n 
Load  k 

first  muLtipLy 
Loop  unroLLing 
Loop  unroLLing 
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add 

e s i , e a x 

; V loop  unrolling 

add 

ed i , e a x 

; U loop  unrolling 

j mp 

DWORD  PTR  ma 32_ j ump t a b l e C e a x 3 ; NP  loop  unrolling 

align 

4 

ma  3 2_ j ump  t a b l e : 
dd 

ma  3 2_c  a s eO 

dd 

ma  32_c a s e 1 

dd 

ma  32_c a s e 2 

dd 

ma  3 2_c  a s e 3 

nop 

align 

8 

nop 

nop 

nop 

; To  align  loop  properly 

ma  32_ 

c a s eO  : 

sub 

e bp  , 4 

/ 

U 

j be 

SHORT  ma32_done 

r 

V 

ma32_ 

loop: 

mo  v 

eax,Cesi+43 

r 

u 

mo  v 

ebx  , edx 

r 

V 

Remember 

carry 

for  later 

add 

e s i , 1 6 

r 

u 

add 

ed i , 1 6 

r 

V 

m u l 

e c x 

f 

NP 

add 

e a x , e bx 

r 

U 

Add 

carry 

i n 

from  previous 

word 

mo  v 

ebx, Cedi-123 

r 

V 

a d c 

e d x , 0 

f 

U 

add 

e bx , e a x 

r 

V 

a d c 

ed x , 0 

r 

U 

mo  v 

Cedi-123, ebx 

r 

V 

ma32_ 

c a s e 3 : 

m o v 

eax,Cesi-83 

r 

u 

mo  v 

ebx  , edx 

r 

V 

Remember 

carry 

for  later 

mu  l 

e c x 

/ 

NP 

add 

e a x , e b x 

/ 

U 

Add 

carry 

i n 

from  previous 

word 

mo  v 

ebx, Cedi-83 

r 

V 

a d c 

e d x , 0 

r 

U 

add 

e b x , e a x 

r 

V 

a d c 

e d x , 0 

r 

u 

mo  v 

Cedi-83, ebx 

r 

V 

ma  3 2_ 

c a s e 2 : 

mo  v 

eax,Cesi-43 

r 

u 

mo  v 

ebx , edx 

r 

V 

Remember 

carry 

for  later 

mu  l 

e c x 

r 

NP 

add 

eax, ebx 

r 

U 

Add 

carry 

i n 

from  previous 

word 

mo  v 

ebx, Cedi-43 

r 

V 

a d c 

e d x , 0 

r 

U 

add 

ebx, eax 

r 

V 

a d c 

edx  , 0 

F 

u 

mo  v 

C ed i -43 , ebx 

r 

V 

ma  3 2_ 

.easel  : 

mo  v 

eax,Cesi3 

F 

u 

mo  v 

e bx , ed  x 

F 

V 

Remember 

carry 

for  later 
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mu  l 

e c x 

/ 

NP 

add 

e a x , e bx 

r 

U 

Add  carry  in  from  previous 

mo  v 

ebx, Cedi 3 

/ 

V 

a d c 

e d x , 0 

f 

U 

add 

e bx , e a x 

f 

V 

a d c 

edx  , 0 

r 

U 

mo  v 

Cedi 3 , ebx 

r 

V 

sub 

e b p , 4 

r 

u 

j a 

SHORT  ma3  2_l oop 

r 

V 

ma  32_done : 

pop 

ebx 

/ 

u 

pop 

e bp 

r 

V 

mo  v 

e a x , ed  x 

r 

u 

pop 

e d i 

r 

V 

pop 

e s i 

r 

u 

ret 

r 

NP 

_bn i Mu l Add1_32 

endp 

align 

1 6 

bniMulSub1_32 

proc  near 

push 

e s i 

; u 

mo  v 

esi,Ces p+123 

; V 

load 

i n 

push 

e d i 

; u 

m o v 

edi,Ces p+123 

; v 

load 

out 

push 

e b p 

; u 

mo  v 

ebp, Ces p+243 

; v 

load 

l en 

push 

ebx 

; u 

mo  v 

ecx,Cesp+323 

; v 

load 

k 

; First  multiply  step  has  no 

carry  in. 

push 

e s i 

; u 

m o v 

esi,Cesp+123 

; v 

load 

i n 

push 

ed  i 

; u 

mo  v 

edi,Cesp+123 

; v 

load 

out 

push 

ebp 

; u 

mo  v 

ebp, Cesp+243 

; v 

load 

l e n 

mo  v 

ecx,Cesp+283 

; u 

load 

k 

; First  multi 

ply  step  has  no 

carry  in. 

mo  v 

eax,Cesi3 

; v 

mo  v 

ebx, Cedi  3 

; u 

mu  l 

e c x 

; NP 

first 

multiply 

sub 

ebx, eax 

; u 

l e a 

eax,Cebp*4-43 

; v 

loop 

unrolling 

a d c 

e d x , 0 

; u 

and 

e a x , 1 2 

; v 

loop 

unrolling 

mo  v 

Cedi  3, ebx 

; u 

add 

e s i , e a x 

; v 

loop 

unrolling 

add 

e d i , e a x 

; u 

loop 

unrolling 

jmp 

DWORD  PTR  m s 3 2 

_ j ump  t a b l 

e C e a x 3 

; NP 

align 

4 

ms32_j  umptab  L e : 

dd  m s 3 2 caseO 


Loop  unrolling 
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m s 3 2_ 

dd 

dd 

dd 

nop 
a L i g n 
nop 

nop 

nop 

c a s e 0 : 
sub 

m s 3 2_c  a s e 1 
m s 3 2_c  a s e 2 
ms 3 2_c a s e 3 

8 

e bp  , 4 

A 

U 

j be 

SHORT  ms3  2_d  one 

A 

V 

ms32_ 

Loop: 
mo  v 

eax,Cesi+4] 

A 

u 

mo  v 

ebx  , edx 

A 

V 

add 

e s i , 1 6 

A 

u 

add 

edi  ,1  6 

A 

V 

mu  L 

e c x 

A 

NP 

add 

eax, ebx 

A 

U 

mo  v 

ebx , C ed i -1 2 ] 

A 

V 

a d c 

ed x , 0 

A 

U 

sub 

e bx , e a x 

A 

V 

a d c 

edx  , 0 

A 

u 

mo  v 

C ed i -1 2 ] , ebx 

A 

V 

m s 3 2_ 

c a s e 3 : 

mo  v 

eax,Cesi-8] 

A 

u 

m o v 

ebx,edx 

A 

V 

mu  L 

e c x 

A 

NP 

add 

e a x , e b x 

A 

U 

m o v 

ebx , C ed i -8 ] 

A 

V 

a d c 

e d x , 0 

A 

U 

sub 

ebx, eax 

A 

V 

a d c 

edx  , 0 

A 

u 

mo  v 

Cedi-83, ebx 

A 

V 

m s 3 2_ 

c a s e 2 : 

m o v 

eax,Cesi-4] 

A 

u 

mo  v 

e bx , e d x 

A 

V 

m u L 

e c x 

A 

NP 

add 

e a x , e bx 

A 

U 

mo  v 

ebx, Cedi-4] 

A 

V 

a d c 

edx  , 0 

A 

U 

sub 

e bx , e a x 

A 

V 

a d c 

edx  , 0 

A 

u 

mo  v 

Cedi-4], ebx 

A 

V 

ms32_ 

easel  : 

mo  v 

eax,Cesi] 

A 

u 

mo  v 

ebx , edx 

A 

V 

m u L 

e c x 

A 

NP 

add 

eax  , ebx 

A 

U 

mo  v 

ebx, Cedi  ] 

A 

V 

a d c 

edx  , 0 

A 

U 

sub 

e b x , e a x 

A 

V 

a d c 

edx  , 0 

A 

u 

mo  v 

Cedi  ],ebx 

A 

V 

sub 

e bp  , 4 

A 

u 

j a 

SHORT  ms32_Loop 

A 

V 

Remember  carry  for  Later 

Add  carry  in  from  previous  word 


Remember  carry  for  Later 

Add  carry  in  from  previous  word 


Remember  carry  for  Later 

Add  carry  in  from  previous  word 


Remember  carry  for  Later 

Add  carry  in  from  previous  word 
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m s 3 2 done: 


pop 

e bx 

; u 

pop 

ebp 

; V 

mo  v 

e a x , e d x 

; u 

pop 

e d i 

; v 

pop 

e s i 

; u 

ret 

; NP 

bn i Mu l Sub1_32 

endp 

; Two 

-word 

by  one-word  divide. 

Stores 

q u o t i 

ent,  returns  remainder. 

; BNW0RD32 

bni Di v21_32 (BNW0RD32 

*q. 

BNW0RD32 

nh,  BNW0RD32  nl,  BNW0RD32 

a 

4 

8 

12  16 

l i gn 

4 

b n i D i 

v 2 1 _3  2 

proc  near 

m o v 

edx,Cesp+83 

/ 

u 

Load  nh 

mo  v 

eax,Cesp+123 

a 

V 

Load  n l 

mo  v 

e c x , C e s p + 4 3 

a 

u 

Load  q 

d i v 

DWORD  PTR  Lesp+163 

r 

NP 

mo  v 

Cecx3,eax 

a 

u 

Store  quotient 

mo  v 

e a x , e d x 

a 

V 

Return  remainder 

ret 

bn  i D i 

v 2 1 _3  2 

endp 

;;  Multi-word  by  one-word  remainder. 

;;  This  speeds  up  key  generation.  It's  not  worth  unrolling  and  so  on; 

; ; using  32-bit  divides  is  enough  of  a speedup. 

r a 

;;  The  modulus  (in  ebp)  is  often  16  bits.  Given  that  the  dividend  is  32 
;;  bits,  the  chances  of  saving  the  first  divide  because  the  high  word  of  the 
;;  dividend  is  less  than  the  modulus  are  low  enough  it's  not  worth  taking 
; ; the  cycles  to  test  for  it. 


r a 


;;  unsigned 

b n i M odQ_3 2 ( B N WO R D 3 2 const 

★ n , 

unsigned  len,  unsigned  d) 

A A 

4 

8 

1 2 

align  4 

_bn i ModQ_32 

proc  near 

m o v 

eax,lesp+4] 

A 

U 

Load  n 

push 

ebp 

A 

V 

mo  v 

ebp, Ces p+123 

A 

U 

Load  len 

push 

e s i 

A 

V 

l e a 

esi ,Cebp*4+eax-43 

A 

U 

mo  v 

ecx,Cesp+163 

A 

V 

Load  d 

xor 

edx , edx 

A 

u 

Clear  edx  for  first 

iteration 

modq32_loop: 

m o v 

eax,lesi  3 

A 

u 

Load  new  low  word  for  divide 

sub 

e s i , 4 

A 

V 

d i v 

e c x 

A 

NP 

edx  = edx:eax  / ecx 

dec 

ebp 

A 

U 

j nz 

SHORT  modq32_loop 

A 

V 

pop 

esi 

A 

u 

m o v 

e a x , e d x 

A 

V 

Return  remainder  in 

e a x 

pop 

ebp 

A 

u 

ret 

A 

NP 

_bn i ModQ_32 

endp 
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mo  v l 

4(%esp) ,%eax 

pu  s h l 

%ebp 

mo  v l 

12(%esp),%ebp 

pu s h l 

% e s i 

leal 

-4(%eax,%ebp,4) 

mo  v l 

20(%esp),%ecx 

x o r l 

%edx,%edx 

modq32_l oop : 

mo v l 

(%esi  ),%eax 

s u b l 

$4,  %es i 

d i v l 

% e c x 

d e c l 

%ebp 

j nz 

modq32_loop 

pop  l 

% e s i 

mo v l 

%edx,%eax 

pop  l 

%ebp 

ret 

ft  U Load  n 

ft  V 

# U Load  len 

ft  V 
ft  U 

ft  V Load  d 

ft  U Clear  MSW  for  first  divide 

ft  U 
ft  V 
ft  NP 
ft  U 
ft  V 

ft  U 

ft  v 
ft  u 

ft  NP 


TEXT  ends 
end 
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bni80386.h 

/ * 

* bni80386.h  - This  file  defines  the  interfaces  to  the  80386 

* assembly  primitives.  It  is  intended  to  be  included  in  "bni.h" 

* via  the  "//include  BNINCLUDE"  mechanism. 

* 

* $ I d : bni  80386.h,v  1.2  1 996/1  1 /1  2 01:42:42  mhw  Exp  $ 

* / 

//define  BN_L  I TT  L E_E  N D I A N 1 

typedef  unsigned  long  bnword32; 

//define  BNW0RD32  bnword32 

/*  MS-DOS  needs  the  calling  convention  described  to  it.  */ 

//ifndef  MSDOS 

//ifdef  MSDOS 

//define  MSDOS  1 
tt  e nd  i f 
//end  i f 

//ifndef  MSDOS 

//ifdef  MSDOS 

//define  MSDOS  1 
//end  i f 
tt  e nd  i f 

/*  By  MS-DOS,  we  mean  16-bit  brain-dead  MS-DOS.  Not  32-bit  good  things.  */ 

//ifdef  G 0 3 2 

//undef  MSDOS 
//end  i f 

//ifdef  G 0 3 2 

//undef  MSDOS 
tt  e n d i f 

//ifdef  MSDOS 

//define  CDECL  cdecl 

tt  e l s e 

//define  CDECL  /*nothing*/ 

//end  i f 

//ifdef  cplusplus 

/*  These  a s s emb l y- l a ng u a g e primitives  use  C names  */ 
extern  " C"  C 
tt  e n d i f 

/*  Function  prototypes  for  the  asm  routines  */ 
void  CDECL 

bn i M u l N 1_3 2 ( bn  wo rd 3 2 *out,  bnword32  const  *in,  unsigned  len,  bnword32  k); 
//define  bniMulNl_32  bniMulN1_32 

bnword32  CDECL 

bniMulAdd1_32(bnword32  *out,  bnword32  const  *in,  unsigned  len,  bnword32  k); 
//define  bn  i Mu  l Add  1 _3  2 bn  i M u l Add  1 _3  2 

bnword32  CDECL 

bniMulSub1_32(bnword32  *out,  bnword32  const  *in,  unsigned  len,  bnword32  k); 
//define  bn  i Mu  l S u b 1 _3  2 b n i M u l S u b 1 _3  2 

bnword32  CDECL 
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bniDiv21_32(bnword32  *q,  bnword32  nh,  bnword32  nl,  bnword32  d); 
//define  bniDiv21_32  bniDiv21_32 

unsigned  CDECL 

bn i ModQ_3  2 ( bn  wo rd32  const  *n,  unsigned  ten,  bnword32  d); 

//define  bniModQ_32  bniModQ_32 

//ifdef  cplusplus 

} 

ft  e nd  i f 


ft  i f GNUC 

/ * 

* Use  the  (massively  cool)  GNU  inline-assembler  extension  to  define 

* inline  expansions  for  various  operations. 

* 

* The  massively  cool  part  is  that  the  assembler  can  have  inputs 

* and  outputs,  and  you  specify  the  operands  and  which  effective 

* addresses  are  legal  and  they  get  substituted  into  the  code. 

* (For  example,  some  of  the  code  requires  a zero.  Rather  than 

* specify  an  immediate  constant,  the  expansion  specifies  an  operand 

* of  zero  which  can  be  in  various  places.  This  lets  GCC  use  an 

* immediate  zero,  or  a register  which  contains  zero  if  it's  available.) 

* 

* The  syntax  is  a s m ( " a s m_c od e " : outputs  : inputs  : trashed) 

* %0,  %1  and  so  on  in  the  asm  code  are  substituted  by  the  operands 

* in  l e f t - 1 o- r i g h t order  (outputs,  then  inputs). 

* The  operands  contain  constraint  strings  and  values  to  use. 

* Outputs  must  be  lvalues,  inputs  may  be  rvalues.  In  the  constraints: 

* "a"  means  that  the  operand  must  be  in  eax. 

* "d"  means  that  the  operand  must  be  in  edx. 

* "g"  means  that  the  operand  may  be  any  effective  address. 

* "="  means  that  the  operand  is  assigned  to. 

* "%"  means  that  this  operand  and  the  following  one  may  be 

* interchanged  if  desirable. 

* "bcDSmn"  means  that  the  operand  must  be  in  ebx,  ecx,  esi,  edi,  memory, 

* or  an  immediate  constant.  (This  is  almost  the  same  as  "g" 

* but  allowing  it  in  eax  wouldn't  help  because  x is  already 

* assigned  there,  and  it  must  not  be  in  edx,  since  edx  is 

* overwritten  by  the  multiply  before  a and  b are  read.) 

* 

* Note  that  GCC  uses  AT&T  assembler  syntax,  which  is  rather 

* different  from  Intel  syntax.  The  length  (b,  w or  l)  of  the 

* operation  is  appended  to  the  opcode,  and  the  *second*  operand 

* is  the  destination,  not  the  first.  Finally,  the  register  names 

* are  all  preceded  with  "%".  (Doubled  here  because  % is  a 

* magic  character.) 

* / 


/*  (ph<<32)  + pi  = x*y  */ 

//define  mu  l 3 2_ppmm  ( p h , p l , x , y ) \ 

asm ("mull  %3"  : "=d"(ph),  "=a"(pl) 


/*  (ph<<32)  + pi  = x*y  + a */ 

//define  mu  l 3 2_ppmma  ( p h , p l , x , y , a ) \ 

asm ("mull  %3\n\t"  \ 

"addl  % 4 , % % e a x \ n \ t " \ 

"adcl  %5,%%edx"  \ 


" % a " ( x ) , " g " ( y ) ) 
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: " = &d " ( ph  ) , " = a " ( p L ) \ 

: " % a " ( x ) , " g " ( y ) , "bcDSmn" (a ) , "bcDSmn"(0)) 

/*  (ph<<32)  + pi  = x*y  + a + b */ 

#define  m u l 3 2_p pmm a a ( p h , p l , x , y , a , b ) \ 

asm ("mull  %3\n\t"  \ 

"addl  % 4 , % % e a x \ n \ t " \ 

"adcl  %6,%%edx\n\t"  \ 

"addl  % 5 , % % e a x \ n \ t " \ 

"adcl  %6,%%edx"  \ 

: " = &d " ( p h ) , " = a " ( p L ) \ 


: " % a " ( x ) , " g " ( y ) , " % b c D S mn  " ( a ) , "bcDSmn"(b),  "bcDSmn"(0)) 

/*  q = ((nh<<32)  + nl)  / d,  return  remainder.  nh  guaranteed  < d.  */ 

#undef  bniDiv21_32 

#define  b n i D i v 2 1 _3 2 ( q , n h , n L , d ) \ 

({unsigned  \ 

asm C " d i v L %4"  : " = d"(_),  " = a"(*q)  : "d"(nh),  "a"(nl),  "g"(d));  \ 

_;>) 

/*  No  quotient,  just  return  remainder  ( (nh<<32)  + nl)  % d */ 

#define  b n i M o d 2 1 _3 2 ( n h , n L , d ) \ 

({unsigned  \ 

asm ("divl  %3"  : "=d"(_)  : "d"(nh),  "a"(nl),  "g"(d)  : "ax");  \ 

_;>) 

#endif  /*  GNUC  */ 
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bni80386.s 


HUH  Assembly  primitives  for  bignum  library,  80386  family,  32-bit  code. 

HH H 

HUH  $ I d : bni80386.s,v  1 . 2 1 996/1  1 /1  2 01:42:42  mhw  Exp  $ 

HUH 

HUH  Several  primitives  are  included  here.  Only  bniMulAddl  is  *really* 

HUH  critical,  but  once  that's  written,  InmMulNl  and  bniMulSubl  are  quite 
HUH  easy  to  write  as  well,  so  they  are  included  here  as  well. 

HUH  bniDiv21  and  b n i M o d Q are  so  easy  to  write  that  they're  included,  too. 

HUH 

HUH  All  functions  here  are  for  32-bit  flat  mode.  I.e.  near  code  and 
HUH  near  data,  although  the  near  offsets  are  32  bits. 

HUH  Preserved  registers  are  esp,  ebp,  esi,  edi  and  ebx.  That  last 
HUH  is  needed  by  ELF  for  PIC,  and  differs  from  the  IBM  PC  calling 
HUH  convention. 


H Different 
a l i gn4  = 4 
a l i gn8  = 8 
align16=16 


assemblers  have  different 
H could  be  2 or  4 
H could  be  3 or  8 
H cound  be  4 or  16 


conventions  here 


.text 

H We  declare  each  symbol  with  two  names,  to  deal  with  ELF/a.out  variances, 
.globl  bniMulN1_32 
.globl  _bniMulN1_32 
.globl  bn i Mu l Ad d 1_32 
.globl  _bn i Mu l Add  1 _3 2 
.globl  b n i M u l S u b 1 _3 2 
.globl  _bn i M u l S u b 1 _3 2 

.globl  bniDiv2 1 3 2 

.globl  _bniDiv21_32 
.globl  bn i ModQ_32 
.globl  _bniModQ_32 


HH  Register  usage: 

HH  Zeax  - low  half  of  product 
HH  Zebx  - carry  to  next  iteration 
HH  Zecx  - multiplier  (k) 

HH  %edx  - high  half  of  product 
HH  %esi  - source  pointer 
HH  %edi  - dest  pointer 
HH  %ebp  - loop  counter 
HH 

HH  Stack  frame: 


HH  | 
HH  + 
HH  | 


k 

l e n 
i n 


HH  | 

HH  + + 

HH  | out  | 

HH  + + 

HH  | return  | 

HH  + + 

HH  | % e s i | 


% e s p + 2 0 

% e s p + 2 4 

% e s p + 2 8 

% e s p + 3 2 

%esp+36 

% e s p + 1 6 

% e s p + 2 0 

% e s p + 2 4 

%esp+28 

%esp+32 

% e s p + 1 2 

% e s p + 1 6 

%e  sp  + 20 

%esp+24 

%esp+28 

% e s p + 8 

% e s p + 1 2 

% e s p + 1 6 

%esp+20 

%esp+24 

/ e s p+4 

%esp+8 

% e s p + 1 2 

% e s p + 1 6 

%esp+20 

/ e s p 

%esp+4 

%esp+8 

/ e s p + 1 2 

% e s p + 1 6 
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tttt  + + 

% e s p 

%esp+4 

% e s p + 8 

% e s p + 1 2 

tttt  | %ebp  | 

tttt  + + 

% e s p 

/ e s p + 4 

% e s p + 8 

tttt  | %ebx  | 

tttt  + + 

% e s p 

%esp+4 

tttt  | %ed  i | 

Utt  + + 

% e s p 

.align 

a l i g n 1 6 

b n i M u l N 1 _3  2 : 

_bniMulN1_32 : 

pu  s h l 

% e s i 

tt  U 

m o v l 

1 2 ( % e s p ) , % e s i 

tt  V 

load  in 

pu  s h l 

%ebp 

tt  U 

mo  v l 

20 ( %esp  ) , %ebp 

tt  V 

load  l e n 

pu  s h l 

%ebx 

tt  U 

mo  v l 

28(%esp),%ecx 

tt  V 

load  k 

pu  s h l 

% ed  i 

tt  u 

mo v l 

20(%esp),%edi 

tt  V 

load  out 

tttt  First  multi 

ply  step  has  no 

carry  in. 

mo  v l 

(%esi  ) , % e a x 

tt  V 

leal 

-4(,%ebp,4),%ebx 

tt  U 

loop  unroll 

i ng 

mull 

% e c x 

tt  NP 

first  multi 

P l y 

mo  v l 

%eax,(%edi  ) 

tt  U 

a nd  l 

$1 2,%ebx 

tt  V 

loop  unroll 

i ng 

a dd  l 

%ebx  , %e  s i 

tt  U 

loop  unroll 

i ng 

a d d l 

%ebx,%edi 

tt  V 

loop  unroll 

i ng 

j mp 

*m32_jumptable(%ebx) 

tt  NP 

loop  unroll 

i ng 

.align 

a l i g n 4 

m32_jumptable: 

.long 

m3 2_c  a s e 0 

.long 

m3 2_c  a s e 1 

.long 

m3 2_c  a s e 2 

.long 

m3  2_c  a s e 3 

nop 

.align 

a l i g n 8 

nop 

nop 

nop 

tt  Get  loop  nicely  aligned 

m32_case0: 

s u b l 

$4, %ebp 

tt  U 

j be 

m32_done 

tt  V 

m32_l oop : 

mo v l 

4(%esi  ),%eax 

tt  u 

mo  v l 

%edx,%ebx 

tt  V 

Remember 

carry  for 

later 

add  l 

$1 6,%esi 

tt  u 

add  l 

$1 6,%edi 

tt  V 

mull 

% e c x 

tt  NP 

add  l 

%ebx,%eax 

tt  U 

Add  carry  in  from  previous 

a d c l 

$ 0 , % e d x 

tt  U 

mo  v l 

%eax,-1 2 ( % e d i ) 

tt  V 

m3  2 case3: 


363 


Iib/bn/bni80386.s 


movl  -8 ( % e s i ) , / e a x ft  U 

movl  %edx,%ebx  ft  V 

mull  %ecx  ft  N P 

addl  %ebx,%eax  # U 

adcl  $0 , % edx  # U 

movl  % e a x , -8  ( % ed  i ) ft  V 

m3 2_c a s e 2 : 

movl  -4 ( % e s i ) , % e a x ft  U 

movl  %edx,%ebx  ft  V 

mull  % e c x ft  N P 

addl  %ebx,%eax  ft  1) 

adcl  $0 , % e d x ft  U 

movl  % e a x , -4 ( % ed i ) ft  V 

m3 2_c a s e 1 : 

movl  (%esi),%eax  ft  U 

movl  %edx,%ebx  ft  V 

mull  %ecx  #NP 

addl  %ebx,%eax  ft  1) 

adcl  $0,%edx  #1) 

movl  %eax,(%edi)  ft  V 

subl  $4,%ebp  ft  U 

j a m32_l  oop  ft  V 

m32_done : 

movl  % ed  x , 4 ( % ed  i ) ft  1) 

popl  %edi  ft  V 

popl  %ebx  ft  U 

popl  %ebp  ft  V 

popl  %es  i ft  U 

ret  ft  N P 


.align  align16 
bniMulAddl _32 : 
bniMulAddl  32: 


pu  s h l 

% e s i 

ft 

U 

movl 

12(%esp),%esi 

# 

V 

pus  h l 

%ed  i 

ft 

u 

movl 

12(%esp),%edi 

ft 

V 

pu  s h l 

%ebp 

ft 

u 

movl 

24(%esp),%ebp 

ft 

V 

p u s h l 

%ebx 

ft 

u 

movl 

32(%esp),%ecx 

ft 

V 

ft  ft  First  multiply  step  has  no  carry 
mov  l (%esi),%eax 

movl  (%edi),%ebx 

mull  % e c x 

addl  %eax,%ebx 

leal  -4( ,%ebp,4) ,%eax 
adcl  $0,%edx 

andl  $12,%eax 

movl  %ebx,(%edi) 

addl  %eax,%esi 

addl  %eax,%edi 


Remember  carry  for  later 

Add  carry  in  from  previous  word 


Remember  carry  for  later 

Add  carry  in  from  previous  word 


Remember  carry  for  later 

Add  carry  in  from  previous  word 


load  in 
load  out 
load  l en 
load  k 


ft 

V 

ft 

u 

ft 

NP 

first 

multiply 

ft 

U 

ft 

V 

loop 

unrolling 

ft 

u 

ft 

V 

loop 

unrolling 

ft 

u 

ft 

V 

loop 

u n r o l ling 

ft 

u 

loop 

un  r o l ling 
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jmp  *ma 32_ j ump t a b L e ( %ea x ) tt  NP  loop  unrolling 

.align  align4 
ma  3 2_  j ump  t a b l e : 

.long  ma  3 2_c  a s e 0 
.long  ma  3 2_c  a s e 1 
.long  ma  3 2_c  a s e 2 
.long  ma  3 2_c  a s e 3 

.align  align8 

nop 

nop 


nop 

tt 

To 

align  loop  properly 

ma  32_ 

.caseO: 

s ub  l 

$4 , %ebp 

# 

U 

j b e 

ma  3 2_d  one 

n 

V 

ma32_ 

.loop: 

mo  v l 

4 ( % e s i ) , % e a x 

n 

U 

mo  v l 

%edx,%ebx 

u 

V 

Remembe  r 

carry  for 

later 

add  l 

$ 1 6 , % e s i 

# 

u 

a dd  l 

$ 1 6 , % e d i 

# 

V 

mull 

% e c x 

# 

NP 

add  l 

%ebx,%eax 

n 

U 

Add  carry 

in  from 

previous 

word 

mo v l 

— 1 2(%edi ),%ebx 

# 

V 

a d c l 

$0 , % e d x 

# 

U 

a dd  l 

%eax,%ebx 

tt 

V 

a d c l 

$0  , % e dx 

# 

u 

mo  v l 

%ebx,-12(%edi  ) 

n 

V 

ma  3 2_ 

.c  a s e 3 : 

m o v l 

-8 ( % e s i ),%eax 

# 

u 

m o v l 

%edx,%ebx 

# 

V 

Remembe  r 

carry  for 

later 

mull 

% e c x 

u 

NP 

add  l 

%ebx,%eax 

tt 

U 

Add  carry 

in  from 

previous 

word 

mo  v l 

-8 ( %ed i ) , %ebx 

tt 

V 

a d c l 

SO , % e d x 

tt 

U 

add  l 

%eax,%ebx 

tt 

V 

a d c l 

$0, %edx 

tt 

u 

mo  v l 

%ebx,-8(%edi  ) 

tt 

V 

ma  32_ 

c a s e 2 : 

m o v l 

-4 ( % e s i ),%eax 

tt 

u 

m o v l 

%edx,%ebx 

tt 

V 

Remember 

carry  for 

later 

mull 

/ e c x 

tt 

NP 

a dd  l 

%ebx,%eax 

tt 

U 

Add  carry 

in  from 

previous 

word 

mo  v l 

-4 ( %ed i ),%ebx 

tt 

V 

a d c l 

$0 , % ed  x 

tt 

U 

a d d l 

%eax,%ebx 

tt 

V 

a d c l 

$0 , / e d x 

tt 

u 

mo v l 

%ebx,-4(%edi  ) 

tt 

V 

ma32_ 

easel  : 

m o v l 

(%esi  ) , % e a x 

tt 

u 

m o v l 

%edx,%ebx 

tt 

V 

Remember 

carry  for 

later 

mull 

/ e c x 

tt 

NP 

add  l 

%ebx  , %eax 

tt 

U 

Add  carry 

in  from 

previous 

word 

mo  v l 

( % e d i ) , % e b x 

tt 

V 

a d c l 

$0, %edx 

tt 

U 

a d d l 

%eax,%ebx 

tt 

V 
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adcl  $0 , % e d x tt  U 

movl  %ebx , ( %ed  i ) tt  V 

subl  $4, %ebp  tt  U 

ja  ma  32_l oop  tt  V 


ma  3 2_d  one: 

pop  L %ebx 

pop  L %ebp 

movl  %edx,%eax 

pop  L %ed i 

po p l % e s i 

ret 


tt  U 
tt  V 

tt  u 

tt  V 

tt  u 

tt  NP 


.align  align16 

bn i Mu l Sub1_32 : 

_bn i Mu l Sub1_32 : 

pu s h l / e s i 

mov l 1 2 ( %esp  ) 

pushl  %edi 

movl  12(%esp) 

pushl  %ebp 

mov l 24(%esp) 

pushl  %ebx 

mov l 32(%esp) 


tt 

U 

% e s i 

tt 

V 

load 

i n 

# 

u 

%ed  i 

tt 

V 

load 

out 

tt 

u 

%ebp 

tt 

V 

load 

l e n 

tt 

u 

% e c x 

# 

V 

load 

k 

multi 

ply  step  has  no  carry 

movl 

(%esi  ),%eax 

movl 

(%edi ),%ebx 

mull 

% e c x 

subl 

%eax,%ebx 

leal 

-4(,%ebp,4),%eax 

adcl 

$0, %edx 

a nd  l 

$12,%eax 

movl 

%ebx,(%edi) 

*/ 

tt  V 

tt  U 

tt  NP 

tt  U 

tt  V 

tt  U 

tt  V 

U U 


first  multiply 
loop  unrolling 
loop  unrolling 


addl  %eax,%esi 

addl  %eax,%edi 


tt  V loop  unrolling 
tt  U loop  unrolling 


j mp 


*m s 3 2_ j ump t a b l e ( % e a x ) tt  NP 


loop  unrolling 


.align 

m s 3 2_ j umptable : 

.long 

.long 

.long 

.long 


a l i g n 4 

m s 3 2_c  a s e 0 
m s 3 2_c  a s e 1 
m s 3 2_c  a s e 2 
ms32  case3 


.align  align8 

nop 

nop 

nop 


ins32_case0: 

subl  $4,%ebp 

j b e m s 3 2_d  one 


# U 
U V 


ms32_l oop : 
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mo  v l 

4(%esi  ) , % e a x 

U 

U 

mo  v l 

%edx , %ebx 

ft 

V 

Remember 

carry  for 

later 

add  l 

$ 1 6 , % e s i 

ft 

U 

a dd  l 

$ 1 6 , % e d i 

ft 

V 

mull 

% e c x 

ft 

NP 

add  l 

%ebx,%eax 

ft 

U 

Add  carry 

in  from 

previous 

word 

mo  v l 

-12(%edi  ),%ebx 

ft 

V 

a d c l 

$0 , I ed  x 

ft 

U 

s u b l 

%eax,%ebx 

ft 

V 

a d c l 

$ 0 , % ed  x 

ft 

U 

mo  v l 

%ebx,-1 2 (%edi  ) 

ft 

V 

m s 3 2 

_c  a s e 3 : 

mo  v l 

- 8 ( % e s i ),%eax 

ft 

U 

mo v l 

7edx,%ebx 

ft 

V 

Remember 

carry  for 

later 

mull 

/ e c x 

ft 

NP 

add  l 

%ebx,%eax 

ft 

U 

Add  carry 

in  from 

previous 

word 

mo  v l 

-8 ( % e d i ),%ebx 

ft 

V 

a d c l 

$ 0 , % ed  x 

ft 

U 

s u b l 

%eax,%ebx 

ft 

V 

a d c l 

$ 0 , % ed  x 

ft 

U 

mo  v l 

%ebx,-8(%edi  ) 

ft 

V 

m s 3 2 

_c  a s e 2 : 

mo  v l 

-4 ( % e s i ) , % e a x 

ft 

u 

mo  v l 

%edx, %ebx 

ft 

V 

Remember 

carry  for 

later 

mull 

% e c x 

ft 

NP 

add  l 

%ebx,%eax 

ft 

u 

Add  carry 

in  from 

previous 

word 

m o v l 

-4(%edi  ) , % e bx 

ft 

V 

a d c l 

$ 0 , / ed  x 

ft 

u 

s u b l 

%eax,%ebx 

ft 

V 

a d c l 

$ 0 , % e d x 

ft 

u 

mo  v l 

%ebx,-4(%edi ) 

ft 

V 

ms32. 

_c  a s e 1 : 

mo  v l 

( % e s i ) , % e a x 

ft 

u 

mo  v l 

%edx,%ebx 

ft 

V 

Remember 

carry  for 

later 

mull 

% e c x 

ft 

NP 

a d d l 

%ebx,%eax 

ft 

U 

Add  carry 

in  from 

previous 

word 

mo  v l 

(%edi),%ebx 

ft 

V 

a d c l 

$ 0 , % e d x 

ft 

u 

s u b l 

%eax,%ebx 

ft 

V 

a d c l 

SO , % ed  x 

ft 

u 

mo  v l 

%ebx,(%edi) 

ft 

V 

s u b l 

$ 4 , % e b p 

ft 

u 

j a 

m s 3 2_l oo  p 

ft 

V 

ms32_ 

_done  : 

popl 

% e bx 

ft 

u 

pop  l 

% e bp 

ft 

V 

mo v l 

%edx,%eax 

ft 

u 

popl 

%ed  i 

ft 

V 

popl 

% e s i 

ft 

u 

ret 

ft 

NP 

ft  ft  Two-word  by 

one-word  divide. 

Stores 

quotient. 

returns 

remainder 

ft  ft  BNW0RD32  bniDiv21_32(BNW0RD32 

*q. 

BNW0RD32  nh. 

BNW0RD32 

nl,  BNW0RD32 

ft  it 

4 

8 

1 2 

1 6 

.align  align16 
bn i D i v2  1 32: 
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bn i D i v2 1 32: 


movl 

8(%esp),%edx 

ft 

U 

Load  nh 

movl 

12(%esp),%eax 

ft 

V 

Load  n l 

movl 

4(%esp),%ecx 

ft 

u 

Load  q 

d i v l 

16(%esp) 

ft 

NP 

movl 

%eax,(%ecx) 

ft 

U 

Store  quotient 

movl 

ret 

%edx,%eax 

ft 

V 

Return  remainder 

tttt  Multi-word  by  one-word  remainder. 

tttt  This  speeds  up  key  generation.  It's  not  worth 

tttt  using  32-bit  divides  is  enough  of  a speedup. 

tttt 


unrolling  and  so  on; 


tttt  The  modulus  (in  %ebp)  is  often  16  bits.  Given  that  the  dividend  is  32 
tttt  bits,  the  chances  of  saving  the  first  divide  because  the  high  word  of  the 
tttt  dividend  is  less  than  the  modulus  are  low  enough  it's  not  worth  taking 
tttt  the  cycles  to  test  for  it. 
tttt 

tttt  unsigned  b n i M o d Q_3 2 ( B N W 0 R D 3 2 const  *n,  unsigned  len,  unsigned  d) 
tttt  4 8 12 


.align  align16 
bn i ModQ_32 : 

_bn i ModQ_32 : 

mov l 4(%esp),%eax 

pushl  % e bp 

movl  1 2 ( % e s p ) , % e bp 

pushl  %esi 

leal  -4 ( % e a x , % e bp , 4 ) , % e s i 

movl  2 0 ( % e s p ) , % e c x 

xorl  %edx,%edx 

modq32_l oop : 

movl  (%esi),%eax 

subl  $4,%esi 

d i v l % e c x 

dec l %ebp 

j nz  modq32_l oop 


ft  U Load  n 

ft  V 

tt  U Load  len 

ft  V 
tt  U 

tt  V Load  d 

tt  U Clear  MSW  for  first  divide 

tt  U 
ft  V 

# NP 

# U 

# V 


pop  l 

% e s i 

movl 

%edx,%eax 

pop  l 

%ebp 

ret 

ft  U 
ft  V 
ft  U 
ft  NP 
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bni8086.asm 


;;;  Assembly  primitives  for  bignum  library,  80x86  family. 


;;;  $ I d : bni8086.asm,v  1.3. 2.1  1996/11/14  04:09:22  cbertsch  Exp  $ 


iff 

;;;  Several  primitives  are  included  here.  Only  bniMulAddl  is  * r e a l l y * 

;;;  critical,  but  once  that's  written,  bniMull  and  bniSubl  are  quite 
;;;  easy  to  write  as  well,  so  they  are  included  here  as  well. 

;;;  bniDiv21  and  bniModQ  are  so  easy  to  write  that  they're  included,  too. 


f f f 
f f f 
/ / / 
f f f 
r r r 

r r r 


All  functions  here  are  for  large 
All  use  standard  "cdecl"  calling 
stack  (ss:sp)  right  to  left  (the 
and  popped  by  the  caller,  return 
usage  as  follows: 


code,  large  data. 

convention:  arguments  pushed  on  the 
leftmost  agrument  at  the  lowest  address) 
values  in  ax  or  dx:ax,  and  register 


;;;  Cal  lee-save  (preserved  by  cal  lee  if  needed): 

;;;  ss,  esp,  cs,  eip,  ds,  esi,  edi,  ebp,  high  byte  of  FLAGS  except  DF, 

;;;  all  other  registers  (CRx,  D R x , TRx,  IDT,  GDT,  LDT,  TR,  etc.). 

;;;  Caller-save  (may  be  corrupted  by  cal  lee)  : 

;;;  es,  eax,  ebx,  ecx,  edx,  low  byte  of  flags  (SF,  ZF,  AF,  PF,  CF) 

r r r 

;;;  The  direction  flag  (DF)  is  either  preserved  or  cleared. 

;;;  I'm  not  sure  what  the  calling  convention  is  for  fs  and  gs.  This 
;;;  code  never  alters  them. 


; ; Not  all  of  this  code  has  to  be  '386  code,  but  STUPID  FUCKING  M A S M (5.0) 
; ; gives  an  error  if  you  change  in  the  middle  of  a segment.  Rather  than 
; ; fight  the  thing,  just  enable  '386  instructions  everywhere.  (And  lose 
; ; the  error  checking.) 

.386 


TEXT  segment  para  public  use16  'CODE'  ; 16-byte  aligned  because  '486  cares 
assume  cs: _T  EXT 

public  _bniMuLN1_16 
public  _bn i Mu l Add1_1 6 
public  _b n i M u l S u b 1 _1 6 
public  _bniDiv21_16 
public  _bniModQ_16 

public  _bniMulN1_32 
public  _b n i M u l Add  1 _32 
public  _b n i M u l S u b 1 _3 2 
public  _bniDiv21_32 
public  _bniModQ_32 

public  _n o t 386 


;;  Prototype: 

; ; B N W 0 R D 1 6 

;;  bn i Mu l Ad d_1 6 ( BN WO R D 1 6 *out,  BNW0RD16  *in,  unsigned  len,  BNW0RD16  k) 

;;  Multiply  len  words  of  "in"  by  k and  add  to  len  words  of  "out"; 

; ; return  the  len  + lst  word  of  carry.  All  pointers  are  to  the  least- 
;;  significant  ends  of  the  appropriate  arrays.  len  is  guaraneed  > 0. 

/ F 

; ; This  16-bit  code  is  optimized  for  an  8086/80286.  It  will  not  be  run 
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;;  on  32-bit  processors  except  for  debugging  during  development. 

f f 

;;  NOTE  that  it  may  be  possible  to  assume  that  the  direction  flag  is  clear 
; ; on  entry;  this  would  avoid  the  need  for  the  cld  instructions.  Hoewever, 
; ; the  Microsoft  C libraries  require  that  the  direction  flag  be  clear. 

; ; Thus,  b n i M o d Q_ 1 6 clears  it  before  returning. 


; ; Stack  frame: 

; ; + + bp  + 18 

;;  I k | 

; ; h + bp  + 16 

; ; I l e n I 

;;  + + bp  + 14 

;;  I I 

;;  +-  in  -+ 

; ; I I 

; ; + + bp  + 10 

; ; I I 

;;  +-  out  - + 

; ; I I 

;;  + + bp  + 6 

; ; I I 

;;  +-return-+ 

;;  I I 

;;  h n bp  + 2 

; ; I old  bp  | 

; ; + + bp 


;;  Register 
; ; d s : C s i II 
; ; e s : E d i II 
; ; bp 
/ ; c x 
; ; d x , a x 
; ; bx 


usage  for  bniMul1_16: 
i n 
out 
k 

loop  counter  (len/4) 
high, low  parts  of  product 
carry  from  previous  multiply 


iteration 


; ; Register  usage  for  bniMulAdd1_16  and  bniMulSub1_16 


f r 
f r 
r r 

r r 

r f 


d s : C s i II 
es:Cbx  + siII 
bp 
c x 

d x , a x 
d i 


i n 

out 

k 

loop  counter  (len/4) 
high, low  parts  of  product 
carry  from  previous  multiply 


iteration 


; ; The  reson  for  the  difference  is  that  straight  mul  can  use  stosw,  but 
;;  the  multiply  and  add  or  multiply  and  subtract  add  the  result  in,  so 
;;  they  have  to  reference  es:Cdi]  to  add  it  in. 


;;  The  options  are  either  "add  ax,es:CdiH;  stosw"  or  "add  es:CdiII,ax; 

;;  add  di,2";  both  take  10  cycles  on  an  80286,  27  on  an  8086  and  35  on 
;;  an  8088  although  the  former  is  preferred  since  it's  one  byte  smaller. 
;;  However,  using  Cbx+siU  is  even  faster;  "add  es:Cbx+si],ax"  takes 
;;  7 cycles  on  an  80286,  25  on  an  8086  and  33  on  an  8088,  as  well  as 
;;  being  the  smallest.  (Of  course,  stosw,  at  3 on  an  80286,  11  on  an 
;;  8086  amd  15  on  an  8088  wins  easily  in  the  straight  multiply  case  over 
;;  mov  es:Cbx+siII,ax,  which  takes  3/18/22  cycles  and  is  larger  to  boot.) 


;;  Most  of  these  register  assignments  are  driven  by  the  8086's  instruction 
;;  set.  The  only  really  practical  variation  would  be  to  put  the  multiplier 
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; ) k into  bx  or  di  and  use  bp  for  carry,  but  if  someone  can  make  a faster 
} r Duff's  device  using  a Lookup  table,  bx  and  di  are  useful  because  indexing 
; ; off  them  is  more  flexible  than  bp. 

/ r 

; ; Overview  of  code: 

/ / 

;;  len  is  guaranteed  to  be  at  least  1,  so  do  the  first  multiply  (with  no 
r i carry  in)  unconditionally.  Then  go  to  a min  loop  unrolled  4 times, 

; ; jumping  into  the  middle  using  a variant  of  Duff's  device. 


/ / 

The 

loop  is 

constructed  using 

the  loop  instruction,  which 

does 

/ f 

"} 

while  ( - 

-cnt)".  This  means  that  we  have  to  divide 

the 

count 

r / 

by 

4,  and  increment  it  so  it 

doesn't  start  at  0.  To 

gain 

a little 

a r 

b i t 

more  efficiency,  we  actually  increment  the  count 

by  2, 

so  the 

r r 

minimum  possible  value  is  3, 

which  will  be  shifted  down  to 

produce 

r r 

usually  in 

Duff's  device,  if 

the  number  of  iterations 

is  a 

mu  1 1 i p l 

f r 

o f 

the  unrolling  factor,  you 

branch  to  just  before  the  loop  condit 

r f 

and 

let  it 

handle  the  case  of 

0.  Here,  we  have  a special 

test  for 

F F 

a t 

the  head 

of  the  loop  and  fall  through  into  the  top 

of  the  loop 

F F 

i f 

it  passes. 

F F 

F F 

Basically, 

with  STEP  being  a 

multiply  step,  it's: 

F F 

F F 

STEP; 

F F 

count 

+ = 2; 

F F 

mod4  = 

count  % 4 ; 

F F 

count 

/=  4; 

F F 

switch(mod4)  { 

F F 

case 

3 : 

F F 

if  (count)  { 

F F 

do  { 

F F 

STEP; 

F F 

case 

2 : 

F F 

STEP; 

F F 

case 

1 : 

F F 

S T E P ; 

F F 

case 

0 : 

F F 

S T E P ; 

F F 

F F 

> while 

> 

(--count); 

F F 

F F 

F F 

The 

switchO  is  actually  done 

by  two  levels  of  branch 

instructions 

F F 

rather  than 

a lookup  table. 

_bniMulN1_16 

proc  far 

push 

bp 

mo  v 

bp,  sp 

push 

d s 

push 

s i 

push 

d i 

c l d 

l e s 

di  , C b p + 6 3 

; out 

Ids 

si  , C bp  + 1 0 3 

; i n 

mo  v 

cx,Cbp+143 

; len 

mo  v 

bp,Ebp+163 

; k 

0 . 


371 


Iib/bn/bni8086.asm 


; ; First  multiply  step  has  no  carry  in 
l odsw 


mu  l 

bp 

stosw 

; ; The  switchO  for  Duff's  device  starts  here 

; ; Note:  this  * i s * faster  than  a jump  table  for  an  8086  and  '286. 


; ; 8086:  jump 

; ; 80286:  jump 
shr 
j c 

table:  4 4 cycles;  this:  27/29/31/41 
table:  25  cycles;  this:  17/17/20/22 
c x , 1 

SHORT  ml 6_odd 

i n c 
shr 
j c 

j mp 

c X 

c x , 1 

SHORT  ml 6_c  a s e 2 

SHORT  ml 6_c  a s eO 

nop 

ml 6_odd : 

; To  align  loop 

i n c 
shr 
j n c 

j z 

c X 

C X , 1 

SHORT  m 1 6_c a s e 1 

SHORT  m16_done  ; Avoid  entire  loop  in  this  case 

ml 6_l oop : 

l odsw 

mo  v 

mu  l 
add 
a d c 

stosw 

m 1 6_c  a s e 2 : 

l o d s w 

bx,dx  ; Remember  carry  for  later 

bp 

ax,bx  ; Add  carry  in  from  previous  word 

dx  , 0 

mo  v 

mu  l 
add 
a d c 
stosw 

m 1 6_c  a s e 1 : 

l od  s w 

bx,dx  ; Remember  carry  for  later 

bp 

ax,bx  ; Add  carry  in  from  previous  word 

dx  , 0 

m o v 

mu  l 
add 
a d c 

stosw 

m 1 6_c  a s e 0 : 

l odsw 

bx,dx  ; Remember  carry  for  later 

bp 

ax,bx  ; Add  carry  in  from  previous  word 

d x , 0 

m o v 

mu  l 
add 
a d c 

stosw 

bxrdx  ; Remember  carry  for  later 

bp 

a x , b x ; Add  carry  in  from  previous  word 

d x , 0 

loop 

m 1 6_l oop 

m 1 6_d  one: 

mo  v 

stosw 

pop 

a x , d x 

; Store  last  word 
d i 
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pop 

S 1 

pop 

d s 

pop 

bp 

ret 

_bn i Mu l N 1 _1 6 

endp 

align 

2 

_bn iMulAdd1_16 

p r o c far 

push 

bp 

mo  v 

bp,  sp 

push 

d s 

push 

s i 

push 

d i 

c l d 

l e s 

bx,Cbp+63 

r 

out 

l d s 

s i , C bp  + 1 0 3 

r 

i n 

mo  v 

cx,Cbp+143 

r 

ten 

mo  v 

bp,Cbp+16D 

r 

k 

;;  First  multiply  step  has  no  car 

r y in 

lodsw 

mu  l 

bp 

add 

es  : Cbx],ax 

r 

This  time,  store  in  Cbx]  directly 

a d c 

d x , 0 

sub 

bx  , s i 

r 

Prepare  to  use  Cbx+si3. 

; ; The  switchO 

for  Duff's  device 

starts  here 

; ; Note:  this  *i s*  taster  than  a 

jump  table  for  an  8086  and  '286. 

; ; 8086:  jump 

table:  44  cycles; 

this:  27/29/31/41 

; ; 80286:  jump 

table:  25  cycles; 

this:  17/17/20/22 

shr 

c x , 1 

j c 

SHORT  ma 1 6_odd 

i n c 

c X 

shr 

cx,1 

j c 

SHORT  mal 6_c  a s e 2 

j mp 

SHORT  mal 6_case0 

ma 1 6_odd : 

i n c 

c X 

shr 

c x , 1 

j n c 

SHORT  mal 6_c  a s e 1 

j z 

SHORT  mal 6_d  one 

/ 

Avoid  entire  loop  in  this  case 

ma 1 6_l oop : 

lodsw 

mo  v 

d i , d x 

/ 

Remember  carry  for  later 

m u l 

bp 

add 

a x , d i 

/ 

Add  carry  in  from  previous  word 

a d c 

d x , 0 

add 

es:Cbx+si3,ax 

a d c 

d x , 0 

ma 1 6_c  a s e 2 : 

lodsw 

mo  v 

d i , d x 

/ 

Remember  carry  for  later 
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mu  l 

bp 

add 

a x , d i 

a d c 

d x , 0 

add 

es:Cbx+si3,ax 

a d c 

d x , 0 

ma  1 6_ 

.easel  : 
l od  s w 

mov 

d i , d x 

mu  l 

bp 

add 

a x , d i 

a d c 

d x , 0 

add 

es:  [bx  + si ] , a x 

a d c 

dx  , 0 

ma  1 6_ 

.caseO: 

lodsw 

mov 

d i , d x 

mu  l 

bp 

add 

a x , d i 

a d c 

d x , 0 

add 

es  : [bx  + si ],ax 

a d c 

d x , 0 

; Add  carry  in  from  previous  word 

; Remember  carry  for  later 
; Add  carry  in  from  previous  word 

; Remember  carry  for  later 
; Add  carry  in  from  previous  word 


loop  ma 1 6_l oop 


m a 1 6_d  one: 

mov  ax,dx 

pop  d i 

pop  si 

pop  ds 

pop  bp 

ret 


b n i M u l A d d 1 _1 6 endp 
align  2 

bn  i Mu  l Sub1_1 6 proc  far 


push 

bp 

mov 

bp,  sp 

push 

d s 

push 

s i 

push 

d i 

c l d 

l e s 

bx , [ bp  + 6 3 

; out 

l d s 

s i , H bp  + 1 0 3 

; i n 

mov 

c x , C bp  + 1 4 3 

; l e n 

mov 

bp, [ bp  + 1 6 3 

; k 

; ; First  multiply  step  has  no  carry  in 


lodsw 

m u l 

bp 

sub 

es:Cbx3,ax 

; This  time,  store  in  Cbx3  directly 

a d c 

d x , 0 

sub 

b x , s i 

; Prepare  to  use  Cbx+siH. 

; ; The 

s w i t c h ( ) 

for  Duff's  devi 

ce  starts  here 

; ; Note 

: this  *i s*  faster  than 

a jump  table  for  an  8086  and  '286. 

;;  8086 

: jump 

table:  44  cycles 

; this:  27/29/31/41 
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;;  80286:  jump 

shr 
j c 

table:  25  cycles;  this:  17/17/20/22 
c x , 1 

SHORT  msl 6_o  d d 

i n c 
shr 
j c 

j mp 

cx 

C X , 1 

SHORT  msl 6_c  a s e 2 

SHORT  msl 6_c  a s e 0 

m s 1 6_o  d d : 

i n c 
shr 
j n c 
j z 

cx 

C X , 1 

SHORT  msl 6_c  a s e 1 

SHORT  ms16_done  ; Avoid  entire  loop  in  this  case 

m s 1 6_l o o p : 

L odsw 

m o v 

m u L 
add 
a d c 
sub 
a d c 

ms16_case2: 

L o d s w 

di,dx  ; Remember  carry  for  later 

bp 

ax,di  ; Add  carry  in  from  previous  word 

d x , 0 

es  : Ebx  + si ],ax 
d x , 0 

mo  v 

mu  L 
add 
a d c 
sub 
a d c 

m s 1 6_c  a s e 1 : 

Lodsw 

di,dx  ; Remember  carry  for  later 

bp 

a x , d i ; Add  carry  in  from  previous  word 

d x , 0 

es:Cbx+si3,ax 
d x , 0 

mo  v 

mu  L 
add 
a d c 
sub 
a d c 

m s 1 6_c  a s e 0 : 

Lodsw 

di,dx  ; Remember  carry  for  later 

bp 

a x , d i ; Add  carry  in  from  previous  word 

d x , 0 

e s : C bx  + s i 3 , a x 
d x , 0 

mo  v 

m u L 
add 
a d c 
sub 
a d c 

di,dx  ; Remember  carry  for  later 

bp 

ax,di  ; Add  carry  in  from  previous  word 

d x , 0 

es  : Ebx  + si ],ax 
dx  , 0 

loop 

msl 6_l oop 

m s 1 6_d  one: 

mo  v 

pop 

a x , d x 
d i 

pop 

pop 

pop 

ret 

s i 
ds 
bp 

_bniMulSub1_16 

endp 
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;;  Two-word  by  one-word  divide. 


;;  BNW0RD1 6 bniDiv21_16(BNW0RD16 


align 

bniDiv21__16 
mo  v 
mo  v 
mo  v 
mo  v 
d i v 
l e s 
m o v 
mo  v 
mo  v 
ret 


2 

proc  far 

c x , bp 

bp,  sp 

dx , H bp  + 8 3 

a x , C bp  + 1 0 3 

WORD  PTR  Cbp+123 

bx , [ bp  + 4 3 

es:Cbx],ax 

a x , d x 

bp,cx 


Stores  quotient,  returns  remainder. 

* q , BNW0RD1 6 nh,  BNW0RD1 6 nl,  BNW0RD1 6 d) 

8 10  12 


bp  NOT  pushed;  note  change  in  offsets 


nop 

bniDiv21  16 


; To  align  loop  in  bniModQ  properly 


endp 


Multi-word  by  one-word  remainder. 

BNW0RD16  b n i M o d Q_1 6 ( B N W 0 R D 1 6 *q,  unsigned  len,  unsigned  d) 


bniModQ 


6 

1 0 

1 2 

_1  6 

proc  far 

push 

bp 

m o v 

bp,  sp 

push 

d s 

mo  v 

bx  , s i 

mo  v 

cx,10Lbp3 

r 

load 

l e n 

l d s 

si , 6 C bp  3 

r 

load 

q 

s t d 

r 

loop 

MSW  to  LSW 

add 

s i , c x 

m o v 

bp, 1 2 C bp  3 

r 

load 

d 

add 

s i , c x 

x o r 

d x , d x 

r 

Set 

up  for  first  divide 

sub 

s i , 2 

r 

Adjust  pointer  to  point  t 

l od  s w 

f 

Load 

first  word 

cmp 

a x , bp 

r 

See 

if  we  can  skip  first 

j n c 

SHORT  modq 1 6_ 

i nner 

; No  such  luck 

mo  v 

dx,ax 

r 

Yes! 

Modulus  > input,  so 

dec 

C X 

r 

Do  loop 

j z 

SHORT  m o d q 1 6_ 

.done 

o MSW 

divide 
remai nder 


input 


modq16_loop: 

l od  s w 
m o d q 1 6_i nner: 

d i v 
loop 

m o d q 1 6_d  one: 

pop 
mo  v 
pop 
mo  v 
c l d 
ret 


bp 

modql 6_l oop 
d s 

ax,dx  ; Return  remainder 
bp 

s i , b x 

; Microsoft  C's  libraries  assume  this 
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bn i ModQ_1 6 endp 


; Similar,  but  using  32-bit  operations. 

/ 

; The  differences  are  that  the  switchC)  in  Duff's  device  is  done  using 
; a jump  table,  and  lods  is  not  used  because  it's  slower  than  load  and 
; increment.  The  pointers  are  only  updated  once  per  loop;  offset 
; addressing  modes  are  used,  since  they're  no  slower.  C d i □ is  used 
; instead  of  Cbx+siH  because  the  extra  increment  of  di  take  only  one 
; cycle  per  loop  a '486,  while  Cbx+siD  takes  one  extra  cycle  per  multiply. 


r 

The  register 

assignments  are  also  slightly  different: 

r 

/ 

e s : C s i ] 

i n 

r 

d s : C d i ] 

out 

r 

e c x 

k 

r 

bp 

loop  counter  (len/4) 

r 

ed  x , e a x 

high, low  parts  of  product 

r 

ebx 

carry  word  from  previous  multiply  iteration 

; The  use  of  bp  for  a loop  counter  lets  all  the  32-bit  values  go 
; in  caller-save  registers,  so  there's  no  need  to  do  any  32-bit 
; saves  and  restores.  Using  ds:di  for  the  destination  saves  one 
; segment  override  in  the  bniMulN1_32  code,  since  there's  one  more 
; store  to  CdiD  than  load  from  e s : H s i ] . 


Given  the  number  of  32-bit  references  that  this  code  uses,  optimizing 
it  for  the  Pentium  is  interesting,  because  the  Pentium  has  a very 
inefficient  implementation  of  prefix  bytes.  Each  prefix  byte,  with 
the  exception  of  OxOf  *>>  on  conditional  branch  instructions  ONLY  <<* 
is  a 1-cycle  non-pairiable  instruction.  Which  has  the  effect  of 
forcing  the  instruction  it's  on  into  the  U pipe.  But  this  code  uses 
★lots*  of  prefix  bytes,  notably  the  0x66  operand  size  override. 


; For  example  "add  CdiD,eax"  is  advised  against  in  Intel's  optimization 
; papers,  because  it  takes  3 cycles  and  2 of  them  are  not  pairable. 

; But  any  longer  sequence  would  have  a prefix  byte  on  every  instruction, 

; resulting  in  even  more  non-pai rable  cycles.  Also,  only  two  instructions 
; in  the  multiply  kernel  can  go  in  the  V pipe  (the  increments  of  si  and 
; di),  and  they're  already  there,  so  the  pairable  cycles  would  be  wasted. 


; Things  would  be  *quite*  different  in  native  32-bit  mode. 


; All  instructions  that  could  go  in  the  V pipe  that  aren't  there  are 
; marked. 

; The  setup  code  is  quite  intricately  interleaved  to  get  the  best  possible 
; performance  out  of  a Pentium.  If  you  want  to  follow  the  code, 

; pretend  that  the  sections  actually  come  in  the  following  order: 

; 1)  prologue  (push  registers) 

; 2)  load  (fetch  arguments) 

; 3)  first  multiply 
; 4)  loop  unrolling 

r 

; The  loop  unrolling  setup  consists  of  taking  the  count,  adjusting 
; it  to  account  for  the  first  multiply,  and  splitting  it  into 
; two  parts:  the  high  bits  are  a loop  count,  while  the  low  bits  are 
; used  to  find  the  right  entry  in  the  Duff's  device  jump  table  and 
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;;  to  adjust  the  initial  data  pointers. 

/ f 

; ; Known  slack:  There  is  one  instruction  in  the  prologue  and  one  in 
;;  the  epilogue  that  could  go  in  the  V pipe  if  I could  find  a U-pipe 
; ; instruction  to  pair  them  with,  but  all  the  U-pipe  instructions 
;;  are  already  paired,  so  it  looks  difficult. 

F F 

;;  There  is  a cycle  of  Address  Generation  Interlock  in  the  bniMulN1_32 
;;  code  on  the  Pentium  (not  on  a '486).  I can't  figure  out  how  to 
;;  get  rid  of  it  without  wasting  time  elsewhere.  The  problem  is  that 
; ; the  load  of  bx  needs  to  be  done  as  soon  as  possible  to  let  it 
;;  be  set  up  in  time  for  the  switchC).  The  other  problem  is  the 
;;  epilogue  code  which  can  waste  time  if  the  order  of  the  pushed 
;;  registers  is  diddled  with  so  that  ds  doesn't  come  between  si  and  di. 

F F 

;;  The  increment  of  si  after  the  last  load  is  redundant,  and  the 
;;  copy  of  the  high  word  of  the  product  to  the  carry  after  the  last 
;;  multiply  is  likewise  unnecessary. 

/ F 

;;  In  these  cases,  the  operations  were  done  that  way  in  order  to  remove 
;;  cycles  from  the  loop  on  the  '486  and/or  Pentium,  even  though  it  costs 
;;  a few  overhead  cycles  on  a '386. 

;;  The  increment  fo  si  has  to  be  done  early  because  a load  based  on  si 
;;  is  the  first  thing  in  any  given  multiply  step,  and  the  address 
;;  generation  interlock  on  the  '486  and  Pentium  requires  that  a full 
; ; cycle  (i.e.  possibly  two  instructions  on  a Pentium)  pass  between 
;;  incrementing  a register  and  using  it  in  an  address. 

; ; This  saves  one  cycle  per  multiply  on  a '486  and  Pentium,  and  costs 
;;  2 cycles  per  call  to  the  function  on  a '386  and  1 cycle  on  a '486. 

F F 

; ; The  carry  word  is  copied  where  it  is  so  that  the  decrement  of  the  loop 
; ; counter  happens  in  the  V pipe.  The  instruction  between  the  decrement 
;;  of  the  loop  counter  and  the  branch  should  be  a U-pipe  instruction  that 
;;  doesn't  affect  the  flags.  Thus,  the  "mov"  was  rotated  down  from 
;;  the  top  of  the  loop  to  fill  the  slot. 

;;  This  is  a bit  more  marginal:  it  saves  one  cycle  per  loop  iteration  on 
; ; a Pentium,  and  costs  2 cycles  per  call  on  a '386,  '486  or  Pentium. 

/ / 

;;  The  same  logic  applies  to  the  copy  of  the  carry  and  increment  of  si 
; ; before  the  test,  in  case  0,  for  skipping  the  loop  entirely. 

;;  It  makes  no  difference  in  speed  if  the  loop  is  executed,  but 
;;  incrementing  si  before  saves  an  address  generation  interlock  cycle 
;;  On  a '486  and  Pentium  in  the  case  that  the  loop  is  executed. 

;;  And  the  loop  is  executed  more  often  than  not. 

;;  Given  that  just  one  multiply  on  a '386  takes  12  to  41  cycles  (with  the 
;;  average  being  very  much  at  the  high  end  of  that)  4 cycles  of  additional 
;;  overhead  per  call  is  not  a big  deal. 

/ / 

;;  On  a Pentium,  it  would  actually  be  easier  to  * n o t * unroll  the  loop 
;;  at  all,  since  the  decrement  and  compare  are  completely  hidden 
;;  in  the  V-pipe  and  it  wouldn't  cost  anything  to  do  them  more  often. 

;;  That  would  save  the  setup  for  the  unrolling  and  Duff's  device  at  the 
; ; beginning.  But  the  overhead  for  that  is  pretty  minor:  ignoring  what's 
;;  hidden  in  the  V pipe,  it's  two  cycles  plus  the  indirect  jump. 

;;  Not  too  much,  and  special-casing  the  pentium  is  quite  a hassle. 

; ; (For  starters,  you  have  to  detect  it,  and  since  you're  probably  in 
;;  V86  mode,  without  access  to  the  EFLAGS  register  to  test  the  CPUID  bit.) 
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align 

1 6 

bniMulN1_32 

proc  far 

push 

bp 

r 

u 

mo  v 

bp,  sp 

f 

V 

push 

s i 

f 

u 

mo  v 

bx,Ebp+143 

r 

u 

push 

d s 

r 

NP 

l e s 

s i , Cbp  + 1 03 

f 

NP 

mo  v 

ecx,Cb p+163 

r 

u 

dec 

bx 

r 

V 

s h l 

bx  , 2 

f 

u 

push 

d i 

r 

V 

Ids 

di  , C bp  + 6 3 

f 

NP 

mo  v 

b p , b x 

r 

u 

and 

bx  , 1 2 

f 

V 

; First  multi 

ply  step  has  no 

carry 

mo  v 

eax,es:Csi3 

f 

u 

add 

s i , bx 

r 

V 

mu  l 

e c x 

F 

NP 

mo  v 

C d i 3 , e a x 

F 

U 

add 

d i , bx 

F 

V 

prologue 

prologue 

★ ★ 

Could 

be 

V 

prologue 

★ * 

Could 

be 

V 

load  l e n 

★ * 

Could 

be 

V ( AGI  ! ) r 

prologue 
load  in 
load  k 

loop  unrolling 
loop  unrolling 
prologue 
load  out 

loop  unrolling  **  Could  be  V 
loop  unrolling 

first  multiply 
loop  unrolling 
first  multiply 
first  multiply 
loop  unrolling 


;;  The  switchC)  for  Duff's  device.  This  jump  table  is 
;;  than  a bunch  of  branches  on  a '386  and  '486,  and  is 
; ; on  higher  processors. 

jmp  WORD  PTR  cs:m32_jumptableCbx3  ; NP 

align  2 

m32_j  umptab l e : 


dw 

OFFSET 

m3  2, 

_c  a s e 0 , 

0 

dw 

OFFSET 

m3  2 

_c  a s e 1 , 

0 

dw 

OFFSET 

m32. 

_c  a s e 2 , 

0 

dw 

OFFSET 

m3  2. 

_c  a s e 3 , 

0,  0,  0,  0 

; Get 

(slightly!)  faster 
probably  better  yet 

loop  unrolling 


loop  aligned  properly 


m32_case0: 

add 
test 
mo  v 
j be 


s i , 1 6 ; U 

b p , b p ; V 

e b x , e d x ;U 

SHORT  m32_done  ; V 


Fix  up  si  **  Could  be  V 

Remember  carry  for  later 

Avoid  entire  loop  if  loop  count  is  0 


m32_l oop : 

mo  v 
add 
mu  l 
add 
a d c 
mo  v 

m3 2_c a s e 3 : 

mo  v 
mo  v 
mu  l 
add 
a d c 
mo  v 

m3 2_c  a s e 2 : 

mo  v 
mo  v 


eax,es:Csi-123 

F 

U 

di  , 16 

F 

V 

e c x 

F 

NP 

eax, ebx 

F 

U 

Add  carry  in  from  previous 

word 

e d x , 0 

F 

U 

Cdi-123,eax 

F 

U 

e bx , e dx 

F 

U 

Remember  carry  for  later 

eax,es:Csi-83 

F 

U 

e c x 

F 

NP 

e a x , e bx 

F 

U 

Add  carry  in  from  previous 

word 

edx  , 0 

F 

U 

Cdi-83,eax 

F 

U 

ebx , edx 

F 

U 

Remember  carry  for  later 

eax,es:Csi-43 

F 

U 
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m u L 

e c x 

r 

NP 

add 

e a x , e bx 

f 

U 

Add  carry 

in  from 

previ ou  s 

word 

a d c 

edx  , 0 

r 

U 

mo  v 

Cdi-4D,eax 

f 

U 

m3 2_c  a s e 1 : 

mo  v 

ebx , edx 

r 

U 

Remember 

carry 

for 

later 

mo  v 

eax,es:Csi3 

r 

U 

mu  L 

e c x 

r 

NP 

add 

eax,ebx 

t 

U 

Add  carry 

in  from 

previous 

word 

a d c 

edx  , 0 

f 

U 

add 

s i , 1 6 

r 

V 

m o v 

C d i ] , e a x 

r 

U 

sub 

bp,  1 6 

f 

V 

mo  v 

ebx , edx 

F 

U 

Remember 

carry 

for 

later 

j a 

m32_L  oop 

F 

V 

m 3 2_d  one: 

mo  v 

Cdi+43,edx 

F 

U 

pop 

d i 

F 

V 

pop 

d s 

F 

NP 

pop 

s i 

F 

U 

**  Could 

be  V 

pop 

bp 

F 

V 

ret 

F 

NP 

_b  n i M u L N 1 _3  2 

endp 

align 

1 6 

_bniMulAdd1_32 

proc  far 

push 

bp 

; u 

prologue 

**  Could 

be  V 

mo  v 

bp,  sp 

; V 

prologue 

push 

d s 

; NP 

prologue 

mo  v 

ecx,Cbp+16] 

; U 

load  k 

mo  v 

bx , C bp  + 1 4 ] 

; v 

load  l e n 

push 

d i 

; u 

prologue 

**  Could 

be  V 

dec 

bx 

; v 

loop  unrolling 

l d s 

di ,Cbp+63 

; NP 

load  out 

s h l 

bx  , 2 

; u 

loop  unrolling 

push 

s i 

; v 

prologue 

l e s 

si,Cbp+103 

; NP 

load  in 

mo  v 

b p , b x 

; u 

loop  unrolling 

* * Could 

be  V 

and 

bx,  1 2 

; v 

loop  unrolling 

;;  First  multiply  step  has 

no  carry  in. 

m o v 

eax,es:Csi3 

; u 

first  multiply 

add 

s i , bx 

; v 

loop  unrolling 

mu  l 

e c x 

; NP 

first  multiply 

add 

C d i 3 , e a x 

; U 

first  multiply 

a d c 

edx  , 0 

; u 

first  multiply 

add 

d i , b x 

; v 

loop  unrolling 

;;  The  switchC) 

for  Duff's 

device.  T h i 

s jump  table  is 

(slightly 

! ) faster 

; ; than  a bunch 

of  branches 

on  a '386  and  '486,  and  is 

probably 

better  yet 

;;  on  higher  processors. 

j mp 

WORD  PTR  cs 

:ma32_jumptable[bx3  ; NP 

loop  unrolling 
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align  2 
ma32_J  umptab  l e : 


dw 

OFFSET  ma32_case0. 

0 

d w 

OFFSET  ma32_case1. 

0 

dw 

OFFSET  ma32_case2. 

0 

dw 

OFFSET  ma32_case3. 

o. 

0 ; To  get 

loop  aligned  properly 

ma  3 2 

_c  a s eO  : 

add 

s i , 1 6 

r 

U 

Fix  up  si 

**  Could  be 

V 

test 

bp,  bp 

r 

V 

mo  v 

ebx,edx 

r 

u 

Remember 

carry  for  later 

j b e 

SHORT  ma3 2_d one 

f 

V 

Avoid  entire  loop  if  loop  count 

ma32 

_l  oop  : 

m o v 

eax,es:Csi-12] 

f 

u 

add 

di  , 16 

r 

V 

mu  l 

e c x 

r 

NP 

add 

e a x , e bx 

f 

U 

Add  carry 

in  from  previous 

word 

a d c 

edx  , 0 

f 

U 

add 

Cdi-123,eax 

r 

U 

a d c 

edx  , 0 

r 

U 

m a 3 2 

_c  a s e 3 : 

mo  v 

ebx  , edx 

r 

U 

Remember 

carry  for  later 

mo  v 

eax,es:Csi-8] 

r 

u 

m u l 

e c x 

r 

NP 

add 

e a x , e bx 

F 

U 

Add  carry 

in  from  previous 

word 

a d c 

edx  , 0 

F 

U 

add 

Cdi-8],eax 

F 

U 

a d c 

edx  , 0 

F 

U 

ma  3 2 

_c  a s e 2 : 

mo  v 

ebx  , edx 

F 

U 

Remember 

carry  for  later 

mo  v 

eax,es:Csi-4] 

F 

U 

mu  l 

e c x 

F 

NP 

add 

e a x , e bx 

F 

U 

Add  carry 

in  from  previous 

word 

a d c 

e dx  , 0 

F 

U 

add 

Cdi-43,eax 

F 

U 

a d c 

edx  , 0 

F 

U 

ma  3 2 

_c  a s e 1 : 

mo  v 

ebx  , edx 

F 

U 

Remember 

carry  for  later 

mo  v 

eax,es  : [si ] 

F 

u 

mu  l 

e c x 

F 

NP 

add 

e a x , e bx 

F 

U 

Add  carry 

in  from  previous 

word 

a d c 

edx  , 0 

F 

U 

add 

s i , 1 6 

F 

V 

add 

Cdi  ],eax 

F 

u 

a d c 

edx  , 0 

F 

u 

sub 

bp,  1 6 

F 

V 

mo  v 

ebx , edx 

F 

u 

Remember 

carry  for  later 

j a 

ma32_l oop 

F 

V 

ma32 

_don e : 

pop 

si  ; U 

★ * 

Could  be  V 

pop 

d i ; V 

mo  v 

a x , d x ; U 

return 

value  low 

**  Could  be 

V 

pop 

d s ; N P 

shr 

edx, 16  ; U 

return 

value  high 

pop 

bp  ; V 

ret 

; NP 
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_bn i Mu  L Add1_32 

endp 

align 

1 6 

_bn i Mu l S ub 1 _3  2 

p r o c tar 

push 

bp 

; u 

prologue 

**  Could  be  V 

mo  v 

bp,  sp 

; V 

prologue 

push 

d s 

; NP 

prologue 

m o v 

ecx,Cbp+163 

; u 

load  k 

mo  v 

bx,Cbp+14] 

; v 

load  l e n 

push 

d i 

; u 

prologue 

* * Could  be  V 

dec 

bx 

; v 

loop  unrolling 

l d s 

di , [ bp  + 6 D 

; NP 

load  out 

s h l 

b x , 2 

; u 

loop  unrolling 

push 

s i 

; v 

prologue 

l e s 

si  , C bp  + 1 0 H 

; NP 

load  in 

mo  v 

bp,  bx 

; u 

loop  unrolling 

**  Could  be  V 

and 

bx,  1 2 

; v 

loop  unrolling 

;;  First  multiply  step  has  no  carry  i 

n . 

m o v 

eax,es  : [si ] 

; u 

first  multiply 

add 

s i , b x 

; v 

loop  unrolling 

mu  l 

e c x 

; NP 

first  multiply 

sub 

C d i II  , e a x 

; u 

first  multiply 

a d c 

e d x , 0 

; u 

first  multiply 

add 

d i , bx 

; v 

loop  unrolling 

; ; The  switchl) 

for  Duff's  devi 

ce.  This  jump  table  is 

(slightly!)  fast 

; ; than  a bunch 

of  branches  on 

a ' 386 

and  '486,  and  is 

probably  better 

;;  on  higher  processors. 

j mp 

WORD  PTR  c s : m s 3 2_ j ump t a b l e C bx D ; NP 

loop  unrolling 

align  2 

ms32_j  umptab l e : 

dw 

OFFSET  ms32_case0,  0 

d w 

OFFSET  ms32_case1,  0 

d w 

OFFSET  ms32_case2,  0 

d w 

OFFSET  ms32_case3,  0, 

0 ; To  get  loop  aligned  properly 

m s 3 2_c  a s e 0 : 

add 

s i , 1 6 

; u 

Fix  up  si 

**  Could  be  V 

test 

bp,  bp 

; v 

mo  v 

ebx , edx 

; u 

Remember  carry 

for  later 

j b e 

SHORT  ms32_done 

; v 

Avoid  entire  loop  if  loop  count 

m s 3 2_ loop: 

mo  v 

eax,es:Csi-123 

; u 

add 

di  , 16 

; v 

mu  l 

e c x 

; NP 

add 

eax, ebx 

; u 

Add  carry  in  from  previous  word 

a d c 

edx  , 0 

; u 

sub 

[di-123/eax 

; u 

a d c 

e d x , 0 

; u 

m s 3 2_c  a s e 3 : 

mo  v 

e bx , ed  x 

; u 

Remember  carry 

for  later 

mo  v 

eax,es:Csi-83 

; u 

yet 
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mu  l 

e c x 

a 

NP 

add 

e a x , e bx 

a 

U 

Add  carry 

in  from  previous 

word 

a d c 

e dx  , 0 

a 

U 

sub 

Cdi-8D,eax 

a 

U 

a d c 

e d x , 0 

r 

U 

ms32_case2 : 

mo  v 

e b x , e d x 

r 

U 

Remembe  r 

carry  for  later 

mo  v 

eax,es:Csi 

i 

■P' 

L_l 

a 

U 

mu  l 

e c x 

a 

NP 

add 

e a x , e bx 

a 

U 

Add  carry 

in  from  previous 

word 

a d c 

e d x , 0 

a 

U 

sub 

Cdi-43,eax 

a 

U 

a d c 

e d x , 0 

a 

U 

m s 3 2_c  a s e 1 : 

mo  v 

e bx , e d x 

a 

u 

Remember 

carry  for  later 

m o v 

eax,es : [si 

: 

r 

u 

mu  l 

e c x 

a 

NP 

add 

e a x , e bx 

r 

U 

Add  carry 

in  from  previous 

word 

a d c 

edx  , 0 

a 

U 

add 

s i , 1 6 

a 

V 

sub 

C d i ],eax 

a 

U 

a d c 

edx,0 

a 

U 

sub 

b p , 1 6 

r 

V 

mo  v 

e b x , e dx 

r 

u 

Remember 

carry  for  later 

j a 

ms32_l oop 

r 

V 

ms32_done  : 

pop 

s i 

u 

★ ★ 

Could  be  V 

pop 

d i ; 

V 

mo  v 

a x , dx  ; 

u 

return 

value  low 

**  Could  be 

V 

pop 

d s ; 

NP 

shr 

e d x , 1 6 ; 

U 

return 

value  high 

pop 

bp 

V 

ret 

A 

NP 

_bn  i Mu l S u b 1 _ 

.32  endp 

Just  for 

interest's  sake. 

here' 

s a 

completely 

Penti um-optimi zed 

vers 

; ; In  addition  to  being  smaller,  it  takes  8 + (8  + mul_time)*n  cycles,  as 
;;  compared  to  the  10  + jmp_time  + (8+mul_time)*n  cycles  for  the  loop  above. 
; ; (I  don't  know  how  long  a 32x32->64  bit  multiply  or  an  indirect  jump 
;;  take  on  a Pentium,  so  plug  those  numbers  in.) 


/ 

f 

u ^ t a i ■ 

nop 

; To  align  loop 

n i 

c e l y 

;P_ 

.bniMulAddl 

_3  2 proc 

far 

r 

r 

push 

bp 

/ 

U 

prologue  **  Could  be  V 

r 

mo  v 

bp,  sp 

/ 

V 

prologue 

r 

push 

d s 

A 

NP 

prologue 

r 

m o v 

ecx,Cbp+163 

/ 

U 

load  k 

r 

push 

s i 

A 

V 

prologue 

r 

l d s 

si,Cbp+103 

A 

NP 

load  in 

r 

mo  v 

e a x , C s i 3 

A 

U 

first  multiply 

r 

push 

d i 

A 

V 

prologue 

f 

mu  l 

e c x 

A 

NP 

first  multiply 

/ 

l e s 

di ,Cbp+63 

A 

NP 

load  out 
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/ 

add 

es:Cdi],eax 

/ 

U 

first  multiply 

/ 

m o v 

bp,Cbp+143 

/ 

V 

load  l en 

/ 

a d c 

edx  , 0 

r 

u 

first  multiply 

/ 

dec 

bp 

r 

V 

/ 

mo  v 

ebx , edx 

r 

u 

Remember  carry  for  later 

/ 

j e 

Pma  32_done 

r 

V 

/ 

Pma  32_l oop : 

r 

mo  v 

eax,Csi+4] 

r 

u 

r 

add 

d i , 4 

r 

V 

r 

mu  l 

e c x 

/ 

NP 

r 

add 

e a x , e bx 

f 

U 

Add  carry  in  from  previous  word 

r 

a d c 

edx  , 0 

r 

u 

r 

add 

s i , 4 

r 

V 

r 

add 

es:HdiII,eax 

r 

u 

r 

a d c 

edx  , 0 

r 

u 

r 

dec 

bp 

r 

V 

r 

mo  v 

ebx, edx 

r 

u 

Remember  carry  for  later 

r 

j n e 

Pma32_l oop 

r 

V 

/ 

Pma  3 2_d  one: 

r 

pop 

d i ; U 

**  Could  be  V 

r 

pop 

si  ; V 

/ 

pop 

d s ; N P 

/ 

mo  v 

a x , d x ; U 

return 

value  low  **  Could  be  V 

/ 

pop 

bp  ; V 

f 

s h r 

edx, 16  ; U 

return 

value  high 

r 

ret 

; NP 

/ 

/ 

P_bn i Mu l Add1_ 

32  endp 

/ 

; Two-word  by 

one-word  divide. 

Stores 

quotient,  returns  remainder. 

r 

; BNW0RD32  bniDiv21_32(BNW0RD32 

*q. 

BNW0RD32  nh,  BNW0RD32  nl,  BNW0RD32 

r 

/ 

4 

8 

12  16 

align 

1 6 

bniDiv21_32 

proc  far 

m o v 

c x , bp 

; U bp  NOT  pushed;  offsets  i 

m o v 

bp,  sp 

; V 

; AG  I 

mo  v 

edx,Hbp+83 

; u 

mo  v 

eax,Hbp+123 

; U 

d i v 

DWORD  PTR  Cbp+1 63 

; NP 

l e s 

bx,Cbp+4] 

; NP 

mo  v 

es:Hbx],eax 

; U 

m o v 

a x , d x 

; v 

shr 

edx,  1 6 

; u 

mo  v 

bp,  cx 

; v 

ret 

; NP 

nop 

nop 

nop 

nop 

; Get  bniModQ_32  aligned  proper 

bn i D i v 2 1 3 2 

endp 

d) 


differ 


Multi-word  by  one-word  remainder. 

This  speeds  up  key  generation.  It's  not  worth  unrolling  and  so  on; 
using  32-bit  divides  is  enough  of  a speedup. 
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/ a 

;;  bp  is  used  as  a counter  so  that  all  the  32-bit  values  can  be  in 
;;  caller-save  registers  ( e a x , ecx,  edx).  bx  is  needed  as  a pointer. 

A A 

;;  The  modulus  (in  ebp)  is  16  bits.  Given  that  the  dividend  is  32  bits, 
;;  the  chances  of  saving  the  first  divide  because  the  high  word  of  the 
;;  dividend  is  less  than  the  modulus  are  low  enough  it's  not  worth  taking 
; ; the  cycles  to  test  for  it. 


;;  unsigned  b n i ModQ_3 2 ( B N WO R D 1 6 *q,  unsigned  len,  unsigned  d) 


A A 

6 

1 0 

1 2 

_bn i ModQ_32 

proc  far 

x o r 

e c x , e c x 

A 

U 

Clear  ecx  (really,  the  high 

half) 

push 

bp 

A 

V 

mo  v 

ed x , e c x 

A 

U 

Clear  high  word 

for  first  di 

vide 

mo  v 

bp,  sp 

A 

V 

push 

d s 

A 

NP 

Ids 

a x , [ bp  + 6 3 

A 

NP 

Load  dividend  pointer 

mo  v 

bx,Eb p+103 

A 

U 

Load  count 

**  Could  be 

V 

sub 

a x , 4 

A 

V 

Offset  dividend 

pointer 

mo  v 

cx, Lb p+123 

A 

u 

Load  modulus 

* * Could  be 

V 

mo  v 

b p , bx 

A 

V 

Copy  count 

s h l 

bx  , 2 

A 

u 

Shift  index 

add 

bx  , a x 

A 

u 

Add  base 

* * Could  be 

V 

; lea 

bx , C eax  + ebp*4- 

43; 

u 

Move  pointer  to 

high  word 

modq32_loop: 

mo  v 

eax,lbx] 

A 

u 

sub 

b x , 4 

A 

V 

d i v 

ecx 

A 

NP 

dec 

bp 

A 

U 

* * Could  be  V 

j nz 

m o d q 3 2_ loop 

A 

V 

modq32_done : 

pop 

d s 

A 

NP 

mo  v 

ax  , dx 

A 

U 

* * Could  be  V 

pop 

bp 

A 

V 

ret 

A 

NP 

_b  n i M o d Q_3  2 

endp 

;;  int  not386(void)  returns  0 

on 

a 32- 

bit  (386  or  better)  processor; 

; ; non-zero  if 

an  80286  or  lower. 

The 

Z flag  is  set  to 

reflect 

;;  ax  on  return 

This  is  only 

called 

once,  so  it  doesn1 

t matter  how 

; ; it's  aligned. 

_not386  proc  far 

A A 

; ; This  first  test  detects  80x86  for  x < 2.  On  the  8086  and  '186, 

;;  "push  sp"  does  "--sp;  spC03  = sp".  On  all  later  processors,  it  does 
;;  "spL-1 ] = sp;  --sp". 

A A 

push  s p 

pop  ax 

sub  ax,sp 

jne  SHORT  return 


a a 

A / 


This  test  is  the  key  one.  It  will  probably  detect 
as  well  as  80286,  but  I haven't  had  access  to  test 


8086,  V 3 0 and  80186 
it  on  any  of  those. 
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;;  so  it's  protected  by  the  well-known  test  above.  It  has  been  tested 
;;  on  the  80286,  80386,  80486,  Pentium  and  AMD  tested  it  on  their  K5. 

; ; I have  not  been  able  to  confirm  effectiveness  on  the  P6  yet,  although 
; ; someone  I spoke  to  at  Intel  said  it  should  work. 

/ r 

;;  This  test  uses  the  fact  that  the  '386  and  above  have  a barrel  shifter 
; ; to  do  shifts,  while  the  '286  does  left  shifts  by  releated  adds. 

; ; That  means  that  on  the  '286,  the  auxilliary  carry  gets  a copy  of 
;;  bit  4 of  the  shift  output,  while  on  the  '386  and  up,  it's  trashed 
;;  (as  it  happens,  set  to  1)  independent  of  the  result.  (It's  documented 
; ; as  undefined.) 

r r 

; ; We  do  two  shifts,  which  should  produce  different  auxilliary  carries 
; ; on  a '286  and  XOR  them  to  see  if  they  are  different.  Even  on  a 
; ; future  processor  that  does  something  different  with  the  aux  carry 
; ; flag,  it  probably  does  something  data-independent,  so  this  will  still 
; ; work.  Note  that  all  flags  except  aux  carry  are  defined  for  shl 


output  and 

will  be 

the 

same  for 

both  cases. 

m o v 

a l , 4 

shl 

a l ,1 

f 

Expected 

t 0 

produce  ac  = 0 on  a 

'286 

l a h f 

shl 

a l , 1 

r 

Expected 

t 0 

produce  ac  = 1 on  a 

' 286 

m o v 

a l , a h 

l a h f 

x o r 

a l , a h 

f 

X o r the 

flags  together  to  detect 

the  difference 

mo  v 

a h , a l 

r 

Clear  ah 

i f 

al  is  clear,  leave  Z 

flag  alone 

return: 

ret 

_not386  endp 
_T  EXT  ends 
end 
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/ * 

* bni8086.h  - This  file  defines  the  interfaces  to  the  8086 

* assembly  primitives  for  16-bit  MS-DOS  environments. 

* It  is  intended  to  be  included  in  "bni.h" 

* via  the  "//include  BNINCLUDE"  mechanism. 

* 

* $ I d : bni8086.h,v  1 . 2 1 996/1  1 /1  2 01:42:43  mhw  Exp  $ 

*/ 


//define  BN_L I TT L E_E N D I A N 1 
//ifdef  cplusplus 

/*  These  a s s e mb  l y- l a n g u a g e primitives  use  C names  */ 
extern  " C " { 

//end i f 


/*  Set  up  the  appropriate  types  */ 
typedef  unsigned  short  bnword16; 
//define  BNW0RD16  bnword16 
typedef  unsigned  long  bnword32; 
//define  BNW0RD32  bnword32 


void  cdecl  far 

bn i Mu l N 1 _1 6 ( bn w o r d 1 6 far  *out,  bnword16  const  far  *i n, 

unsigned  len,  bnword16  k); 

//define  bniMulN1_16  bniMulN1_16 

bnword16  cdecl  far 

b n i Mu l Ad d 1 _1 6 ( bn w o r d 1 6 far  *out,  bnword16  const  far  *in, 

unsigned  len,  bnword16  k ) ; 

//define  bn i M u l Add  1 _1 6 b n i M u l A d d 1 _1 6 

bnword16  cdecl  far 

bn i Mu l S u b 1 _1 6 ( bn  wo r d 1 6 far  *out,  bnword16  const  far  *in, 

unsigned  len,  bnword16  k); 

//define  bn i Mu l Sub1_1 6 bn i Mu l Sub1_1 6 

bnword16  cdecl  far 

bn i D i v 2 1 _1 6 ( bn w o r d 1 6 far  *q,  bnword16  nh,  bnword16  nl,  bnword16  d) 

//define  bniDiv21_16  bniDiv21_16 

bnword16  cdecl  far 

b n i Mod Q_1 6 ( bn w o r d 1 6 const  far  *n,  unsigned  len,  bnword16  d); 

//define  bniModQ  16  bniModQ  16 


void  .cdecl  far 

bn i Mu l N 1 _32 ( b n w o r d 3 2 far  *out,  bnword32  const  far  *in, 

unsigned  len,  bnword32  k); 

//define  bniMulNl_32  bniMulNl_32 

bnword32  cdecl  far 

bn i Mu l Ad d 1 _3 2 ( bn w o r d 3 2 far  *out,  bnword32  const  far  *in, 

unsigned  len,  bnword32  k); 

//define  bn  i Mu  l Add  1 3 2 b n i Mu  l Add  1 _32 


bnword32 


cdecl 


far 
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bn i M u l S u b 1 _3 2 ( bn w o r d 3 2 far  *out,  bnword32  const  far  *in, 

unsigned  Len,  bnword32  k ) ; 

#define  bn i Mu L Sub1_32  bn i Mu L Sub1_32 

bnword32  cdecl  far 

bn i D i v2 1 3 2 ( bnwo rd32  far  *q,  bnword32  nh,  bnword32  nl,  bnword32  d); 

#define  bniDiv21_32  bniDiv21_32 

bnword16  cdecl  far 

bn i ModQ_32 ( bnwo rd32  const  far  *n,  unsigned  len,  bnword32  d); 

^define  bniModQ_32  bniModQ_32 

i n t cdecl  far  not386(void); 

#ifdef  cplusplus 

} 

# e nd  i f 
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bni960jx.s 

# A s s emb L y- L a ng ua g e bignum  primitives  for  the  i960  Jx  series. 
ft 

# $Id:  bni960jx.s,v  1.2. 2.1  1996/11/14  04:09:23  cbertsch  Exp  $ 

ft 

ft  The  Jx  series  is  fairly  straightforward  single-instruction-issue 
ft  implementation,  with  a 1-cycle-issue  4-cycle-latency  non-pi pelined 
ft  multiplier  that  we  can  use.  Note  also  that  loads  which  hit  in  the 
ft  cache  have  2 cycles  of  latency  and  stores  stall  until  all  pending 
ft  loads  are  done. 
ft 

fi  What  is  intensely  annoying  about  the  i 960  is  that  it  uses  the  same 
ft  flags  for  all  conditional  branches  (even  compare-and-branch  sets  the 
ft  flags)  AND  for  the  carry  bit.  Further,  it  is  hard  to  manipulate 
ft  that  bit. 

ft 

ft  Calling  conventions: 

ft  The  r registers  are  all  local,  if  you  set  them  up.  There's  an  alternative 

ft  calling  convention  that  uses  bal  (branch  and  link)  and  doesn't  set  them  up. 

ft  Currently,  all  of  these  functions  are  designed  to  work  that  way. 

ft  g0-g7  are  argument  registers  and  volatile  across  calls'.  return  in  g0-g3. 

ft  g 8 — g 1 1 are  extra  argument  registers,  and  volatile  if  used,  but 

ft  preserved  if  not.  Here,  they  are  not. 

ft  g 1 2 is  used  for  PIC,  and  is  preserved. 

ft  g13  is  a pointer  to  a structure  return  value,  if  used,  and  is  volatile. 
ft  g14  is  magic,  and  is  used  as  a return  address  in  the  b r a n c h -a  nd- 1 i n k 
ft  convention,  and  as  a pointer  to  an  argument  block  if  the  arguments 

ft  won't  fit  in  registers,  but  is  usually  hardwired  0 and  must  be 

ft  returned  set  to  zero  (0). 

ft  g 1 5 is  the  frame  pointer,  and  shouldn't  be  messed  with. 

ft  The  AC  (condition  codes)  are  all  volatile. 

ft  The  fp  registers  are  all  volatile,  but  irrelevant. 

ft 

ft  BNW0RD32 

ft  b n i M u l t A d d 1 _3 2 ( B N W 0 R D 3 2 *out,  BNW0RD32  const  *in,  unsigned  len,  BNW0RD32  k) 
ft  This  adds  "k"  * "in"  to  "len"  words  of  "out"  and  returns  the  word  of 
ft  carry. 
ft 

ft  For  doing  m u 1 1 i p l y - a d d , the  960  is  a bit  annoying  because  it  uses 
ft  the  same  status  bits  for  the  carry  flag  and  for  the  loop  indexing 
ft  computation,  and  doesn't  have  an  "add  with  carry  out  but  not  carry  in" 
ft  instruction.  Fortunately,  we  can  arrange  to  have  the  loop  indexing 
ft  leave  the  carry  bit  clear  most  of  the  time. 
ft 

ft  The  basic  sequence  of  the  loop  is: 
ft  1.  Multiply  k * *in  + + ->  high,  low 
ft  2.  Addc  carry  word  and  carry  bit  to  low 

ft  3.  Addc  carry  bit  to  high,  producing  carry  word  (note:  cannot  generate  carry) 
ft  4.  Addc  low  to  *out++ 
ft 

ft  Note  that  the  carry  bit  set  in  step  4 is  used  in  step  2.  The  only  place 
ft  in  this  loop  that  the  carry  flag  isn't  in  use  is  between  steps  3 and  4, 
ft  so  we  have  to  rotate  the  loop  to  place  the  loop  indexing  operations  here. 
ft  (Which  consist  of  a compa re-and-dec rement  and  a conditional  branch.) 
ft  The  loop  above  ignores  the  details  of  when  to  do  loads  and  stores,  which 
ft  have  some  flexibility,  but  must  be  carefully  scheduled  to  avoid  stalls. 
ft 

ft  The  first  iteration  has  no  carry  word  in,  so  it  requires  only  steps  1 and  4, 
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tt  and  since  we  begin  the  loop  with  step  4,  it  boils  down  to  just  step  1 
tt  followed  by  the  loop  indexing  (which  clears  the  carry  bit  in  preparation 
tt  for  step  4). 
tt 

tt  Arguments  are  passed  as  follows: 
tt  gO  - out  pointer 
tt  gl  - in  pointer 
tt  g 2 - length 
ft  g3  - k 


ft 

The  other  registers  are  used 

a s 

follows. 

tf 

g4  - low  word 

of  product 

ft 

g5  - high  word  of  product 

tf 

g6  - current 

word  of  "out" 

ft 

g7  - carry  word 

tt 

g 1 3 - current 

word  of  "in" 

. g l ob  l 

_bn i Mu l Add1_32 

_bniMulAdd1 _3  2 : 

Id 

(gl ) , g 1 3 

tt 

Fetch  * i n 

a dd  o 

gl ,4,g1 

tt 

Inc  rement  i n 

emu  l 

gl 3,g3,g4 

tt 

Do  multiply  (step  1) 

Id 

( gO  ) , g6 

tt 

Fetch  *out 

c h k b i t 

0 , g 2 

tt 

Check  if  loop  counter  was 

odd 

s h r o 

1 ,g2,g2 

tt 

Divide  loop  counter  by  2 

mo  v 

g5,g7 

tt 

Move  high  word  to  carry 

bno 

ma  l oop 1 

tt 

If  even,  jump  to  ma_loop1 

cmpo 

o,g2 

tt 

If  odd,  was  it  1 (now  0)? 

be 

ma_done 

tt 

If  equal  (carry  set),  jump  to  ending  code 

tt 

Entered  with 

carry  bit  clear 

m a 

_l  oop : 

Id 

( gl ) , gl  3 

tt 

Fetch  * i n 

add  c 

g4,g6,g6 

tt 

Add  low  to  *out  (step  4), 

generate 

carry 

e mu  l 

gl 3,g3,g4 

tt 

Do  multiply  (step  1) 

s t 

g 6 , ( g 0 ) 

tt 

Write  out  *out 

addo 

g0,4,g0 

tt 

Inc  rement  out 

addo 

gl  r1* , gi 

tt 

Increment  in 

Id 

( gO ) ,g6 

tt 

Fetch  next  * o u t 

addc 

g7,g4,g4 

tt 

Add  carries  to  low  (step 

2) 

a d d c 

g 5 , 0 , g 7 

tt 

Add  carry  bit  to  high  (step  3)  & clear  carry 

ma 

_l  oo  p 1 : 

Id 

(gl  ),gl3 

tt 

Fetch  * i n 

addc 

g4,g6,g6 

tt 

Add  low  to  *out  (step  4), 

generate 

carry 

emu  l 

gl  3,g3,g4 

tt 

Do  multiply  (step  1) 

s t 

g 6 , ( g 0 ) 

tt 

Write  out  *out 

addo 

g0,4,g0 

tt 

Inc  rement  out 

addo 

gl ,4,g1 

tt 

Increment  in 

Id 

(gO)  ,g6 

tt 

Fetch  next  *out 

addc 

g7,g4,g4 

tt 

Add  carries  to  low  (step 

2) 

addc 

g 5 , 0 , g 7 

tt 

Add  carry  bit  to  high  (step  3)  & clear  carry 

cmpdeco 

1 ✓ g 2 , g 2 

b n e 

ma_l oop 

tt 

When  we  come 

here,  carry  is 

★set*,  and  we  stil  have  to  do 

step  4 

ma 

i_d  one: 

cmp  i 

0,1 

tt 

Clear  carry  (equal  flag) 

addc 

g4,g6,g6 

tt 

Add  low  to  *out  (step  4), 

generate 

carry 

s t 

g6, (gO) 

tt 

Write  out  *out 

addc 

g7,0,g0 

tt 

Add  carry  bit  and  word  to 

produce 

return  val 
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ret 


tt 

tt 

tt 

tt 

tt 

tt 

tt 

tt 

tt 

tt 


Now,  multiply  N by  1 is  similarly  annoying.  We  only  have  one  add  in  the 
whole  loop,  which  should  just  be  able  to  leave  its  carry  output  in  the 
carry  flag  for  the  next  iteration,  but  we  need  the  condition  codes  to  do 
loop  testing.  *Sigh*. 


void 

bniMultNI 


32(BNW0RD32  *out 


This  stores 
in  "out”. 


len+1  words  of 


BNW0RD32 
k " * l e n 


const  *in,  unsigned  len, 
words  of  "in"  and  stores 


BNW0RD32  k) 
the  result 


if 

To  avoid  havi 

ng  to  do  a move 

after  the  first  iteration,  for 

the  first 

it 

step,  g 4 / g 5 i 

s the  product. 

For 

second  step,  g6/g7  is  used 

for  product 

it 

storage  and  g5  is  the  carry  i 

n . 

It  alternates  from  then  on 

. g l o b l 

_bn i Mu l N 1 3 2 

b n i M u l N 1 _3  2 : 

Id 

( g 1 ) , g 1 3 

tt 

Fetch  * i n 

addo 

gl *4,g1 

tt 

Increment  in 

emu  l 

gl 3,g3,g4 

ft 

Do  multiply  (step  1) 

c h kb i t 

0 , g 2 

tt 

Check  if  loop  counter  was  odd 

s h r o 

1 ,g2,g2 

ft 

Divide  loop  counter  by  2 

bno 

m_ l o o p 1 

tt 

If  even,  jump  to  ma_loop1 

m o v 

g 4 , g 6 

cmpo 

0 , g 2 

tt 

If  counter  was  odd,  was  it 

1 (now  0 ) ? 

mo  v 

g 5 , g 7 

b e 

m_d  one 

tt 

If  equal  (carry  set),  jump 

to  ending  code 

if 

Entered  with 

carry  bit  clear 

m. 

_ l o o p : 

ft  Result  in  g6,  carry  word 

in  g 7 

Id 

(gl >,g13 

ft 

Fetch  * i n 

addo 

gl ,4,g1 

ft 

Inc  rement  i n 

e m u l 

gl 3,g3,g4 

tt 

Do  multiply  (step  1) 

s t 

g 6 , ( g 0 ) 

ft 

Write  out  *out 

addo 

g 0 , 4 , g 0 

tt 

Increment  out 

a d d c 

g7 ,g4,g4 

tt 

Add  carries  to  low  (step  2) 

ft 

No  need  to  add  carry  bit  here 

, because  it'll  get  remembered 

until  next  addc. 

if 

a d d c 

g 5 , 0 , g 5 

tt 

Add  carry  bit  to  high  (step 

3) 

_l  oop  1 : 

ft  Carry 

word  in  g 5 

Id 

(gl ) , g 1 3 

tt 

Fetch  * i n 

addo 

gl /4,g1 

tt 

Increment  in 

e m u l 

gl  3 , g 3 , g 6 

tt 

Do  multiply  (step  1) 

s t 

g4,(g0) 

tt 

Write  out  * o u t 

addo 

9 0 , 4 , g 0 

tt 

Increment  out 

addc 

g5,g6,g6 

tt 

Add  carries  to  low  (step  2) 

addc 

g 7 , 0 , g 7 

tt 

Add  carry  bit  to  high  (step 

3) 

cmpdeco 

1 ,g2,g2 

bn  e 

m_l oop 

ft 

When  we  come 

here,  we  have  to 

store  g6  and  the  carry  word  i 

n g7  . 

_d  o n e : 

s t 

g 6 , (gO) 

tt 

Write  out  * ou  t 

s t 

g 7 , 4 ( g 0 ) 

tt 

Write  out  *out 

ret 

ft  BNW0RD32 
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tt  bn i Mu l t S ub1_32 ( BNWOR D 32  *out,  BNW0RD32  const  *in,  unsigned  ten,  BNW0RD32  k) 
tt  This  subtracts  "k"  * "in"  from  "ten"  words  of  "out"  and  returns  the  word  of 
tt  borrow. 
tt 

ft  This  is  similar  to  mu  1 1 i p l y-a  dd , but  actually  a bit  more  obnoxious, 
ft  because  of  the  carry  situation.  The  960  uses  a carry  (rather  than  a borrow) 
ft  bit  on  subtracts,  so  the  carry  bit  should  be  1 for  a subc  to  do  the 
ft  same  thing  as  an  ordinary  subo.  So  we  use  two  carry  chains:  one  from 
ft  the  add  of  the  low-order  words  to  the  high-order  carry  word,  and  a second, 
ft  which  uses  an  extra  register,  to  connect  the  subtracts.  This  avoids 
tf  the  need  to  fiddle  with  inverting  the  bit  in  the  usual  case. 
ft 

ft  Arguments  are  passed  as  follows: 
tf  gO  - out  pointer 
ft  g 1 - in  pointer 

ft  g2  - length 
ft  g3  - k 

ft  The  other  registers  are  used  as  follows. 

ft  g4  - low  word  of  product 

ft  g5  - high  word  of  product 

tf  g6  - current  word  of  "out" 

ft  g7  - carry  word 

tf  g13  - current  word  of  "in" 

tf  g14  - remembered  carry  bit 


.globl  _bn i Mu l S ub 1 _32 
bniMulSubl  32: 


Id 

( g i ) , g 1 3 

tf 

Fetch  * i n 

addo 

gi ,4,g1 

ft 

Increment  in 

emu  l 

9 1 3,g3,g4 

ft 

Do  multiply  (step  1) 

Id 

( gO ) ,g6 

ft 

Fetch  *out 

c h kb i t 

0,g2 

ft 

Check  if  loop  counter  was  odd 

mo  v 

1 ,914 

ft 

Set  remembered  carry  for  first  iteration 

s h r o 

1 ,g2,g2 

ft 

Divide  loop  counter  by  2 

m o v 

g 5 , g 7 

ft 

Move  high  word  to  carry 

bno 

ms  l oopl 

ft 

If  even,  jump  to  ma_loop1 

cmpo 

0,g2 

tf 

If  odd,  was  it  1 (now  0)? 

be 

Entered  with 

m s_d  one 

carry  bit  clear 

ft 

If  equal  (carry  set),  jump  to  ending  code 

_l oop : 

Id 

(gi  ) , g 1 3 

tf 

Fetch  * i n 

c mp  i 

gi  4,  i 

ft 

Set  carry  flag 

subc 

g4,g6,g6 

tf 

Subtract  low  from  *out  (step  4),  gen.  carry 

emu  l 

gi 3,g3,g4 

ft 

Do  multiply  (step  1) 

a dd  c 

0,0, g14 

tf 

g14  = carry,  then  clear  carry 

s t 

g 6 , ( g 0 ) 

tt 

Write  out  *out 

addo 

g 0 , 4 , g 0 

ft 

Increment  out 

addo 

g 1 , 4 , g 1 

tt 

Increment  in 

Id 

(gO) ,g6 

tt 

Fetch  next  *o  u t 

a dd  c 

g7,g4,g4 

tt 

Add  carries  to  low  (step  2) 

a dd  c 

g 5 , 0 , g 7 

tt 

Add  carry  bit  to  high  (step  3) 

_l oopl  : 

Id 

(gi  ),g13 

tt 

Fetch  * i n 

cmp  i 

gi  4,i 

tt 

Set  carry  flag  for  subtrsct 

subc 

g4,g6,g6 

tt 

Subtract  low  from  *out  (step  4),  gen.  carry 

e mu  l 

gi 3,g3,g4 

tt 

Do  multiply  (step  1) 

a d d c 

0,0, g14 

tt 

g14  = carry,  then  clear  carry 

s t 

g 6 , ( g 0 ) 

# 

Write  out  *out 
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addo 

g 0 , 4 , g 0 

addo 

gl ,4,g1 

Id 

( gO ) , g6 

addc 

g7,g4,g4 

addc 

g 5 , 0 , g 7 

tt  Inc  rement  out 

tt  Inc  rement  i n 

tt  Fetch  next  *o  u t 

tt  Add  carries  to  Low  (step  2) 

tt  Add  carry  bit  to  high  (step  3) 


cmpdeco 
bn  e 

tt  When  we  come 
ms_done : 

cmp  i 
s u b c 
s t 

s u b c 
subo 
mo  v 
ret 


1 ,g2,g2 
ms_L  oop 

here,  carry  is 

gi4,i 
g4,g6,g6 
g6 , ( gO  ) 

0,0, g14 
gl 4,g7,g0 
0 , g 1 4 


*set*,  and  we  stil  have  to  do  step  4 
tt  set  carry  (equal  flag) 

tt  Add  low  to  *out  (step  4),  generate  carry 
tt  Write  out  *out 

tt  g14  = -1  if  no  carry  (borrow),  0 if  carry 
tt  Add  borrow  bit  to  produce  return  value 
tt  Restore  g14  to  0 for  return 
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bnialpha.h 

/ * 

* bnialpha.h  - header  file  that  declares  the  Alpha  assembly-language 

* subroutines.  It  is  intended  to  be  included  via  the  BNINCLUDE 

* mechanism. 

* 

* $ I d : bnialpha.h, v 1.2  1996/1  1 /1  2 01:42:44  mhw  Exp  $ 

*/ 

//define  BN_L I TT L E_E N D I AN  1 

typedef  unsigned  long  bnword64; 

//define  BNW0RD64  bnword64 

//ifdef  cplusplus 

/*  These  a s s e m b l y- l a n g u a g e primitives  use  C names  */ 
extern  "C"  { 

#endi f 

void  bn i Mu l N 1 _64 ( bn w o r d 6 4 *out,  bnword64  const  *in,  unsigned  len,  bnword64  k); 
//define  bniMulNl_64  bniMulNl_64 

bnword64 


b n i M u l Add  1 _64 ( bn wo r d64  *out,  bnword64 
//define  b n i M u l A d d 1 _6  4 b n i M u l A d d 1 _6  4 

const 

* i n , 

unsigned 

len,  bnword64 

k); 

bnword64 

b n i Mu l S u b 1 _64 ( bn  wo r d64  *out,  bnword64 
//define  b n i M u l S u b 1 _6  4 b n i M u l S u b 1 _6  4 

const 

* i n , 

unsigned 

len,  bnword64 

k); 

//ifdef  cplusplus 

> 

# e n d i f 


394 


lib/bn/bnialpha.s 


bnialpha.s 


/ * 
* 
* 
* 


DEC  Alpha  64-bit  math  primitives, 
unless  otherwise  noted. 


These  use  64-bit  words 


★ 

$ I d 

: bnialpha.s, v 

1 . 2 

1996/11/12  01:42:44  mhw  Exp  $ 

A 

★ 

The 

DEC  assembler 

apparently  does  some  instruction  scheduling. 

★ 

but 

I tried 

to  do 

some  of  my  own,  and  tries  to  spread  things 

★ 

out 

over  the  register 

file 

to  give  the  assembler  more  room 

★ 

a. 

t o 

schedule 

things 

■ 

★ 

Alpha  0SF/1 

register 

usage 

conventions: 

k 

r 0 

- 

vO 

- 

Temp  , 

holds  integer  return  value 

k 

r 1 . 

. r 8 

tO.  . t 7 

- 

Temp  , 

trashed  by  procedure  call 

k 

r 9 . 

. rl  4 - 

s 0 . . s 5 

- 

Saved 

across  procedure  calls 

k 

r 1 5 

- 

s 6 / F P 

- 

Frame 

pointer,  saved  across  procedure  calls 

k 

r 1 6 

. . r21  - 

a 0 . . a 5 

- 

Argument  registers,  all  trashed  by  procedure 

k 

r 2 2 

. . r25  - 

t 8 . .til 

- 

Temp, 

trashed  by  procedure  call 

k 

r 2 6 

- 

r a 

- 

Return 

address 

k 

r 2 7 

- 

1 1 2 / p v 

- 

Procedure  value,  trashed  by  procedure  call 

k 

r 2 8 

- 

a t 

- 

Assembler  temp,  trashed  by  procedure  call 

k 

r 2 9 

- 

gp 

- 

Global 

pointer 

k 

r 3 0 

- 

sp 

- 

Stack 

pointer 

k 

k / 

r 3 1 

- 

zero 

- 

hardwired  to  zero 

.text 

.align 

4 

. g l o b l 

b n i M u l N 1 

_6  4 

/* 

I have  no  idea  what  the  '2' 

at  the  end  of  the  . ent  line  means.  */ 

/ * 

★ 

. e n t 

b n i Mu  l N 1 

_6  4 2 

Arguments : 

$16  = out. 

$17  = 

in,  $18  = len<32>,  $19  = k 

* 

* 

*/ 
b n i 


Other  registers:  $0  = carry  word,  $1  = product  low, 
$2  = product  high,  $3  = input  word 


m64 


_6  4 : 

l dq 

$3,0($17) 

/* 

Load  first  word  of  input  */ 

s u b l 

$1 8,1 ,$18 

mu  l q 

$3,$19,$1 

/* 

D o 

low  half  of 

first  multiply 

umu  l h 

$3,$19,$0 

/* 

D o 

second  half 

of  first  multi 

s t q 

$1 , 0 ( $ 1 6 ) 

beq 

$1 8,m64_done 

l dq 

$3,8($17) 

addq 

$1 7,8, $1 7 

mu  l q 

$3,$19,$1 

/* 

D o 

bottom  half 

of  multiply  * / 

s u b l 

$1 8,1  ,$1 8 

u m u l h 

$3, $19, $2 

/ * 

D o 

top  half  of 

multiply  * / 

addq 

$0,$1  ,$1 

/* 

Add 

carry  word 

from  previous  i 

s t q 

$1 , 8 ( $ 1 6 ) 

cmpu  1 1 

$1  , $0, $0 

/* 

Compute  carry 

bit  from  add  */ 

addq 

$1 6,8, $1 6 

addq 

$2,$0,$0 

/ * 

Add 

carry  bit 

to  carry  word  * 

beq 

$1 8,m64_done 

l dq 

$3,8($17) 

addq 

$1 7,8, $1 7 
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mulq 

$3,$19,$1 

/ * 

Do  bottom  half  of  multiply  */ 

subl 

$18,1, $18 

umulh 

$3, $19, $2 

/ * 

Do  top  half  of  multiply  */ 

addq 

$0,$1 ,$1 

/* 

Add  carry  word  from  previous  multiply  */ 

stq 

$1 , 8 ( $ 1 6) 

cmpult 

$1 , $0, $0 

/* 

Compute  carry  bit  from  add  */ 

addq 

$1 6,8, $1 6 

addq 

$2,$0,$0 

/* 

Add  carry  bit  to  carry  word  */ 

bne 

$18, m6  4_l oop 

m64_done : 

stq 

$ 0 , 8 ( $ 1 6) 

/* 

Store  last  word  of  result  */ 

ret 

$31 , ( $26  ) , 1 

/ * The  1 1 ' in 

the  hint  field 

means 

procedure  return  - software  convention  */ 

.end  bniMulNl  6 4 


.text 
.align  4 

.globl  b n i M u l A d d 1 _6 4 
. ent  bn i Mu l Add  1 6 4 2 

/ * 

* Arguments:  $16  = out,  $17  = in,  $18  = len<32>,  $19  = k 

* Other  registers:  $0  = product  high,  $1  = product  low, 

* $2  = product  high  temp,  $3  = input  word,  $4  = output  word 

* $5  = carry  bit  from  add  to  out 
*/ 


bniMulAdd1_64: 

Idq  $3,0($17)  /* 

subl  $18,1, $18 

mulq  $3,$19,$1  / * 

Idq  $4,0($16)  /* 

umulh  $3, $19, $2  /* 

addq  $4,$1,$4 

cmpult  $4,$1,$5  /* 

stq  $4,0($16) 

addq  $5,$2,$0  / * 

beq  $ 1 8 , ma 6 4_d o n e 

ma  6 4_ l oo  p : 

Idq  $3,8($17)  /* 

addq  $17, 8, $17 

Idq  $4,8($16)  /* 

mulq  $3,$19,$1  / * 

subl  $18,1, $18 

addq  $0,$1,$1  / * 

umu  Ih  $3, $19, $2  /* 

cmpult  $1,$0,$0  /* 

addq  $4,$1,$4  / * 

cmpult  $4,$1,$5  / * 

stq  $4,8($16) 

addq  $5,$0,$5  / * 

addq  $16, 8, $16 

addq  $5,$2,$0  / * 

beq  $ 1 8 , ma 64_don e 

Idq  $3,8 ($17)  /* 

addq  $17, 8, $17 

Idq  $4,8($16)  /* 


Load  first  word  of  input  */ 

Do  low  half  of  first  multiply  */ 
Load  first  word  of  output  */ 

Do  second  half  of  first  multiply  */ 

Compute  borrow  bit  from  subtract  */ 

Add  carry  bit  to  high  word  */ 


Load  next  word  of  input  */ 

Load  next  word  of  output  */ 

Do  bottom  half  of  multiply  */ 

Add  carry  word  from  previous  multiply  */ 
Do  top  half  of  multiply  */ 

Compute  carry  bit  from  add  */ 

Add  product  to  loaded  word  */ 

Compute  carry  bit  from  add  */ 

Add  carry  bits  together  */ 

Add  carry  bits  to  carry  word  */ 


Load  next  word  of  input  */ 
Load  next  word  of  output  */ 
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mulq 

$3,$19,$1 

/ * 

Do  bottom  half 

of  multiply 

★ / 

subl 

$18,1, $18 

addq 

$0,$1 ,$1 

/* 

Add  carry  word 

from  previous  mult 

umulh 

$3, $19, $2 

/* 

Do  top  half  of 

multiply  * / 

cmpult 

$1 , $0, $0 

/ * 

Compute  carry 

bit  from  add 

*/ 

addq 

$4,$1 ,$4 

/* 

Add  product  to 

loaded  word 

*/ 

cmpult 

$ 4 , $ 1 , $ 5 

/ * 

Compute  carry 

bit  from  add 

* / 

stq 

$4,8 ( $1 6 ) 

addq 

$5,$0,$5 

/* 

Add  carry  bits 

together  * / 

addq 

$16, 8, $16 

addq 

$5,$2,$0 

/ * 

Add  carry  bits 

to  carry  word  * / 

bne 

$18, ma  64 l o o p 

ma64_done : 

ret 

$31  , ($26)  ,1 

.end  bn i 

Mu l Ad  d 1 _6  4 

.text 
.align  4 

.globl  b n i Mu l S u b 1 _64 
. ent  b n i Mu l S u b 1 _64  2 

/ * 

* Arguments:  $16  = out,  $17  = in,  $18  = len<32>,  $19  = k 

* Other  registers:  $0  = carry  word,  $1  = product  low, 

* $2  = product  high  temp,  $3  = input  word,  $4  = output  word 

* $5  = borrow  bit  from  subtract 
*/ 


bn i Mu l Sub1_64 : 

Idq  $3,0($17)  /* 

subl  $18,1, $18 

mulq  $3,$19,$1  / * 

Idq  $4,0($16)  /* 

umulh  $3, $19, $2  /* 

cmpult  $4  , $ 1 , $ 5 / * 

subq  $4,$1,$4 

addq  $5,$2,$0  /* 

stq  $4,0($16) 

beq  $ 1 8 , m s 64_d o n e 

m s 6 4_ l o o p : 

Idq  $ 3 , 8 ( $ 1 7 ) /* 

addq  $17, 8, $17 

Idq  $4,8 ($16)  /* 

mulq  $3,$19,$1  / * 

subl  $18,1, $18 

addq  $0,$1,$1  / * 

umulh  $3, $19, $2  /* 

cmpult  $1,$0,$0  /* 

cmpult  $4,$1,$5  / * 

subq  $4,$1,$4 

addq  $5 , $0, $5  /* 

stq  $4,8($16) 

addq  $5,$2,$0  /* 

addq  $16, 8, $16 

beq  $ 1 8 , m s 6 4_d o n e 

Idq  $3,8($17)  /* 

addq  $17, 8, $17 


Load  first  word  of  input  */ 

Do  low  half  of  first  multiply  */ 
Load  first  word  of  output  */ 

Do  second  half  of  first  multiply  */ 
Compute  borrow  bit  from  subtract  */ 

Add  carry  bit  to  high  word  */ 


Load 

next 

word 

o f 

input  * / 

Load 

next 

word 

o f 

output  */ 

Do  bottom 

half 

o f 

multiply  * / 

Add 

carry 

word 

from  previous 

Do  top  half  of  multiply  */ 

Compute  carry  bit  from  add  */ 
Compute  borrow  bit  from  subtract  */ 

Add  carry  bits  together  */ 

Add  carry  bits  to  carry  word  */ 


Load  next  word  of  input  */ 


*/ 
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l dq 

$4,8($16) 

/ * 

mu  l q 

$3,$19,$1 

/* 

s u b l 

$18,1, $18 

addq 

$0  , $ 1 ,$1 

/* 

umu  l h 

$3, $19, $2 

/ * 

cmpu  1 1 

$1 ,$0,$0 

/* 

cmpu  1 1 

$4,$1  ,$5 

/* 

s u bq 

$4,$1 ,$4 

addq 

$5,$0,$5 

/* 

s t q 

$4, 8 ( $1 6 ) 

addq 

$ 5 , $2 , $0 

/ * 

addq 

$16, 8, $16 

bne 

$ 1 8 , ms  6 4 l o o p 

ms64_done : 

ret  $31,($26),1 

.end  bniMulSubl  64 


Load  next  word  of  output  */ 

Do  bottom  half  of  multiply  */ 

Add  carry  word  from  previous  multiply  */ 
Do  top  half  of  multiply  */ 

Compute  carry  bit  from  add  */ 

Compute  borrow  bit  from  subtract  */ 

Add  carry  bits  together  */ 

Add  carry  bits  to  carry  word  */ 
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bnimem.c 

/ * 

* bnimem.c  - low-level  bignum  memory  handling. 

* 

* Written  by  Colin  Plumb 

★ 

* $ I d : bnimem.c, v 1.3. 2.1  1996/11/14  04:09:23  cbertsch  Exp  $ 

* 

* Note  that  in  all  cases,  the  pointers  passed  around 

* are  pointers  to  the  *least*  significant  end  of  the  word. 

* On  big-endian  machines,  these  are  pointers  to  the  *end* 

* of  the  allocated  range. 

* 

* BNSECURE  is  a simple  level  of  security;  for  more  security 

* change  these  function  to  use  locked  unswappable  memory. 

* / 

# i f nde  f H A V E_C  0 N F I G_H 
//define  H A V E_C 0 N F I G_H  0 

# e nd  i f 

//if  H A V E_C  0 N F I G_H 
//include  "config.h" 

Send i f 


/ * 

* Some  compilers  complain  about  #if  F00  if  F00 

* so  do  the  A N S I -ma nd a t ed  thing  explicitly... 

* / 

# i f n d e f N 0_S  T D L I B_H 
//define  N 0_S  T D L I B_H  0 
//  e n d i f 

//  i f n d e f N 0_S  T R I N G_H 
//define  N 0_S  T R I N G_H  0 
Send i f 

//  i f nde  f HAVE_STR I NGS_H 
//define  H A V E_S T R I N G S_H  0 
//  e nd  i f 

# i f n d e f N E E D_M E MO R Y_H 
//define  NEE  D_M  E M 0 R Y_H  0 
#e  nd  i f 


isn't  defined. 


# i f ! N 0_S  T D L I B_H 

^include  <stdlib.h>  /*  For  mallocC)  & co.  */ 

Seise 

void  *malloc(); 
void  * r e a l l o c ( ) ; 
void  f r e e ( ) ; 

# e n d i f 

#if  ! N 0_S  T R I N G_H 

^include  <string.h>  /*  For  memset  */ 

# e l i f HAVE_STRINGS_H 
Sinclude  <s t r i ngs . h> 

U end  i f 

# i f NEE  D_M  E M 0 R Y_H 
//include  <memory . h> 

//  e nd  i f 


# i f nde  f DBMALLOC 
# d e f i n e DBMALLOC  0 
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//end  i f 

U if  DBMALLOC 

/*  Development  debugging  */ 
//include  ./dbmalloc/malloc.h" 
//end  i f 

//include  "bni.h" 

//include  "bnimem.h" 

//include  "kludge. h" 


//ifndef  bniMemWipe 
void 

bn i MemW i pe ( vo i d *ptr,  unsigned  bytes) 
memsetlptr,  0,  bytes); 

> 

//define  b n i M e mW  i p e ( p t r , bytes)  memsetCptr,  0,  bytes) 
//  e nd  i f 


//ifndef  bniMemAlloc 
void  * 

b n i M e m A l l o c ( u n s i g n e d bytes) 

{ 

return  malloc(bytes); 

} 

//define  b n i M e m A l l o c ( b y t e s ) ma  l l o c ( by  t e s ) 
//end  i f 


//ifndef  bniMemFree 
void 

b n i M e m F r e e ( v o i d *ptr,  unsigned  bytes) 
{ 

bniMemWipe(ptr,  bytes); 
f ree(ptr)  ; 

> 

//  e n d i f 


//ifndef  bniRealloc 

U if  def i ned ( bn i MemRea l l oc ) ||  IBNSECURE 

void  * 

b n i R e a l l o c ( v o i d *ptr,  unsigned  oldbytes,  unsigned  newbytes) 
{ 


i f 


> 


( p t r ) { 

BIGCptr  = (char  * ) p t r - oldbytes;) 
if  (newbytes  < oldbytes) 

memmove(ptr,  (char  *)ptr  + o l d by t e s-n e w by t e s , 

oldbytes); 


//ifdef  bn  i Mem  R e a l l o c 

ptr  = bniMemRealloc(ptr,  oldbytes,  newbytes); 

//else 


ptr  = reallocCptr,  newbytes); 

# e n d i f 

if  (ptr)  { 

if  (newbytes  > oldbytes) 

memmo v e ( ( c h a r *)ptr  + n e w by t e s -o  l d by t e s , ptr, 

oldbytes); 

B I G ( p t r = (char  *)ptr  + newbytes;) 
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return  ptr; 


# e l s e /*  BNSECURE  */ 


void  * 

b n i R e a L L o c ( v o i d *oldptr,  unsigned  oldbytes,  unsigned  newbytes) 


void  *newptr  = 

i f 

( ! newptr) 

return 

i f 

( ! o l d p t r ) 

return 

/* 

* 

The  followi 

★ 

because  one 

★ / 

i f 

(newbytes  > 

Ldbytes)  ( /*  Copy  all  of  old  into  part  of 

BIGCnewptr  = (char  *)newptr  + newbytes;) 

BIGColdptr  = (char  *)oldptr  - oldbytes;) 

mem c py ( B I G L I TT L E ( ( c h a r * ) n e w p t r - o l d by t e s , newptr),  oldpt 
oldbytes)  ; 

> else  { /*  Copy  part  of  old  into  all  of  new  */ 

memcpy(newptr,  B I G L I TT L E ( ( c h a r *)oldptr-newbytes,  oldptr 
newbytes); 

BIGCnewptr  = (char  *)newptr  + newbytes;) 

BIGColdptr  = (char  *)oldptr  - oldbytes;) 


bniMemFreeColdptr,  oldbytes); 
return  newptr; 


# e n d i f /*  BNSECURE  */ 
#endif  /*  !bni Realloc  */ 


case 

memory. 

new  * / 

r, 

>, 
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bnimem.h 

/ * 

* Operations  on  the  usual  buffers  of  bytes 

* 

* $ I d : bnimem.h, v 1.3  1 996/1  1 /1  2 01:42:45  mhw  Exp  $ 

* / 

# i f nd  e f BNSECURE 

# d e f i n e BNSECURE  1 
#endi  f 

/ * 

* These  operations  act  on  buffers  of  memory,  just  like  malloc  & free. 

* One  exception:  it  is  not  legal  to  pass  a NULL  pointer  to  bniMemFree. 

*/ 

#ifndef  bniMemAlloc 

void  *bniMemAlloc(unsigned  bytes); 

# e nd  i f 

#ifndef  bniMemFree 

void  bniMemFreeCvoid  * p t r , unsigned  bytes); 

# e n d i f 

/*  This  wipes  out  a buffer  of  bytes  if  necessary  needed.  */ 

#ifndef  bniMemWipe 
# i f BNSECURE 

void  bniMemWipelvoid  * p t r , unsigned  bytes); 

# e l s e 

#define  bn i M e mW i pe ( p t r , bytes)  ( vo i d ) ( p t r , by t e s ) 
ft  e n d i f 

#endif  /*  ibniMemWipe  */ 

/ * 

* bniRealloc  is  NOT  like  reallocC);  it's  e n d i a n- s e n s i t i v e ! 

* If  bn i M em R e a l l o c is  #defined,  bniRealloc  will  be  defined  in  terms  of  it. 

* It  is  legal  to  pass  a NULL  pointer  to  bniRealloc,  although  oldbytes 

* will  always  be  sero. 

* / 

#ifndef  bniRealloc 

void  *bniRealloc(void  *ptr,  unsigned  oldbytes,  unsigned  newbytes); 

U e n d i f 


/ * 

* These  macros  are  the  ones  actually  used  most  often  in  the  math  library. 

* They  take  and  return  pointers  to  the  *end*  of  the  given  buffer,  and 

* take  sizes  in  terms  of  words,  not  bytes. 

* 

* Note  that  BNIALLOC  takes  the  pointer  as  an  argument  instead  of  returning 

* the  value. 

* 

* Note  also  that  these  macros  are  only  useable  if  you  have  included 

* bni.h  (for  the  BIG  and  BIGLITTLE  macros),  which  this  file  does  NOT  include. 
*/ 

#define  BN  I A L L0 C ( p , t y p e , w o r d s ) BIGLITTLEC  \ 

if  ( ( ( p ) = (type  * ) bn i M e m A l l o c ( ( w o rd s ) * s i z e o f * ( p ) ) ) !=  0)  \ 

(p)  +=  (words),  \ 
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# d e f 
ft  d e f 

ft  d e f 


(p)  - (type  * ) bn i M em A l l o c ( ( wo r d s ) * sizeof*(p))  \ 

) 

ne  BNI  FREE (p, words  ) b n i M e m F r e e ( ( p ) B I G ( - ( wo r d s ) ) , (words) 
ne  B N I R E A L LO C ( p , o L d , n e w ) \ 

bniRealloc(p,  (old)  * sizeof*(p),  (new)  * sizeof*(p)) 
ne  BN  I W I P E ( p , wo rd s ) bn i MemW i pe ( ( p ) B I G ( - ( wo rd s ) ) , (words) 


* sizeof*(p)) 

* sizeof*(p)) 
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bninit!6.c 


/* 

★ 

bn i n i t 1 6 . c 

- Provide  an  init  function  that 

sets  things  up  for  16 

-bit 

* 

operation. 

This  is 

a seaparate  tiny  file 

s 0 

you 

can  compile  two 

bn 

* 

packages  i 

n t o the  l 

ibrary  and  write  a custom 

init 

routine. 

* 

Written  in 

1995  by 

Colin  Plumb. 

* 

*/ 

$ I d : bn i n i 

1 1 6 . c , v 1 

. 7 1 996/1  1 /I  2 01:42:45 

m h w 

Exp 

$ 

^include  "bn.h" 
^include  " bnl 6 . h " 

void 

bnlnit(void) 

bn  I n i t_1 6 ( ) ; 

> 
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bnippc.c 

//include  "bnippc.h 


/* 

* bnippc.c  - Assembly  primitives  for  the  bignum  library,  PowerPC  version. 

* 

* $ I d : bnippc.c, v 1.2. 2.1  1996/1  1 /1  4 04:09:23  cbertsch  Exp  $ 

★ 

* Register  usage  during  function  calls  is: 

* r0  - volatile 

* rl  - stack  pointer,  preserved 

* r2  - TOC  pointer,  preserved 

* r3  - First  argument  and  return  value  register 

* r4-r10  - More  argument  registers,  volatile 

* r 1 1 - r 1 2 - Volatile 

* r13-r31  - Preserved 

* LR,  CTR,  XER  and  MQ  are  all  volatile. 

* LR  holds  return  address  on  entry. 

* 

* On  the  PPC  601,  unrolling  the  loops  more  doesn't  seem  to  speed  things 

* up  at  all.  I'd  be  curious  if  other  chips  differed. 

* / 

ft  i f MWERKS  < 0x800 


//include  "ppcasm.h"  /*  PowerPC  assembler  */ 


/ * 

* MulNI  expects  (*out,  *i n,  ten, 

* r 3 r 4 r 5 


* / 

static  const  unsigned  mulNlC]  = { 
PPC_LWZ ( 7,4,0 ) , /* 

P P C_M  ULLW(8,7,6),  /* 

PPC_MTCTR ( 5 ) , /* 

P P C_A  DDIC(0,0,0),  /* 

P P C_M  ULHWU(5,7,6),  /* 

P P C_S  TW(8,3,0), 

PPC_BC ( 1 8,31 ,7) , /* 

/ * Loop:  * / 

PPC_LWZU(7,4,4),  /* 

P P C_M  ULLW(8,7,6),  /* 

PPC_ADDE( 8,8,5),  /* 

PPC_STWU(8,3,4) , /* 

PPC_MULHWU( 5,7,6) , /* 

PPC_BC ( 1 6,31 ,-5  ) , /* 

/ * Label:  */ 

PPC_ADDZ E ( 5 , 5 ) , /* 

PPC_STW( 5,3,4) , /* 

P P C_B  L R ( ) 

>; 


/ * 

* MulAddl  expects  (*out,  *in,  len 

* r 3 r 4 r 5 

* / 

static  unsigned  const  mulAddIC]  = 
PPC_LWZ(7,4,0),  /* 

P P C_L W Z (0,3,0),  /* 

P P C_M  ULLW(8,7,6),  /* 


k),  count  >=  1 
r 6 


Load  first  word  of  in  in  r7  */ 

Low  half  of  multiply  in  r8  */ 

Move  len  into  CTR  */ 

Clear  carry  bit  for  loop  */ 

High  half  of  multiply  in  r5  */ 

Branch  to  Label  if  — ctr  ==  0 */ 

r7  = *++in  */ 

r8  = low  word  of  product  */ 

Add  carry  word  r5  and  bit  CF  to  r8  */ 

*++out  = r8  */ 

r5  is  high  word  of  product,  for  carry  word*/ 
Branch  to  Loop  if  --ctr  !=  0 */ 

Add  carry  flag  to  r5  */ 
outEIH  = r5  * / 


, k),  count  >=  1 
r 6 

Load  first  word  of  in  in  r7  */ 
Load  first  word  of  out  into  r0  */ 
Low  half  of  multiply  in  r8  */ 
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PPC_ 

MTCTR ( 5 ) , 

/ * 

Move  len  into  CTR 

*/ 

PPC_ 

MULHWU(5,7,6), 

/* 

High  half 

of  multi 

ply  in  r 5 

*/ 

PPC_ 

ADDC(8,8,0), 

/* 

r8  = r8  + 

r 0 * / 

PPC_ 

,S  T W ( 8 , 3 , 0 ) , 

/* 

Store  result  to 

memory  * / 

PPC_ 

BC( 18,31 ,10), 

/* 

Branch  to 

Label 

i f 

-- c t r = = 

0 */ 

Loop  : 

*/ 

PPC_ 

LWZU(7,4,4), 

/* 

r7  = * + + i n 

*/ 

PPC_ 

LWZU(0,3,4) , 

/* 

rO  = *++out  * / 

PPC_ 

MULLW(8,7,6) , 

/ * 

r8  = low  word  of  product  */ 

PPC_ 

ADDE(8,8,5), 

/* 

Add  carry 

word 

r 5 

and  carry 

b i t 

C F 

t 0 

r 8 */ 

PPC_ 

MULHWU(5,7,6), 

/* 

r 5 is  high 

word 

o f 

product. 

for 

carry 

word*/ 

PPC_ 

ADDZE(5,5), 

/* 

Add  carry 

bit  from 

low  add 

to  r 5 

*/ 

PPC_ 

ADDC(8,8,0), 

/* 

+ 

00 

L. 

II 

00 

L. 

r 0 * / 

PPC_ 

STW(8,3,0)  , 

/* 

*out  = r8 

*/ 

PPC_ 

BC(16,31,-8), 

/ * 

Branch  to 

Loop 

i f 

-- c t r ! = 

0 */ 

Label 

: */ 

PPC_ 

ADDZE(3,5), 

/* 

Add  carry 

flag 

t 0 

r5  and  move  to 

r 3 

*/ 

PPC  BLRO 


/ * 

* MulSubl  expects  (*out,  *in,  len,  k),  count  >=  1 

* r 3 r4r5r6 

* 

* Multiply  and  subtract  is  rather  a pain.  If  the  subtract  of  the 

* low  word  of  the  product  from  outCil  generates  a borrow,  we  want  to 

* increment  the  carry  word  (initially  in  the  range  0 . . 0 x f f f f f f f e ) . 

* However,  the  PPC's  carry  bit  CF  is  *clear*  after  a subtract,  so 

* we  want  to  add  ( 1 — C F ) to  the  carry  word.  This  is  done  using  two 

* instructions: 


* 

* SUBFME,  subtract  from  minus  one  extended.  This  computes 

* rO  = ~rS  + Oxffffffff  + CF.  Since  rS  is  from  0 to  Oxfffffffe, 

* ~rS  is  from  1 through  Oxffffffff,  and  the  sum  with  0 x f f f f f f f f + C F is 

* from  0 through  Oxfffffffff,  setting  the  carry  flag  unconditionally,  and 

* NOR,  which  is  used  as  a bitwise  invert  NOT  instruction. 

* 


* The  SUBFME  performs  the  computation  rD  = ~rS  + Oxffffffff  + CF, 

* = (-rS  - 1)  + (CF  - 1)  = -(rS  - CF  + 1)  - 1 = ~(rS  + 1-CF), 

* which  is  the  bitwise  complement  of  the  value  we  want. 

* We  want  to  add  the  complement  of  that  result  to  the  low  word  of  the 

* product,  which  is  just  what  a subtract  would  do,  if  only  we  could  get 

* the  carry  flag  clear.  But  it's  always  set,  except  for  SUBFE,  and  the 

* operation  we  just  performed  unconditionally  *sets*  the  carry  flag.  Ugh. 

* So  find  the  complement  in  a separate  instruction. 

* / 


static  unsigned  const  mulSublCH 


PPC. 

_LWZ ( 7,4,0 ) , 

/ * 

Load 

first  word  of  in 

i n 

r 7 

★ / 

PPC. 

_LWZ(0,3,0), 

/* 

Load 

first  word  of  out 

into 

rO  */ 

PPC. 

_MTCTR ( 5 ) , 

/* 

Move 

len  into  CTR  * / 

PPC. 

_MULLW(8,7,6) , 

/* 

Low  half  of  multiply  i 

n r 8 * / 

PPC. 

_MULHWU(5,7,6), 

/* 

High 

half  of  multiply 

i n 

r 5 

*/ 

PPC. 

_SUBFC(8,8,0), 

/* 

r 8 = 

rO  - r8,  setting 

C F 

*/ 

PPC. 

_STW(8,3,0), 

/* 

Store 

result  to  memory 

*/ 

PPC. 

_SUBFME(5,5), 

/* 

First 

of  two  insns  to 

add 

( 1 

-CF)  to 

PPC. 
* / 
PPC. 

_BC (18,31,12), 

/* 

Branch  to  Label  if  — ctr 

~ II 

0 */ 

_LWZU(7,4,4), 

/ * 

r 7 = 

* + + i n * / 

PPC. 

_LWZU(0,3,4), 

/* 

r 0 = 

* + + ou  t * / 

r 5 */ 
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/* 


>; 


PPC_NOR(5,5,5) , /* 

PPC_MULLW(8,7,6) , /* 

PPC_ADDC ( 8,8, 5 ) , /* 

PPC_MULHWU(5,7,6),  /* 

PPC_ADDZE(5,5),  /* 

PPC_SUBFC (8,8,0) , /* 

PPC_STW ( 8,3,0 ) , /* 

PPC_SUBFME( 5,5 ) , /* 

PPC_BC(16,31,-10),  /* 

Label:  * / 

PPC_NOR(3,5,5),  /* 

PPC  BLRO 


Second  of  two  insns  to  add  (1-CF)  to  r5  */ 
r8  = low  word  of  product  */ 

Add  carry  word  r5  to  r8  */ 

r5  is  high  word  of  product,  for  carry  word*/ 
Add  carry  bit  from  low  add  to  r5  */ 
r8  = r0  - r8,  setting  CF  */ 

★out  = r8  */ 

First  of  two  insns  to  add  (1-CF)  to  r5  */ 
Branch  to  Loop  if  — ctr  !=  0 */ 

Finish  adding  (1-CF)  to  r5,  store  in  r3  */ 


# i f 0 
/ * 

* Args:  BNW0RD32  *n,  BNW0RD32  const  *mod,  unsigned  mien,  BNW0RD32  inv) 

* r3  r4  r5  r6 

* r7,  r8  and  r9  are  the  triple-width  accumulator. 

* rO  and  r10  are  temporary  registers. 

* r 1 1 and  r12  are  temporary  pointers  into  n and  mod,  respectively. 

* r2  (!)  is  another  temporary  register. 

* / 

static  unsigned  const  montReducel]  = { 

PPC_MTCTR ( 5 ) , /*  ???  */ 


PPC. 

_LWZ(7,3,0), 

/* 

Load  low  word  of 

n into  r 7 

*/ 

PPC. 

_LW  Z (10,4,0), 

/ * 

Fetch  low  word 

o f 

mod  * / 

PPC. 

_MULLW(0,7,6), 

/* 

Invert  r7  into 

r 0 

* / 

PPC. 

_STW(0,3,0)  , 

/* 

Store  back  for 

future  use  */ 

PPC. 

_MULHWU ( 8, 1 0,7  ) , 

/* 

Get  high  word  of 

whatnot  */ 

PPC. 

_MULLW ( 10,10,7), 

/* 

Get  low  word  of 

it  * / 

PPC. 

_ADDC(7,7,10), 

/ * 

Add  low  word  of 

product  to 

r 7 

PPC. 

_ADDZE(8,8), 

/* 

Add  carry  to  high 

word  * / 

PPC 


PPC_MULHW(8,7,6) , 

P P C_A D D C ( 7 , 7 , 0 ) , /*  Add  inverse  back  to  r7  */ 

P P C_A  DDZE(8,8), 

PPC 


P P C_LW  Z U ( 

/ * Loop:  */ 

P P C_LW  Z U ( 0 , 1 1 ,4), 

P P C_LW  Z U ( 10,23,-4), 

PPC_MULLW (2,0,1 0) , 

PPC_ADDC (7,7,2 ) , 

PPC_MULHWU(0,0,10), 

PPC_ADDE(8,8,0), 

P P C_A  DDZE(9,9), 

P P C_B C ( 1 6 , 3 1 , -7 ) , /*  Branch  to  Loop  if  --ctr  !=  0 */ 

PPC_ADDI C_( count, -1 ) , 

PPC_LWZU(0,x,4) , 

PPC_ADDC ( 0,7,0 ) , 

P P C_S  T W(0,x,0), 

PPC_ADDZE(7,8), 

PPC_ADDZE(8,9), 

PPC_LI (9,0) , 


407 


lib/bn/bnippc.c 


P P C_B  C(xx,2,yy), 


>; 

tie  n d i f 
/ * 

* Three  overlapped  transition  vectors  for  three  functions. 

* A PowerPC  transition  vector  for  a (potentially)  inter-module 

* jump  or  call  consists  of  two  words,  an  instruction  address 

* and  a Table  Of  Contents  (TOC)  pointer,  which  is  loaded  into 

* rl.  Since  none  of  the  routines  here  have  global  variables, 

* they  don't  need  a TOC  pointer,  so  the  value  is  unimportant. 

* This  array  places  an  unintersting  32-bit  value  after  each  address. 

* / 

unsigned  const  * const  bniPPC_tvCD  = ( 
mu  l N1 , 
mulAddl , 
mulSubl, 

0 

>; 

tielse  /*  MWERKS  >=  0x800  */ 

/ * 


* MulNI 

expects 

( * o u t , *in. 

len. 

k),  count  >=  1 

* 

*/ 

asm  void 

r 3 r 4 

r 5 

r 6 

bn i Mu l N1 

_32(register  unsigned 

* o u t 

, register  unsigned  const  *in. 

{ 

register 

unsigned  len 

, r eg 

ister  unsigned  k) 

l w z 

r7 , 0 ( i n ) 

/* 

Load  first  word  of  in  in  r7  */ 

mtctr 

len 

/*  Move  len  into  CTR  */ 

mu  l l w 

r 8 , r 7 , k 

/* 

Low  half  of  multiply  in  r8  */ 

a dd  i c 

r 0 , r 0 , 0 

/* 

Clear  carry  bit  for  loop  */ 

mu l h w u 

l e n , r 7 , k 

/* 

High  half  of  multiply  in  len  */ 

s t w 

r8,0(out) 

/* 

*out  = r8  * / 

mu l hwu 

Len,r7,k 

/* 

len  is  high  word  of  product,  for 

carry 

*/ 

bd  z - 

label 

/* 

Branch  to  Label  if  — ctr  ==  0 */ 

loop: 

l w z u 

r 7 , 4 ( i n ) 

/* 

r7  = *++in  */ 

mu  l l w 

r 8 , r 7 , k 

/ * 

Low  half  of  multiply  in  r8  */ 

adde 

r8,r8,len 

/* 

Add  carry  word  len  and  bit  CF  to 

r 8 */ 

s t w u 

r8,4(out) 

/* 

* + + o u t = r8  * / 

mu l hwu 

len,r7,k 

/* 

len  is  high  word  of  product,  for 

carry 

* / 

bdnz  + 

loop 

/ * 

Branch  to  Loop  if  --ctr  !=  0 */ 

label  : 

addze 

l e n , l e n 

/ * 

Add  carry  flag  to  carry  word  */ 

s t w 

len,4(out) 

b l r 

> 


/ * 

* MulAddl  expects  (*out,  *in,  len,  k),  count  >=  1 

* r3  r 4 r 5 r 6 

* / 

asm  unsigned 

bn i Mu l Add  1 _3 2 ( r e g i s t e r unsigned  *out,  register  unsigned  const  *in, 
register  unsigned  len,  register  unsigned  k) 
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t 


Loop: 


Label  : 


> 


l w z 

r 7, 0 ( i n ) 

/* 

Load  first 

word  of  in  in 

r 7 * / 

l w z 

r0,0(out) 

/* 

Load  first 

word  of  out  into  rO  */ 

mu  l l w 

r 8 , r 7 , k 

/ * 

Low  half  of  multiply  in 

r 8 */ 

mtctr 

l e n 

/* 

Move  len  into  CTR  * / 

mu l hwu 

len,r7,k 

/ * 

High  half 

of  multiply  in 

len  * / 

a d d c 

o 

L_ 

V 

00 

L. 

V 

00 

£_ 

/ * 

“3 

00 

II 

00 

+ 

r 0 * / 

s t w 

r8,0(out) 

/* 

Store  result  to  memory  */ 

bd  z - 

label 

/* 

Branch  to 

Label  if  —ctr 

II 

II 

o 

* 

X 

l w z u 

r 7 , 4 ( i n ) 

/ * 

r 7 = * + + i n 

*/ 

l w z u 

r0,4(out) 

/* 

rO  = *++out  * / 

mu  l l w 

r 8 , r 7 , k 

/* 

r8  = low  word  of  product 

*/ 

adde 

rS,r8,len 

/* 

Add  carry 

word  len  and  carry  bit 

C F 

t 0 

m u l h w u 

l e n , r 7 , k 

/ * 

len  is  high  word  of  product,  for 

carry 

a dd  z e 

l e n , l e n 

/ * 

Add  carry 

bit  from  low  add  to  r5 

* / 

a d d c 

r8,r8,r0 

/ * 

r 8 = r 8 + 

r 0 * / 

s t w 

r8,0(out) 

/* 

★out  = r 8 

* / 

bdnz  + 

loop 

/* 

Branch  to 

Loop  if  --ctr 

* 

O 

II 

a dd  z e 
b l r 

r 3 , r 5 

/* 

Add  carry 

flag  to  r5  and 

move  to 

r 3 

*/ 

/ * 

* MuLSubl  expects  (*out,  *in,  len,  k),  count  >=  1 

* r3  r4r5r6 


★ 

* Multiply  and  subtract  is  rather  a pain.  If  the  subtract  of  the 

* low  word  of  the  product  from  outti]  generates  a borrow,  we  want  to 

* increment  the  carry  word  (initially  in  the  range  0 . . Ox f f f f f f f e ) . 

* However,  the  PPC's  carry  bit  CF  is  *clear*  after  a subtract,  so 

* we  want  to  add  ( 1 — C F ) to  the  carry  word.  This  is  done  using  two 

* instructions: 


★ 

* SUBFME,  subtract  from  minus  one  extended.  This  computes 

* rD  = ~rS  + Oxffffffff  + CF.  Since  rS  is  from  0 to  Oxfffffffe, 

* ~rS  is  from  1 through  Oxffffffff,  and  the  sum  with  Ox f f f f f f f f +C F is 

* from  0 through  Oxfffffffff,  setting  the  carry  flag  unconditionally,  and 

* NOR,  which  is  used  as  a bitwise  invert  NOT  instruction. 


* 


* The  SUBFME  performs  the  computation  rD  = ~rS  + Oxffffffff  + CF, 

* = (-rS  - 1)  + (CF  - 1)  = -(rS  - CF  + 1)  - 1 = ~(rS  + 1-CF), 

* which  is  the  bitwise  complement  of  the  value  we  want. 

* We  want  to  add  the  complement  of  that  result  to  the  low  word  of  the 

* product,  which  is  just  what  a subtract  would  do,  if  only  we  could  get 

* the  carry  flag  clear.  But  it's  always  set,  except  for  SUBFE,  and  the 

* operation  we  just  performed  unconditionally  *sets*  the  carry  flag.  Ugh. 

* So  find  the  complement  in  a separate  instruction. 

* / 


asm  unsigned 

bn i Mu l S ub 1 3 2 ( r eg i s t e r unsigned  *out,  register  unsigned  const  *in. 


register 

unsigned  len. 

r e g i ster 

unsigned  k) 

l w z 

r7,0(in) 

/* 

Load 

first  word  of  in 

in  r7  * / 

l w z 

r0,0(out) 

/ * 

Load 

first  word  of  out 

into  rO  */ 

mtctr 

len 

/* 

Move 

len  into  CTR  * / 

mu  l l w 

r 8 , r 7 , k 

/* 

Low 

half  of  multiply  i 

n r 8 * / 

mu  l hwu 

l en, r7,  k 

/* 

High 

half  of  multiply 

in  len  * / 
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s u b f c 

r8,r8,r0 

/* 

r8  = rO  - r8,  setting  CF  */ 

stw 

r8,0(out) 

/* 

Store  result  to  memory  */ 

subf me 

l e n , l e n 

/* 

First  of  two  insns  to  add  (1- 

C F ) 

t 0 

l e n 

*/ 

bd  z - 

label 

/* 

Branch  to  Label  if  — ctr  ==  0 

* / 

loop: 

Iwzu 

r7,4(in) 

/* 

r7  = *++in  */ 

Iwzu 

r0,4(out) 

/* 

r0  = *++out  */ 

nor 

len, len,  len 

/* 

Second  of  two  insns  to  add  (1 

-C  F ) 

t 0 

l e n 

★ / 

mu  l l w 

r 8 , r 7 , k 

/* 

r8  = low  word  of  product  */ 

a dd  c 

r8,r8,len 

/* 

Add  carry  word  ten  to  r8  */ 

mulhwu 

len,r7,k 

/ * 

len  is  high  word  of  product. 

for 

carry  * / 

a dd  z e 

len,  len 

/ * 

Add  carry  bit  from  low  add  to 

l e n 

*/ 

s u b f c 

r8,r8,r0 

/* 

r8  = rO  - r8  */ 

stw 

r8 , 0 ( ou  t ) 

/* 

*out  = r8  */ 

s u b f m e 

l e n , l e n 

/ * 

First  of  two  insns  to  add  (1- 

C F ) 

t 0 

len 

* / 

bdnz  + 

loop 

/* 

Branch  to  Loop  if  --ctr  !=  0 

* / 

label  : 

nor 

r3,r5,r5 

/ * 

Finish  adding  ( 1 — C F ) to  len. 

store  i 

n r 3 

*/ 

> 

b l r 

# e nd  i f /*  MWERKS  >=  0x800  */ 

/*  45678901234567890123456789012345678901234567890123456789012345678901234567*/ 
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bnippc.h 

//ifndef  BNIPPC_.H 
//define  BNIPPC_H 

/* 

* A s s emb L y- L a ng u a g e routines  for  the  Power  PC  processor. 

* Annoyingly,  the  Power  PC  does  not  have  64/32->32  bit  divide, 

* so  the  C code  should  be  reasonably  fast.  But  it  does  have 

* 32x32->64-bi t multiplies,  and  these  routines  provide  access 

* to  that. 

* 

* In  versions  of  CodeWarrior  before  8.0,  there  was  no  PPC  assembler, 

* so  a kludged-up  one  in  CPP  is  used.  This  requires  casting  an 

* array  of  unsigneds  to  function  pointer  type,  and  a function  pointer 

* is  not  a pointer  to  the  code,  but  rather  a pointer  to  a (code, TOC) 

* pointer  pair  which  we  fake  up. 

* 

* CodeWarrior  8.0  supports  PCC  assembly,  which  is  used  directly. 

* 

* $Id:  bnippc.h, v 1.2  1996/11/12  01:42:46  mhw  Exp  $ 

*/ 

/ * 

* Bignums  are  stored  in  arrays  of  32-bit  words,  and  the  least 

* significant  32-bit  word  has  the  lowest  address,  thus  "little-endian". 

* The  C code  is  slightly  more  efficient  this  way,  so  unless  the 

* processor  cares  (the  PowerPC,  like  most  RISCs,  doesn't),  it  is 

* best  to  use  BN_L I TT L E_E N D I A N . 

* Note  that  this  has  NOTHING  to  do  with  the  order  of  bytes  within  a 32-bit 

* word;  the  math  library  is  insensitive  to  that. 

* / 

//define  BN_L I TT L E_E N D I A N 1 

typedef  unsigned  bnword32; 

//define  BNW0RD32  bnword32 

//if  MWERKS < 0x800 

/ * Shared  transition  vector  array  * / 
extern  unsigned  const  * const  bn i P P C_t v C 3 ; 

/*  A function  pointer  on  the  PowerPC  is  a pointer  to  a transition  vector  */ 
//define  bniMulN1_32  \ 

((void  (*)(bnword32  *,  bnword32  const  *,  unsigned,  bn wo r d 3 2 ) ) ( bn i P P C_t v+0 ) ) 
//define  bn  i Mu  l Add  1 3 2 \ 

((bnword32  (*)(bnword32  *,  bnword32  const  *,  unsigned,  bn w o r d 3 2 ) ) ( bn i P P C_t v+ 1 ) ) 
//define  bn  i Mu  l Sub1_32  \ 

((bnword32  (*)(bnword32  *,  bnword32  const  *,  unsigned,  bn w o r d 3 2 ) ) ( bn i P P C_t v+2 ) ) 
//else  /*  MWERKS >=  0x800  */ 

void  bni Mu  INI 3 2 (bnword32  *,  bnword32  const  *,  unsigned,  bnword32); 

//define  bniMulNl_32  bniMulNl_32 

bnword32  bniMulAdd1_32(bnword32  *,  bnword32  const  *,  unsigned,  bnword32); 
//define  bn  i Mu  l Add1_32  bn  i Mu  l Add1_32 

bnword32  bniMulSub1_32(bnword32  *,  bnword32  const  *,  unsigned,  bnword32); 
//define  bn  i Mu  l Sub1_32  bn  i Mu  l Sub1_32 

# e n d i f /*  MWERKS >=  0x800  */ 
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# e nd i f /*  BNIPPC_H  */ 


■ 
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bnprint.c 

/ * 

* bnprint.c  - Print  a bignum,  for  debugging  purposes. 

* 

* Written  by  Colin  Plumb. 

* 

* $ I d : bnprint.c, v 1.1  5 1 996/1  1 /1  2 01:42:46  mhw  Exp  $ 

* / 

# i f nde  f H A V E_C 0 N F I G_H 
//define  H A V E_C 0 N F I G_H  0 
//  e nd  i f 

# i f H A V E_C  0 N F I G_H 
//include  "config.h" 

//  e nd  i f 


/* 

* Some  compilers  complain  about  //if  F00  if  F00  isn't  defined, 

* so  do  the  A N S I -ma nd a t ed  thing  explicitly... 

* / 

# i f ndef  N 0_S  T R I N G_H 
//define  N 0_S  T R I N G_H  0 
//  e nd  i f 

//  i f nde  f H A V E_S T R I NG S_H 

# d e f i n e H A V E_S T R I NG S_H  0 

# e n d i f 

//include  <stdio.h> 


//if  ! N 0_S  T R I N G_H 
^include  <string.h> 

//  e l i f HAVE_STRINGS_H 
//include  <st  r i ngs . h> 
//end  i f 


//include  "bn.h" 
//include  "bnprint.h" 

^include  "kludge. h" 


i n t 

bnPrintCFILE  *f,  char  const  *prefix,  struct  BigNum  const  *bn, 
char  const  *suffix) 
t 

unsigned  char  temp[32D;  /*  How  much  to  print  on  one  line  */ 
unsigned  len; 
s i z e_t  i ; 

if  (prefix  SS  f p u t s ( p r e f i x , f)  < 0) 
return  EOF; 


len  = (bnBits(bn)  + 7)/  8; 


if  ( ! I e n ) { 


> else 


i f 


(putcC'O1,  f)  < 0) 
return  EOF; 


while  (len  > s i zeof ( temp  ) ) { 
len  -=  sizeof (temp); 
bnExtractBigBytes(bn, 


temp. 


len,  si zeof ( temp) ) ; 
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> 

return 


for  (i  = 0;  i < sizeof(temp);  i + + ) 

if  (fprintfCf,  "%02X",  tempCill) 
return  EOF; 

if  (putc( ' \\ 1 , f)  < 0 ||  putc('\n',  f) 

return  EOF; 
if  (prefix)  { 

i = strlen(prefix); 
while  ( i -- ) 

if  ( pu  t c ( 1 f)  < 0) 
return  EOF; 


> 


> 

bnExtractBigBytesCbn,  temp,  0,  len); 
for  (i  = 0;  i < len;  i + + ) 

if  (fprintfCf,  "%02X",  tempM])  < 0) 
return  EOF; 


suffix  ? f pu t s ( s u f f i x , f) 


> 


lib/bn/bnprint.h 


bnprint.h 


/* 

* $ I d : 

* / 

bnprint.h, v 1.7  1996/11/12  01:42:46  mhw  Exp  $ 

ft  i f nd  e f 
# d e f i n e 

B N P R I N T_H 

BNPRINT  H 

^include  < s t d i o . h > 
struct  BigNum; 

# i f n d e f T Y P E_B I G N U M 
^define  T Y P E_B I G N U M 1 
typedef  struct  BigNum  BigNum; 
ft  e nd  i f 

int  bnPrintCFILE  * f , char  const  *prefix,  struct  BigNum  const  *bn, 
char  const  *suffix); 

# e n d i f /*  BNPRINT  H */ 
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bnsizeOO.h 

/ * 

* bnsizeOO.h  - pick  the  correct  machine  word  size  to  use. 

★ 

* Written  by  Colin  Plumb. 

* 

* $ I d : bnsizeOO.h,v  1.7  1 996/1  1 /1  2 01:42:46  mhw  Exp  $ 

★ / 

//include  "bni.h"  /*  Get  basic  information  */ 

ft  if  ! BNSIZE64  SS  ! BNSIZE32  SS  ! BNSIZE16  SS  d e f i n e d ( B N W 0 R D 6 4 ) 

ft  if  def  ined(BNW0RDl28)  ||  ( d e f i n ed  ( bn  i Mu  l Add  1 _64  ) SS  d e f i n e d ( b n i Mu  l S u b 1 _64  ) ) 

ft  define  BNSIZE64  1 

ft  etif  de  f i ned  ( mu  l 64_ppmm  ) ||  d e f i n ed  ( mu  l 6 4_ppmma  ) ||  d e f i n e d ( mu  l 6 4_ppmma  a ) 

ft  define  BNSIZE64  1 
tf  e n d i f 
//end  i f 

//if  ! BNSIZE64  SS  ! BNSIZE32  SS  1BNSIZE16  SS  d e f i n e d ( B N W 0 R D 3 2 ) 

ft  if  defined(BNW0RD64)  ||  Cdefined(bniMulAdd1_32)  SS  defined(bniMulSub1_32)) 
if  define  BNSIZE32  1 

tf  elif  d e f i n ed  ( mu  l 3 2_ppmm  ) ||  def  i ned  ( mu  l 32_ppmma  ) ||  d e f i n ed  ( mu  l 3 2_ppmma  a ) 

tf  define  BNSIZE32  1 
ft  e n d i f 
ft  end  i f 


ft  if  ! BNSIZE64  SS  1BNSIZE32  SS  1BNSIZE16  SS  d e f i n e d ( B N W 0 R D 1 6 ) 

tf  if  defined(BNWORD32)  ||  Cdefined(bniMulAdd1_16)  SS  defined(bniMulSub1_16)) 
ft  define  BNSIZE16  1 

tf  elif  de  f i ned  ( mu  1 1 6_ppmm  ) ||  d e f i n e d ( m u 1 1 6_p  pmma  ) ||  d e f i n e d ( m u 1 1 6_p  pmm  a a ) 
tf  define  BNSIZE16  1 
tf  e n d i f 
tf  e n d i f 


//if  ! BNSIZE64  SS 
//error  Unable  to 
tf  e nd  i f 


! BNSIZE32  SS  1BNSIZE16 
find  a viable  word  size 


t o 


compile  bignum 


library. 
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dsaprime.c 

/* 

* Digital  Signature  Algorithm  prime  generation  using  the  bignum 

* library  and  sieving. 

* 

* Written  by  Colin  Plumb. 

* 

* $Id:  dsaprime.c, v 1.12  1996/11/12  01:42:47  mhw  Exp  $ 

* / 

//include  <assert . h> 

//include  <stdarg.h> 

//include  <string.h> 
ft  if  BNDEBUG 
//include  <stdio.h> 
ft  end  i f 

//include  "kludge. h" 

//include  "bn.h" 

//include  "bnimem.h"  /*  For  bniMemWipe  */ 

//include  "dsapri  me  . h" 

//include  "sieve. h" 


/*  Size  of  the  sieve  area  (can  be  up  to  65536/8  = 8192)  */ 
//define  SIEVE  1024 


/ * 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
ic 
* 
* 
* 
ic 
* 
★ 
* 
* 
* 
* 
* 
* 
* 
* 


Helper  function  that  does  the  slow  primality  test. 

bn  is  the  input  bignum;  a and  e are  temporary  buffers  that  are 

allocated  by  the  caller  to  save  overhead. 

Returns  0 if  prime,  >0  if  not  prime,  and  -1  on  error  (out  of  memory). 

If  not  prime,  the  return  value  is  the  number  of  modular  exponentiations 
performed.  Calls  the  progress  function  with  progress  indicators  as 
tests  are  passed. 


Currently,  the  testing  performs  Euler  tests,  to  the  bases  2,  3,  5,  7, 

11,  13  and  17.  (An  Euler  test  is  a slightly  strengthened  Fermat  test; 
Euler  pseudoprimes  are  a subset  of  Fermat  pseudoprimes.)  Some  people 
worry  that  this  might  not  be  enough.  Number  theorists  may  wish  to 
generate  primality  proofs,  but  for  random  inputs,  this  returns  non-primes 
with  a probability  which  is  quite  negligible,  which  is  good  enough. 

NOTE  that  for  NON-random  inputs,  there  are  indeed  numbers  which  are 
strong  pseudoprimes  to  a lot  of  bases.  Up  to  1/4  of  all  bases  0 < b < n. 


It  has  been  proved  (see  Carl  Pomerance,  "On  the  Distribution  of 
Pseudoprimes",  Math.  Comp.  v.  37  (1  981  ) pp.  587-593  ) that  the  number 
of  pseudoprimes  (composite  numbers  that  pass  a Fermat  test  to  the 
base  2)  less  than  x is  bounded  by: 

exp(ln(x)A(5/14))  <=  P_2  ( x ) ft  ft  ft  CHECK  THIS  FORMULA  - it  looks  wrong! 
P_2 ( x ) <=  x * exp(-1/2  * ln(x)  * ln(ln(ln(x)))  / ln(ln(x))). 

Thus,  the  local  density  of  Pseudoprimes  near  x is  at  most 
exp(-1/2  * ln(x)  * l n ( l n ( l n ( x ) ) ) / ln(ln(x))),  and  at  least 


fttttt 


exp(ln(x)A(5/14)  - ln(x)) 
for  various  k-bit  numbers 


Bits  Density  <=  Bit 

1 28  3 . 577869e-07  21 

192  4.175629e-10  31 

256  5 . 80431 4e-1 3 40 

384  1 . 578039e-1 8 59 


Here  are 
= 2 A k : 
equivalent 
414396 
157288 
647940 
136573 


some  values  of  this  function 


Density  >= 

4 . 20221  3e-37 
4 . 936250e-56 
4 . 97781  3e-75 
3 . 938861  e-1 1 3 


Bit  equivalent 
120.840190 
1 83. 724558 
246 .829095 
373 . 400096 
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* 512  5.858255e-24 

* 768  1 . 489276e-34 

* 1024  6.6331 88e-45 


77 . 1 75803 
1 1 2.  370944 
1 46 .757062 


2 . 563353e-1 51  500.253110 
7 . 872825e-228  754.422724 
1 . 882404e-304  1 008.953565 


★ 

* As  you  can  see,  there's  quite  a bit  of  slop  between  these  estimates. 

* In  fact,  the  density  of  pseudoprimes  is  conjectured  to  be  closer 

* to  the  square  of  that  upper  bound.  E.g.  the  density  of  pseudoprimes 

* of  size  256  is  around  3 * 10A-27.  The  density  of  primes  is  very 

* high,  from  0.005636  at  256  bits  to  0.001409  at  1024  bits,  i.e. 

* more  than  10A-3. 


* 

* For  those  people  used  to  cryptographic  levels  of  security  where  the 

* 56  bits  of  DES  key  space  is  too  small  because  it's  exhaustible  with 

* custom  hardware  searching  engines,  note  that  you  are  not  generating 

* 50,000,000  primes  per  second  on  each  of  56,000  custom  hardware  chips 

* for  several  hours.  The  chances  that  another  Dinosaur  Killer  asteroid 

* will  land  today  is  about  1 0 A — 1 1 or  2A-36,  so  it  would  be  better  to 

* spend  your  time  worrying  about  *that*.  Well,  okay,  there  should  be 

* some  derating  for  the  chance  that  astronomers  haven't  seen  it  yet,  but 

* I think  you  get  the  idea.  For  a good  feel  about  the  probability  of 

* various  events,  I have  heard  that  a good  book  is  by  E'mile  Borel, 

* "Les  P r oba b i l i t e ' s et  la  vie".  (The  's  are  accents,  not  apostrophes.) 

* 

* For  more  on  the  subject,  try  "Finding  Four  Million  Large  Random  Primes”, 

* by  Ronald  Rivest,  in  Advancess  in  Cryptology:  Proceedings  of  Crypto  '90. 

* He  used  a small-divisor  test,  then  a Fermat  test  to  the  base  2,  and  then 

* 8 iterations  of  a Miller-Rabin  test.  About  718  million  random  256-bit 

* integers  were  generated,  43,741,404  passed  the  small  divisor  test, 

* 4,058,000  passed  the  Fermat  test,  and  all  4,058,000  passed  all  8 

* iterations  of  the  Miller-Rabin  test,  proving  their  primality  beyond  most 

* reasonable  doubts. 

* 

* If  the  probability  of  getting  a pseudoprime  is  some  small  p,  then 

* the  probability  of  not  getting  it  in  t trials  is  Cl— p)At  . Remember 

* that,  for  small  p,  (1— p)A(1/p)  ~ 1/e,  the  base  of  natural  logarithms. 

* (This  is  more  commonly  expressed  as  e = l i m_{ x \ t o \ i n f t y > (1+1/x)Ax.) 

* Thus,  ( 1 — p ) A t “ eA(-p*t)  = exp(-p*t).  So  the  odds  of  being  able  to 

* do  this  many  tests  without  seeing  a pseudoprime  if  you  assume  that 

* p = 1 0 A — 6 (one  in  a million)  is  one  in  57.86.  If  you  assume  that 

* p = 2*10A-6,  it's  one  in  3347.6.  So  it's  implausible  that  the 

* density  of  pseudoprimes  is  much  more  than  one  millionth  the  density 

* of  primes. 

* 

* He  also  gives  a theoretical  argument  that  the  chance  of  finding  a 

* 256-bit  non-prime  which  satisfies  one  Fermat  test  to  the  base  2 is  less 

* than  1 0 A — 2 2 . The  small  divisor  test  improves  this  number,  and  if  the 

* numbers  are  512  bits  (as  needed  for  a 1024-bit  key)  the  odds  of  failure 

* shrink  to  about  10A-44.  Thus,  he  concludes,  for  practical  purposes 

* *one*  Fermat  test  to  the  base  2 is  sufficient. 

*/ 

static  i n t 

p r i me T e s t ( s t r u c t BigNum  const  *bn,  struct  BigNum  *e,  struct  BigNum  *a, 
int  (*f)(void  *arg,  int  c),  void  *arg) 

{ 

int  err; 
unsigned  i,  j; 
unsigned  k,  l; 

static  unsigned  const  primesll]  = -C2,  3,  5,  7,  11,  13,  17>; 

# d e f i n e C0NFIRMTESTS  7 
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#if  BNDEBUG  /*  Debugging  */ 


# e nd  i f 


/ * 

* This  is  debugging  code  to  test  the  sieving  stage. 

* If  the  sieving  is  wrong,  it  will  Let  past  numbers  with 

* small  divisors.  The  prime  test  here  will  still  work,  and 

* weed  them  out,  but  you'll  be  doing  a lot  more  slow  tests, 

* and  presumably  excluding  from  consideration  some  other  numbers 

* which  might  be  prime.  This  check  just  verifies  that  none 

* of  the  candidates  have  any  small  divisors.  If  this 

* code  is  enabled  and  never  triggers,  you  can  feel  quite 

* confident  that  the  sieving  is  doing  its  job. 

* / 


i - 

bnModGK  bn  , 

30030); 

/*  30030 

= 2 

★ 

3*5*7*11*13*/ 

i f 

( ! ( i 

% 2 ) ) 

pr i nt f ( " 

bn  d i v by  2 

! " ) ; 

i f 

( ! ( i 

1 3)  ) 

p r i n t f ( " 

bn  d i v by  3 

!"); 

i f 

( ! ( i 

% 5 ) ) 

p r i n t f ( " 

bn  d i v by  5 

! "); 

i f 

( ! ( i 

% 7)  ) 

p r i n t f ( " 

bn  d i v by  7 

! " ) ; 

i f 

( ! ( i 

% 11)) 

p r i n t f ( 

"bn  d i v by 

11!" 

); 

i f 

( ! ( i 

% 13)) 

p r i n t f ( 

"bn  d i v by 

13!" 

); 

i = 

bnModGKbn, 

7429); 

/*  7429  = 

1 7 

★ 

19  * 23  */ 

i f 

( ! ( i 

% 17)) 

p r i n t f ( 

"bn  d i v by 

17!" 

); 

i f 

( ! ( i 

% 19)) 

p r i n t f ( 

"bn  d i v by 

19!" 

); 

i f 

( ! ( i 

% 23)  ) 

p r i n t f ( 

"bn  d i v by 

23  ! " 

>; 

i = 

bnModGKbn, 

33263); 

/*  33263 

= 29 

★ 

31  * 37  */ 

i f 

( ! ( i 

% 29)  ) 

p r i n t f ( 

"bn  d i v by 

2 9!" 

); 

i f 

( ! ( i 

% 31  ) ) 

p r i n t f ( 

"bn  d i v by 

31  ! " 

); 

i f 

( ! ( i 

% 37  ) ) 

p r i n t f ( 

"bn  d i v by 

37  ! " 

); 

/* 

* 

Now, 

check 

that  bn 

is  prime. 

If  it 

passes  to  the  base  2, 

* it's  prime  beyond  all  reasonable  doubt,  and  everything  else 

* is  just  gravy,  but  it  gives  people  warm  fuzzies  to  do  it. 


* 


* This  starts  with  verifying  Euler's  criterion  for  a base  of  2. 

* This  is  the  fastest  pseudopr i ma  l i ty  test  that  I know  of, 

* saving  a modular  squaring  over  a Fermat  test,  as  well  as 

* being  stronger.  7/8  of  the  time,  it's  as  strong  as  a strong 

* pseudopr i ma 1 i ty  test,  too.  (The  exception  being  when  bn  == 

* 1 mod  8 and  2 is  a quartic  residue,  i.e.  bn  is  of  the  form 

* aA2  + ( 8 * b ) A 2 . ) The  precise  series  of  tricks  used  here  is 

* not  documented  anywhere,  so  here's  an  explanation. 

* Euler's  criterion  states  that  if  p is  prime  then  aA((p-1)/2) 

* is  congruent  to  Jacobi(a,p),  modulo  p.  Jacobi(a,p)  is 

* a function  which  is  +1  if  a is  a square  modulo  p,  and  -1  if 

* it  is  not.  For  a = 2,  this  is  particularly  simple.  It's 

* +1  if  p ==  +/- 1 (mod  8),  and  -1  if  m ==  + /-3  (mod  8). 

* If  p ==  3 mod  4,  then  all  a strong  test  does  is  compute 

* 2A((p-1)/2).  and  see  if  it's  +1  or  -1.  (Euler's  criterion 

* says  *which*  it  should  be.)  If  p ==  5 (mod  8),  then 

* 2A((p-1)/2)  is  -1,  so  the  initial  step  in  a strong  test, 

* looking  at  2A((p-1)/4),  is  wasted  - you're  not  going  to 

* find  a +/- 1 before  then  if  it  *is*  prime,  and  it  shouldn't 

* have  either  of  those  values  if  it  isn't.  So  don't  bother. 

* 

* The  remaining  case  is  p ==  1 (mod  8).  In  this  case,  we 

* expect  2A((p-1)/2)  ==  1 (mod  p),  so  we  expect  that  the 

* square  root  of  this,  2A((p-1)/4),  will  be  +/-1  (mod  p). 
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* Evaluating  this  saves  us  a modular  squaring  1/4  of  the  time. 

* If  it's  -1,  a strong  p s e u d o p r i ma l i t y test  would  call  p 

* prime  as  well.  Only  if  the  result  is  +1,  indicating  that 

* 2 is  not  only  a quadratic  residue,  but  a quartic  one  as  well, 

* does  a strong  pseudoprimality  test  verify  more  things  than 

* this  test  does.  Good  enough. 

* 

* We  could  back  that  down  another  step,  looking  at  2A((p-1)/8) 

* if  there  was  a cheap  way  to  determine  if  2 were  expected  to 

* be  a quartic  residue  or  not.  Dirichlet  proved  that  2 is 

* a quartic  residue  iff  p is  of  the  form  aA2  + (8*bA2). 

* All  primes  ==  1 (mod  4)  can  be  expressed  as  aA2  + (2*b)A2, 

* but  I see  no  cheap  way  to  evaluate  this  condition. 

*/ 

if  (bnCopyCe,  bn)  < 0) 
return  - 1 ; 

(void)bnSubQ(e,  1); 
l = bnLSWord(e); 


j - 1;  / * Where  to  start  in  prime  array  for  strong  prime  tests  * / 

i f ( l & 7 ) { 

bnRShiftCe,  1); 

if  ( bn T wo E x pMod ( a , e,  bn)  < 0) 
return  - 1 ; 
if  ( ( l & 7)  ==  6)  { 

/*  bn  ==  7 mod  8,  expect  +1  */ 
if  (bnBits(a)  !=  1) 

return  1;  / * Not  prime  * / 

k = 1; 

> else  { 

/*  bn  ==  3 or  5 mod  8,  expect  -1  = = bn-1  */ 
if  ( bn AddQ ( a , 1)  < 0) 
return  - 1 ; 

if  (bnCmpCa,  bn)  !=  0) 

return  1;  / * Not  prime  * / 

k = 1; 

i f ( l 8 4)  { 

/*  bn  ==  5 mod  8,  make  odd  for  strong  tests  */ 
bnRShiftCe,  1); 
k = 2; 


/*  bn  ==  1 mod  8,  expect  2A((bn-1)/4)  ==  +/-1  mod  bn  */ 
bnRShiftCe,  2); 

if  ( bnTwoExpMod ( a , e,  bn)  < 0) 
return  - 1 ; 

if  CbnBits(a)  ==  1)  { 

j = 0;  / * Re-do  strong  prime  test  to  base  2 * / 

> else  { 

if  ( bn AddQ ( a , 1)  < 0) 
return  - 1 ; 

if  (bnCmpCa,  bn)  !=  0) 

return  1;  /*  Not  prime  */ 

> 

k = 2 + bnMakeOdd(e); 

> 

/*  It's  prime!  Now  go  on  to  confirmation  tests  */ 
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> 


/* 

* Now,  e = (bn-1)/2Ak  is  odd.  k >=  1,  and  has  a given  value 

* with  probability  2A-k,  so  its  expected  value  is  2. 

* j = 1 in  the  usual  case  when  the  previous  test  was  as  good  as 

* a strong  prime  test,  but  1/8  of  the  time,  j = 0 because 

* the  strong  prime  test  to  the  base  2 needs  to  be  re-done. 

*/ 

for  (i  = j ; i < sizeof(primes)/sizeof(*primes);  i++)  { 
if  (f  &&  (err  = f(arg,  '*'))  < 0) 
return  err; 

(void)bnSetQ(a,  primesCid); 
if  CbnExpModCa,  a,  e,  bn)  < 0) 
return  -1; 
if  (bnBits(a)  ==  1) 

continue;  / * Passed  this  test  * / 

l - k; 

for  ( ; ; ) { 

if  ( bnAddQ ( a , 1)  < 0) 
return  - 1 ; 

if  (bnCmpla,  bn)  ==  0)  /*  Was  result  bn-1 ? */ 

break;  / * Prime  * / 

if  ( ! — l ) /*  Reached  end,  not  -1?  luck?  */ 

return  i+2-j;  / * Failed,  not  prime  * / 

/*  This  portion  is  executed,  on  average,  once.  */ 
(void)bnSubQ(a,  1);  / * Put  a back  where  it  was.  * / 

if  (bnSquareCa,  a)  < 0 ||  bnModCa,  a,  bn)  < 0) 
return  -1; 
if  (bnBits(a)  ==  1) 

return  i+2-j;  / * Failed,  not  prime  * / 

> 

/*  It  worked  (to  the  base  primesti])  */ 

> 

/*  Yes,  we've  decided  that  it's  prime.  */ 
if  (f  &&  (err  = f(arg,  '*'))  < 0) 
return  err; 

return  0;  / * Prime!  */ 


/ * 

* Modifies  the  given  bnq  to  return  a prime  slightly  larger,  and  then 

* modifies  the  given  bnp  to  be  a prime  which  is  ==  1 (mod  bnq). 

* This  is  done  by  decreasing  bnp  until  it  is  ==  1 (mod  2*bnq),  and 

* then  searching  forward  in  steps  of  2*bnq. 

* Returns  >=0  on  success  or  -1  on  failure  (out  of  memory).  On 

* success,  the  return  value  is  the  number  of  modular  exponentiations 

* performed  (excluding  the  final  confirmation). 

* This  never  gives  up  searching. 

* 

* int  (*f)(void  *arg,  int  c),  void  *arg 

* The  function  f argument,  if  non-NULL,  is  called  with  progress  indicator 

* characters  for  printing.  A dot  (.)  is  written  every  time  a primality  test 

* is  failed,  a star  (*)  every  time  one  is  passed,  and  a slash  (/)  in  the 

* case  that  the  sieve  was  emptied  without  finding  a prime  and  is  being 

* refilled.  f is  also  passed  the  void  *arg  argument  for  private 

* context  storage.  If  f returns  < 0,  the  test  aborts  and  returns 
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* that  value  immediately. 


★ 

* Apologies  to  structured  programmers  for  all  the  GOTOs. 

* / 


i n t 

d s a P r i m e G e n ( s t r u c t BigNum  *bnq,  struct 
int  (*f)(void  *arg,  int  c),  voi 

{ 

int  retva l ; 
unsigned  p,  prev; 
struct  BigNum  a,  e ; 


int  modexps  = 

0; 

# i f d e f 

MSDOS 

ft  e l s e 

unsigned 

char 

* s i e v e ; 

# e n d i f 

tt  i f d e f 

unsigned 

MSDOS 

char 

sievelSIEVE]; 

BigNum  *bnp, 
d *arg) 


//end  i f 


sieve  = bn i MemA  l l oc ( S I EVE ) ; 
if  ('.sieve) 

return  - 1 ; 


bnBegin(Sa); 

bnBegin(&e); 

/*  Phase  1:  Search  forwards  from  bnq  for  a suitable  prime.  */ 

/*  First,  make  sure  that  bnq  is  odd.  */ 

( vo i d ) bn AddQ ( bnq , ~ b n L S W o r d ( b n q ) & 1); 


for  (;;)  i 

if  (si eveBui  ld(si eve,  SIEVE,  bnq,  2,  1)  < 0) 
goto  failed; 


p = prev  = 0; 
if  (sieveCOH  & 
do  { 


it  i f SIEVE*8*2  >=  65  536 


it  e n d i f 


1 ||  (p  = s i e v e S e a r c h ( s i e v e , SIEVE,  p))  !=  0)  { 

/ * 

* Adjust  bn  to  have  the  right  value, 

* incrementing  in  steps  of  < 65536. 

* 32767  = 65535/2. 

* / 

assert(p  >=  prev); 

prev  = p-prev;  /*  Delta  - add  2*prev  to  bn  * / 


while 


> 


(prev  > 32767)  t 
if  (bnAddGKbnq, 
goto  fa 

prev  -=  32767; 


2*32767)  < 0) 
l ed  ; 


if  (bnAddGKbnq,  2*prev)  < 0) 
goto  failed; 
prev  = p ; 


retval  = primeTest(bnq,  &e,  &a,  f,  arg); 
if  (retval  <=  0) 
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goto  p h a s e 2 ; / * Success!  * / 

modexps  +=  retval; 

if  (f  88  (retval  = f(arg,  < 0) 

goto  done; 


> 


/*  And  try  again  * / 
p = sieveSearchlsieve,  SIEVE,  p ) ; 
> while  (p); 


/*  Ran  out  of  sieve  space  - increase  bn  and  keep  trying. 

# i f SIEVE*8*2  >=  65536 

p = ((SIEVE-1  )*8  + 7)  - prev;  / * Number  of  steps  (of  2) 

while  (p  >=  32737)  { 

if  (bnAddQlbnq,  2*32767)  < 0) 
goto  failed; 
p -=  32767; 

> 


//else 


# e nd  i f 


if  (bnAddQ(bnq,  2*(p+1))  < 0) 
goto  failed; 

if  (bnAddQlbnq,  SIEVE*8*2  - prev)  < 0) 
goto  failed; 

if  (f  88  (retval  = f(arg,  '/'))  < 0) 
goto  done; 

} / * for  (;;)  * / 


/* 

* Phase  2:  find  a suitable  prime  bnp  ==  1 (mod  bnq). 
*/ 


/ * 

* Since  bnp  will  be,  and  bnq  is,  odd,  bnp-1  must  be  a multiple 

* of  2*bnq.  So  start  by  subtracting  the  excess. 

*/ 


p h a s e 2 : 

/*  Double  bnq  until  end  of  bnp  search.  */ 
if  (bnAdd(bnq,  bnq)  < 0) 
goto  failed; 


bnMod(&a,  bnp,  bnq); 
if  (bnBits(&a))  •(  /*  Wi 

( v o i d ) bn S u bQ ( &a , 1); 
if  (bnSub(bnp,  &a)) 
goto  failed; 


> 


l l 


always  be  true,  but...  */ 

/*  Also  error  on  underflow  */ 


/*  Okay,  now  we're  ready.  */ 


for  ( ; ; ) f 

if  ( s i e veBu i l dB i g ( s i eve  , SIEVE,  bnp,  bnq,  0)  < 0) 
goto  failed; 

if  (f  88  (retval  = f(arg,  '/'))  < 0) 
goto  done; 


p = prev  = 0; 

if  (sieveCO]  81  ||  (p  = sieveSearchlsieve,  SIEVE,  p))  != 


/ 

★ / 


0)  ( 
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do  { 

/ * 

* Adjust  bn  to  have  the  right  value, 

* adding  (p-prev)  * 2*bnq. 

*/ 

assert(p  > = prev); 

/*  Compute  delta  into  a */ 
if  (bnMulQC&a,  bnq,  p-prev)  < 0) 
goto  failed; 
if  (bnAddlbnp,  &a)  < 0) 
goto  failed; 
prev  = p ; 

retval  = p r i me T e s t ( bn p , &e,  Sa,  f,  arg); 
if  (retval  <=  0) 

goto  done;  / * Success!  * / 

modexps  +=  retval; 

if  (f  &&  (retval  = f(arg,  < 0) 

goto  done; 

/ * And  try  again  * / 
p = sieveSearch(sieve,  SIEVE,  p); 

> while  (p); 

> 


U i f S I E V E * 8 


# e l s e 
//end i f 


> /* 


/*  Ran  out  of  sieve  space  - increase  bn  and  keep  trying.  */ 
- 65536 

if  (prev)  C 

p = (unsigned) (SIEVE*8ul  - prev); 

> else  C 

/*  Corner  case  that  will  never  actually  happen  */ 
if  (bnAdd(bnp,  bnq)  < 0) 
goto  failed; 
p = 65535; 

> 

p = SIEVE*8  - prev; 

/*  Add  p * bnq  to  bnp  */ 
if  (bnMulQ(8a,  bnq,  p)  < 0) 
goto  failed; 
if  (bnAdd(bnp,  &a)  < 0) 
goto  failed; 

for  (;;)  * / 


f a i led: 

retval  = - 1 ; 


done: 

/*  Shift  bnq  back  down  by  the  extra  bit  again.  */ 
bnRShift(bnq,  1);  /*  Harmless  even  if  bnq  is  random  */ 


ft  i f d e f 
//else 
# e n d i f 


bnEnd(Se); 

bnEnd(Sa); 

MSD0S 

bniMemfreetsieve, 

bniMemWipe(sieve, 


SIEVE); 

sizeof(sieve)); 
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} 


return  retval  < 0 ? 


ret va  L 


modexps  + 2 * C 0 N F I RMT E S T S ; 
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dsaprime.h 

/ * 

* $Id:  dsaprime.h, v 1.5  1996/11/12  01:42:47  mhw  Exp  $ 

* / 

struct  BigNum; 

#ifndef  T Y P E_B I G N U M 

# d e f i n e T Y P E_B I G N U M 1 
typedef  struct  BigNum  BigNum; 

# e n d i f 

#ifdef  cplusplus 

extern  "C"  { 
ft  e nd  i i 

/*  Generate  a pair  o i DSS  primes  */ 

int  d s a P r i me G e n ( s t r u c t BigNum  *bnq,  struct  BigNum  *bnp, 
int  (*f)(void  *arg,  int  c),  void  * a r g ) ; 

#ifdef  cplusplus 

> 

ft  e n d i f 
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files 

files 

Makefile. in 
README . bn 
README . bntest 
bn  . doc 

bnintern.doc 
bn  . c 
bn  . h 
bnOO  . c 
bnl 6 . c 
bn  1 6 . h 
bn32  . c 
bn32  . h 
bn64  . c 
bn64  . h 
bn68000.c 
bn8086 . c 
bninit16.c 
bn i n i t 32  . c 
bn i n i t 64  . c 
bnpri nt  . c 
bnpr i nt  . h 
bnsi zeOO  . h 
bntestOO.c 
bntest16.c 
bntest32 . c 
bntest64.c 
c o n f i g . h i n 
configure 
configure,  in 
c pu t i me  . h 
germain.c 
germain.h 
germtest.c 
j a c o b i . c 
j a c o b i . h 
k l udge . h 
l bn  . h 
l bnOO  . c 
l bn  1 6 . c 
l bn  1 6 . h 
l b n 3 2 . c 
l bn32  . h 
l bn64  . c 
l bn64  . h 
lbn68000.c 
l bn68000  . h 
lbn68020. c 
lbn68020.h 
lbn80386.asm 
lbn80386.h 
lbn8086.asm 
l bn8086 . h 
lbn960jx.s 
Ibnalpha.h 
l bna  l pha  . s 
l bnmem . c 
l bnmem . h 
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es 


L bnppc  . c 
l bnppc  . h 
L e g a L . c 
L ega  l . h 
ppcasm  . h 
prime. c 
p r i me  . h 
s i e v e . c 
s i e v e . h 
sizetest.c 
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germain.c 

/ * 

* Sophie  Germain  prime  generation  using  the  bignum  library  and  sieving. 

★ 

* Written  by  Colin  Plumb. 

★ 

* $Id:  germain.c, v 1.20.2.1  1996/11/14  04:09:24  cbertsch  Exp  $ 

* / 

//  i f nde  f H A V E_C 0 N F I G_H 
//define  H A V E_C 0 N F I G_H  0 
//end  i f 

ft i f H A V E_C  0 N F I G_H 
//include  "config.h" 

//end  i f 


/ * 

* Some  compilers  complain  about  //if  F00  if  F00  isn't  defined, 

* so  do  the  A N S I -ma n d a t e d thing  explicitly... 

* / 

# i f n d e f N0_ASSERT_H 
//define  N 0_A  S S E R T_H  0 
ft e nd i f 

//if  !NO_ASSERT_H 
//include  <assert . h> 

#else 

//define  assert(x)  (void)0 
ft e nd i f 


//define  BNDEBUG  1 
# i f nd  e f BNDEBUG 
//define  BNDEBUG  0 
ft  e nd  i f 
ft  if  BNDEBUG 
//include  <stdio.h> 
//end  i f 


//include 

"bn . h" 

//include 

"germain.h" 

//include 

"jacobi .h" 

# i n c l u d e 

" bn i mem  . h " 

//include 

"sieve.h" 

/*  For  bniMemWipe  */ 


//include  "kludge. h" 

/*  Size  of  the  sieve  area  (can  be  up  to  65536/8  = 8192)  */ 
//define  SIEVE  8192 

static  unsigned  const  confirm!!]  = (2,  3,  5,  7,  11,  13,  17}; 
//define  CONFIRMTESTS  ( s i z e o f ( c o n f i r m ) / s i z e o f ( * c o n f i r m ) ) 


ft  if  BNDEBUG 
/ * 

* For  sanity  checking  the  sieve,  we  check  for  small  divisors  of  the  numbers 

* we  get  back.  This  takes  "rem",  a partially  reduced  form  of  the  prime, 

* "div"  a divisor  to  check  for,  and  "order",  a parameter  of  the  "order" 

* of  Sophie  Germain  primes  (0  = normal  primes,  1 = Sophie  Germain  primes, 

* 2 = 4*p+3  is  also  prime,  etc.)  and  does  the  check.  It  just  complains 

* to  stdout  if  the  check  fails. 

* / 
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static  void 

g e rma  i n S a n i t y ( u n s i g n ed  rein,  unsigned  div,  unsigned  order) 
{ 

unsigned  mul  = 1 ; 


> 

ft  e n d i f 


rem  % = div; 
if  ( ! r em ) 

printf("bn  div  by  %u!\n",  div); 
while  (order--)  { 

rem  +=  rem+1; 
if  (rem  >=  div) 


> 


rem  - = div; 
mul  + = mul; 
if  ( ! rem) 

p r i n t f ( " % u* bn+% u div  by 


%u  ! \ n " 


/ 


mul. 


mu  l - 1 , 


d i v ) ; 


/*  BNDEBUG  */ 


/* 

* Helper  function  that  does  the  slow  primality  test. 

* bn  is  the  input  bignum;  a,  e and  b n 2 are  temporary  buffers  that  are 

* allocated  by  the  caller  to  save  overhead.  bn2  is  filled  with 

* a copy  of  2Aorder*bn+2Aorder-1  if  bn  is  found  to  be  prime. 

* 

* Returns  0 if  both  bn  and  bn2  are  prime,  >0  if  not  prime,  and  -1  on 

* error  (out  of  memory).  If  not  prime,  the  return  value  is  the  number 

* of  modular  exponentiations  performed.  Prints  a '+'  or  on  the 

* given  FILE  (if  any)  for  each  test  that  is  passed  by  bn,  and  a '*' 

* for  each  test  that  is  passed  by  bn2. 

* 

* The  testing  consists  of  strong  p s e u d o p r i m a l i t y tests,  to  the  bases  given 

* in  the  confirm^]  array  above.  (Also  called  M i l l e r - R a b i n , although  that's 

* not  technically  correct  if  we're  using  fixed  bases.)  Some  people  worry 

* that  this  might  not  be  enough.  Number  theorists  may  wish  to  generate 

* primality  proofs,  but  for  random  inputs,  this  returns  non-primes  with 

* a probability  which  is  quite  negligible,  which  is  good  enough. 

* 

* It  has  been  proved  (see  Carl  Pomerance,  "On  the  Distribution  of 

* Pseudoprimes",  Math.  Comp,  v.37  (1981)  pp.  587-593)  that  the  number  of 

* pseudoprimes  (composite  numbers  that  pass  a Fermat  test  to  the  base  2) 

* less  than  x is  bounded  by: 

* exp  ( l n ( x ) A ( 5 / 1 4 ) ) <=  P_2  ( x ) ft  ft  ft  CHECK  THIS  FORMULA  - it  looks  wrong!  ft  ft  ft 

* P_2 ( x ) <=  x * exp(-1/2  * ln(x)  * l n ( l n ( l n ( x ) ) ) / ln(ln(x))). 

* Thus,  the  local  density  of  Pseudoprimes  near  x is  at  most 

* exp(-1/2  * ln(x)  * l n ( l n ( l n ( x ) ) ) / ln(ln(x))),  and  at  least 

* e x p ( l n ( x ) A ( 5 / 1 4 ) - ln(x)).  Here  are  some  values  of  this  function 

* for  various  k-bit  numbers  x = 2 A k : 


★ 

Bits 

Density  <= 

Bit  equivalent 

Density  >= 

Bit  equivalent 

★ 

128 

3 . 577869e-07 

21  .41  4396 

4 . 20221  3e-37 

120.840190 

★ 

192 

4 . 1 75629e-1 0 

31  . 1 57288 

4.936250e-56 

183.724558 

★ 

256 

5 . 80431  4e-1 3 

40 . 647940 

4 . 97781 3e-75 

246 .829095 

★ 

384 

1 . 578039e-1 8 

59 . 1 36573 

3 . 938861 e-1 1 3 

373 . 400096 

★ 

512 

5 . 8582  5 5 e-24 

77 . 1 75803 

2 . 563353e-1 51 

500 .2531  1 0 

★ 

768 

1 . 489276e-34 

1 1 2.  370944 

7 . 872825e-228 

754 . 422724 

★ 

1024 

6 . 6331  88e-45 

1 46 .757062 

1 . 882404e-304 

1 008.953565 

* 

* As  you  can  see,  there's  quite  a bit  of  slop  between  these  estimates. 

* In  fact,  the  density  of  pseudoprimes  is  conjectured  to  be  closer  to  the 
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* square  of  that  upper  bound.  E.g.  the  density  of  pseudoprimes  of  size 

* 256  is  around  3 * 10A-27.  The  density  of  primes  is  very  high,  from 

* 0.005636  at  256  bits  to  0.001409  at  1024  bits,  i.e.  more  than  10A-3. 

* 

* For  those  people  used  to  cryptographic  levels  of  security  where  the 

* 56  bits  of  DES  key  space  is  too  small  because  it's  exhaustible  with 

* custom  hardware  searching  engines,  note  that  you  are  not  generating 

* 50,000,000  primes  per  second  on  each  of  56,000  custom  hardware  chips 

* for  several  hours.  The  chances  that  another  Dinosaur  Killer  asteroid 

* will  land  today  is  about  1 0 A - 1 1 or  2A-36,  so  it  would  be  better  to 

* spend  your  time  worrying  about  *that*.  Well,  okay,  there  should  be 

* some  derating  for  the  chance  that  astronomers  haven't  seen  it  yet, 

* but  I think  you  get  the  idea.  For  a good  feel  about  the  probability 

* of  various  events,  I have  heard  that  a good  book  is  by  E'mile  Borel, 

* 'Les  Probabilite's  et  la  vie".  (The  's  are  accents,  not  apostrophes.) 

* 

* For  more  on  the  subject,  try  "Finding  Four  Million  Large  Random  Primes", 

* by  Ronald  Rivest,  in  Advancess  in  Cryptology:  Proceedings  of  Crypto 

* '90.  He  used  a small-divisor  test,  then  a Fermat  test  to  the  base  2, 

* and  then  8 iterations  of  a Miller- Rabin  test.  About  718  million  random 

* 256-bit  integers  were  generated,  43,741,404  passed  the  small  divisor 

* test,  4,058,000  passed  the  Fermat  test,  and  all  4,058,000  passed  all 

* 8 iterations  of  the  Miller-Rabin  test,  proving  their  primality  beyond 

* most  reasonable  doubts. 

* 

* If  the  probability  of  getting  a pseudoprime  is  some  small  p,  then  the 

* probability  of  not  getting  it  in  t trials  is  (1-p)At.  Remember  that, 

* for  small  p,  (1-p)A(1/p)  ~ 1/e,  the  base  of  natural  logarithms. 

* (This  is  more  commonly  expressed  as  e = l i m_{ x \ t o \ i n f t y > (1+1/x)Ax.) 

* Thus,  (1-p)At  eA(-p*t)  = exp(-p*t).  So  the  odds  of  being  able  to 

* do  this  many  tests  without  seeing  a pseudoprime  if  you  assume  that 

* p = 1 0 A — 6 (one  in  a million)  is  one  in  57.86.  If  you  assume  that 

* P ~ 2*10A-6,  it's  one  in  3347.6.  So  it's  implausible  that  the  density 

* of  pseudoprimes  is  much  more  than  one  millionth  the  density  of  primes. 

* 

* He  also  gives  a theoretical  argument  that  the  chance  of  finding  a 

* 256-bit  non-prime  which  satisfies  one  Fermat  test  to  the  base  2 is 

* less  than  1 0 A — 2 2 . The  small  divisor  test  improves  this  number,  and 

* if  the  numbers  are  512  bits  (as  needed  for  a 1024-bit  key)  the  odds 

* of  failure  shrink  to  about  10A-44.  Thus,  he  concludes,  for  practical 

* purposes  *one*  Fermat  test  to  the  base  2 is  sufficient. 

*/ 

static  int 

germainPrimeTest(struct  BigNum  const  *bn,  struct  BigNum  * b n 2 , struct  BigNum 
struct  BigNum  *a,  unsigned  order,  int  (*f)(void  *arg,  int  c), 
void  *arg) 

{ 

int  err; 
unsigned  i; 
int  j ; 

unsigned  k,  l,  n; 

#if  BNDEBUG  /*  Debugging  */ 

/* 

* This  is  debugging  code  to  test  the  sieving  stage. 

* If  the  sieving  is  wrong,  it  will  let  past  numbers  with 

* small  divisors.  The  prime  test  here  will  still  work,  and 

* weed  them  out,  but  you'll  be  doing  a lot  more  slow  tests, 

* and  presumably  excluding  from  consideration  some  other  numbers 


*e. 
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* which  might  be  prime.  This  check  just  verifies  that  none 

* of  the  candidates  have  any  small  divisors.  If  this 

* code  is  enabled  and  never  triggers,  you  can  feel  quite 

* confident  that  the  sieving  is  doing  its  job. 

* / 

i = bnLSWordCbn); 

if  (!(i  / 2))  printf("bn  div  by  2!"); 

i = bnModGKbn,  51051);  /*  51051  = 3 * 7 * 1 1 * 1 3 * 1 7 * / 

g e rma  i n S a n i t y ( i , 3,  order); 

germainSanityCi,  7,  order); 

germainSanityCi,  11,  order); 

germainSanityCi,  13,  order); 

germainSanityCi,  17,  order); 

i = bnModGKbn,  63365);  /*  63365  = 5 * 19  * 23  * 29  */ 

germainSanityCi,  5,  order); 

germainSanityCi,  19,  order); 

germainSanityCi,  23,  order); 

germainSanityCi,  29,  order); 

i = bnModGKbn,  47027);  /*  47027  = 31  * 37  * 41  */ 

germainSanityCi,  31,  order); 
germainSanityCi,  37,  order); 
germainSanityCi,  41,  order); 


U e nd  i f 


/ * 

* First,  check  whether  bn  is  prime.  This  uses  a fast  primality 

* test  which  usually  obviates  the  need  to  do  one  of  the 

* confirmation  tests  later.  See  prime. c for  a full  explanation. 

* We  check  bn  first  because  it's  one  bit  smaller,  saving  one 

* modular  squaring,  and  because  we  might  be  able  to  save  another 

* when  testing  it.  Cl/4  of  the  time.)  A small  speed  hack, 

* but  finding  big  Sophie  Germain  primes  is  *slow*. 

* / 

if  CbnCopyCe,  bn)  < 0) 


return  - 1 ; 


C vo i d ) bnSubQ C e,  1); 
l = bnLSWordCe); 

j = 1;  / * Where  to  start  in  prime  array  for  strong  prime  tests  * / 

i f C l & 7)  f 

bnRShiftCe,  1); 

if  C bnTwoExpMod C a , e,  bn)  < 0) 
return  - 1 ; 
if  C C l & 7)  ==  6)  { 


/ * bn  ==  7 mod  8,  e 
if  CbnBitsCa)  !=  1) 


expect  +1  * / 


return  1; 

k = 1; 


/ * Not  prime  * / 


> else  { 


/ * bn  ==  3 or  5 mod  8, 
if  CbnAddQCa,  1)  < 0) 


expect  -1  ==  bn-1  * / 


return  - 1 ; 

if  CbnCmpCa,  bn)  !=  0) 
return  1 ; 


/*  Not  prime  */ 


k = 1 ■ 

if  Cl's  4)  { 


/ * bn  ==  5 mod  8 
bnRShiftCe,  1); 
k = 2; 


make  odd  for  strong  tests  */ 
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/*  bn  1 mocl  8,  expect  2A((bn-1)/4)  ==  + /-1  mod  bn  */ 
bnRShiftle,  2 ) ; 

if  ( bnTwo Ex pMod ( a , e,  bn)  < 0) 
return  - 1 ; 

if  (bnBits(a)  ==  1)  { 

j = 0;  / * Re-do  strong  prime  test  to  base  2 * / 

> else  { 

if  ( bn AddQ ( a , 1)  < 0) 
return  - 1 ; 

if  (bnCmpla,  bn)  ! = 0) 

return  1;  / * Not  prime  * / 

> 

k = 2 + bnMakeOdd(e); 

> 


/* 

* It's  prime!  Now  check  higher-order  forms  bn2  = 2*bn+1,  4*bn+3, 

* etc.  Since  bn2  ==  3 mod  4,  a strong  p s e ud o p r i ma  l i t y test  boils 

* down  to  looking  at  aA((bn2-1)/2)  mod  bn  and  seeing  if  it's  + / — 1 

* (+1  if  bn2  is  ==  7 mod  8,  -1  if  it's  ==  3) 

* Of  course,  that  exponent  is  just  the  previous  bn2  or  bn... 

* / 

if  (bnCopy(bn2,  bn)  < 0) 

return  - 1 ; 

for  (n  = 0;  n < order;  n++)  { 

/ * 

* Print  a success  indicator:  the  sign  of  J a c o b i ( 2 , bn  2 ) , 

* which  is  available  to  us  in  l.  bn2  = 2*bn  + 1.  Since  bn 

* is  odd,  bn2  must  be  = = 3 mod  4,  so  the  options  modulo  8 

* are  3 and  7.  3 i f l ==  1 mod  4,  7 if  l ==  3 mod  4. 

* The  sign  of  the  Jacobi  symbol  is  - and  + for  these  cases, 

* respectively. 

* / 

if  (f  88  (err  = f(arg,  "-+"[(1  >>  1)  & 1]))  < 0) 

return  err; 

/ * Exponent  is  previous  bn2  * / 

if  CbnCopyCe,  bn2)  < 0 ||  bn L S h i f t ( bn  2 , 1)  < 0) 
return  - 1 ; 

(void)bnAddQ(bn2,  1);  / * Can't  overflow  * / 

if  ( bnTwo ExpMod ( a , e,  bn2)  < 0) 
return  -1; 

if  (n  | l)  { /*  Expect  + */ 

if  (bnBits(a)  !=  1) 

return  2+n;  /*  Not  prime  */ 

> else  f 

if  (bnAddGKa,  1)  < 0) 
return  - 1 ; 

if  (bnCmpla,  bn2)  !=  0) 

return  2+n;  /*  Not  prime  */ 

> 

l = bnLSWord(bn2); 


/*  Final  success  indicator  - it's  in  the  bag.  */ 
if  (f  88  (err  = f(arg,  '*'))  < 0) 
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return  err; 


/ * 

★ 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

k 

*/ 

for 


Success!  We  have  found  a prime!  Now  go  on  to  confirmation 
tests...  k is  an  amount  by  which  we  know  it's  safe  to  shift 
down  e.  j = 1 unless  the  test  to  the  base  2 could  stand  to  be 
re-done  (it  wasn't  *quite*  a strong  test),  in  which  case  it's  0. 

Here,  we  do  the  full  strong  pseudopr i ma l i ty  test.  This  proves 
that  a number  is  composite,  or  says  that  it's  probably  prime. 

For  the  given  base  a,  find  bn-1  = 2Ak  * e,  then  find 
x ==  aAe  (mod  bn). 

If  x ==  +1  ->  strong  pseudoprime  to  base  a 
Otherwise,  repeat  k times: 

If  x ==  -1,  ->  strong  pseudoprime 
x = xA2  ( mod  bn ) 

If  x = +1  ->  composite 

If  we  reach  the  end  of  the  iteration  and  x is  *not*  +1,  at  the 
end,  it  is  composite.  Which  means  that  the  squaring  actually 
only  has  to  proceed  k-1  times.  If  x is  not  -1  by  then, 
it's  composite  no  matter  what  the  result  of  the  squaring  is. 

For  the  multiples  2*bn+1,  4*bn+3,  etc.  then  k = 1 (and  e is 
the  previous  multiple  of  bn)  so  there  is  no  need  to  do  any 
looping  at  all. 

(i  = j;  i < CONFIRMTESTS;  i++)  { 
if  (bnCopy(e,  bn)  < 0) 

return  - 1 ; 

bnRShift(e,  k ) ; 
k +=  bnMa keOdd ( e ) ; 

(void)bnSetQ(a,  confirmCi]); 
if  (bnExpMod(a,  a,  e,  bn)  < 0) 
return  - 1 ; 


i f 


> 


(bnBits(a)  ! = 1)  ( 
i = k • 
for  ( ; ; ) t 

if  (bnAddGKa,  1)  < 0) 
return  - 1 ; 

if  (bnCmp(a,  bn)  ==  0)  /*  Was  result  bn-1?  */ 

break;  / * Prime  * / 
if  ( ! --  l ) 


> 


return  (1+order)*i+2;  / * Fail  * / 

/*  This  part  is  executed  once,  on  average.  */ 
(void)bnSubQ(a,  1);  / * Restore  a * / 

if  (bnSquare(a,  a)  <0  ||  bnMod(a,  a,  bn)  < 0) 

return  - 1 ; 
if  (bnBits(a)  ==  1) 

return  (1+order)*i+1;  / * Fail  * / 


if  (bnCopy(bn2,  bn)  < 0) 
return  -1; 

/*  Only  do  the  following  if  we're  not  re-doing  base  2 */ 
if  (i)  for  (n  = 0;  n < order;  n++)  { 
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> 


if  (bnCopyCe,  bn2)  < 0 ||  bn L S h i f t ( bn 2 , 1)  < 0) 
return  - 1 ; 

Cvoid)bnAddQ(bn2,  1 ) ; 


/*  Print  success  indicator  for  previous  test  */ 
j = bnJacobiQ(confirmCi],  b n 2 ) ; 

if  (f  &&  (err  = f(arg,  j < 0 ? : '+'))  < 0) 

return  err; 


> 

/* 
i f 


/*  Check  that  pAe  ==  J a cob i ( p, bn2  ) (mod  bn2)  */ 
(void)bnSetQ(a,  c o n f i r m [ i ] ) ; 
if  ( bnExpMod ( a , a,  e,  bn2)  < 0) 
return  - 1 ; 

/* 

* FIXME:  Actually,  we  don't  need  to  compute  the 

* Jacobi  symbol  externally...  it  never  happens  that 

* a = +/-1  but  it's  the  wrong  one.  So  we  can  just 

* look  at  a and  use  its  sign.  Find  a proof  somewhere. 

* / 


if  ( j < 0) 
/* 
i f 

i f 

> else  { 

/* 
i f 


> 


C 

Not  a Q.R.,  should  have  a = bn2-1  */ 

(bnAddQCa,  1)  < 0) 
return  - 1 ; 

(bnCmp(a,  bn2)  !=  0)  /*  Was  result  bn2-1? 
return  (1+order)*i+n+2;  / * Fail  * / 

Quadratic  residue,  should  have  a = 1 */ 
(bnBits(a)  !=  1) 

return  (1+order)*i+n+2;  / * Fail  * / 


★ / 


Final  success  indicator  for  the  base  confirmCiJ.  * / 
(f  &&  (err  = f(arg,  '*'))  < 0) 
return  err; 


> 


return  0;  /*  Prime!  */ 


/* 

* Add  x * y to  bn,  which  is  usually  (but  not  always)  < 65536. 

* Do  it  in  a simple  linear  manner. 

* / 

static  i n t 

bnAddMult(struct  BigNum  *bn,  unsigned  long  x,  unsigned  y) 

{ 

unsigned  long  z = (unsigned  long)x  * y; 


whi  le  (z  > 65  535  ) C 

if  (bnAddQ(bn,  65535)  < 0) 
return  - 1 ; 
z -=  65535; 

> 

return  bnAddQ(bn,  (unsigned)z); 


/ * 

* Modifies  the  bignum  to  return  the  next  Sophie  Germain  prime  >=  the 

* input  value.  Sohpie  Germain  primes  are  number  such  that  p is 
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* prime  and  2*p  + 1 is  also  prime. 

* 

* This  is  actually  parameterized:  it  generates  primes  p such  that  "order 

* mu  1 1 i p l e s - p l u s - 1 w o are  also  prime,  2*p+1,  2*(2*p+1)+1  = 4*p+3,  etc. 

* 

* Returns  >=0  on  success  or  -1  on  failure  (out  of  memory).  On  success, 

* the  return  value  is  the  number  of  modular  exponentiations  performed 

* (excluding  the  final  confirmations).  This  never  gives  up  searching. 

* 

* The  FILE  *f  argument,  if  non-NULL,  has  progress  indicators  written 

* to  it.  A dot  (.)  is  written  every  time  a primeality  test  is  failed, 

* a plus  (+)  or  minus  (-)  when  the  smaller  prime  of  the  pair  passes  a 

* test,  and  a star  (*)  when  the  larger  one  does.  Finally,  a slash  (/) 

* is  printed  when  the  sieve  was  emptied  without  finding  a prime  and  is 

* being  refilled. 

* 

* Apologies  to  structured  programmers  for  all  the  GOTOs. 

*/ 


i n t 

b n G e r ma i n P r i me G e n ( s t r u c t BigNum  *bn,  unsigned  order, 
int  (*f)(void  *arg,  int  c),  void  *arg) 

{ 


U i f d e f 
ft  else 
ft  e n d i f 


int  retval; 
unsigned  p,  prev; 
unsigned  inc; 
struct  BigNum  a,  e,  b n 2 ; 
i nt  modexps  = 0; 

MSDOS 

unsigned  char  *si eve; 
unsigned  char  sieveCSIEVED; 


U i f d e f 


ft  e nd  i f 


MSDOS 

sieve  = bniMemAlloc(SIEVE); 
if  ('.sieve) 

return  - 1 ; 


bnBegin(Sa); 

bnBegin(Se); 

bnBegin(Sbn2); 

/ * 

* Obviously,  the  prime  we  find  must  be  odd.  Further,  if  2*p  + 1 

* is  also  to  be  prime  (order  > 0)  then  p !=  1 (mod  3),  lest 

* 2*p  + 1 ==  3 (mod  3).  Added  to  p !=  3 (mod  3),  p ==  2 (mod  3) 

* and  p ==  5 ( mod  6 ) . 

* If  order  > 2 and  we  care  about  4*p  + 3 and  8*p+7,  then  similarly 

* p ==  4 (mod  5),  so  p ==  29  (mod  30). 

* So  pick  the  step  size  for  searching  based  on  the  order 

* and  increse  bn  until  it's  ==  -1  (mod  inc). 

* 

* mod  7 doesn't  have  a unique  value  for  p because  2 ->  5 ->  4 -> 

* nor  does  mod  11,  and  I don't  want  to  think  about  things  past 

* that.  The  required  order  would  be  i mp r a c t i c a l l y high,  in  any 

* / 

inc  = order  ? ((order  > 2)  ? 30  : 6)  : 2; 

if  (bnAddGKbn,  inc-1  - bnModGKbn,  inc))  < 0) 


2, 

case. 
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f a i Led 
done: 

ft  i f d e f 
ft  e L s e 
#end  i f 
> 


goto  failed; 


for  ( ; ; ) f 

if  (sieveBui LdCsieve,  SIEVE,  bn,  inc,  order)  < 0) 
goto  failed; 


p = prev  = 0; 

if  (sievelO]  S 1 ||  (p  = s i e v e S e a r c h ( s i e v e , SIEVE,  p))  ! = 0)  { 

do  { 

/*  Adjust  bn  to  have  the  right  value.  * / 
assertCp  > = prev); 

if  ( b n A d d M u 1 1 ( b n , p-prev,  inc)  < 0) 
goto  failed; 
prev  = p ; 


> 


/*  Okay,  do  the  strong  tests.  */ 
retval  = germa i nPr i meTes t ( bn,  &bn2, 

order,  f. 


if  (retval  <=  0) 

goto  done; 
modexps  + = retval; 

if  (f  SS  (retval  = f(arg,  '.'))  < 0) 
goto  done; 


& e , &a  , 
a r g ) ; 


/ * And  try  again  * / 
p = sieveSearch(sieve,  SIEVE,  p); 
> while  (p); 


/*  Ran  out  of  sieve  space  - increase  bn  and  keep  trying.  */ 
if  ( bnAddMu  1 1 ( bn , (unsigned  l on g ) S I E V E * 8-p r e v , inc)  < 0) 
goto  failed; 

if  (f  &&  (retval  = f(arg,  '/'))  < 0) 
goto  done; 

> /*  for  (;;)  * / 


retval  = - 1 ; 

bnEnd(Sbn2); 

bnEnd(Se); 

bnEnd(Sa); 

MSDOS 

bniMemFree(sieve,  SIEVE); 
bniMemWipe(sieve,  sizeof (sieve)); 

return  retval  < 0 ? retval  : modexps+(order+1)*C0NFIRMTESTS; 
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germain.h 

/ * 


* $ I d : 

* / 

germain.h, v 1 

. 8 1 996/1  1 /1  2 01:42: 

: 4 8 mhw  Exp  $ 

ft  i f nd  e i 
ft  d e f i n e 

B N_G  E R M A I N_H 

B N_G  E R M A I N_H 

struct 
ft  i f n d e f 
ft  d e f i n e 
t y pe d e f 
ft  e n d i f 

BigNum; 

T Y P E_B I G N U M 

T Y P E_B I G N U M 1 
struct  BigNum 

BigNum; 

/*  Generate  a Sophie  Germain  prime  */ 
int  bn G e rma i n P r i me G e n ( s t r u c t BigNum  *bn, 
int  (*f)(void  *arg,  int  c),  void 

unsigned  dbl, 
* a r g ) ; 

ft  e n d i f 

/*  BN  GERMAIN 

H */ 
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jacobi.c 

/* 

* Compute  the  Jacobi  symbol  (small  prime  case  only). 

* 

* Written  by  Colin  Plumb. 

* 

* $ I d : jacobi.c, v 1.3  1 996/1  1 /1  2 01:42:48  mhw  Exp  $ 

*/ 

^include  "bn.h" 

^include  "jacobi.h" 

/ * 

* For  a small  (usually  prime,  but  not  necessarily)  prime  p, 

* compute  Jacobi ( p , bn ) , which  is  -1,  0 or  +1,  using  the  following  rules: 

* Jacobi (x,  y)  = Jacobi (x  mod  y,  y) 

* Jacobi(0,  y)  = 0 

* Jacobi (1,  y)  = 1 

* Jacobi (2,  y)  = 0 if  y is  even,  +1  if  y is  +/- 1 mod  8,  -1  if  y = +/-3  mod  8 

* Jacobi (xl *x2,  y)  = Jacobi(x1,  y)  * Jacobi(x2,  y)  (used  with  xl  = 2 & xl  = 4) 

* If  x and  y are  both  odd,  then 

* Jacobi(x,  y)  = Jacobi(y,  x)  * (-1  if  x = y = 3 mod  4,  +1  otherwise) 

* / 
i n t 

bn J a c ob i Q ( un s i g ned  p,  struct  BigNum  const  *bn) 

C 

i n t j = 1 ; 

unsigned  u = bnLSWord(bn); 


if  ( ! (u  8 1 ) ) 

return 

0; 

/*  Don't  *do*  that  */ 

/*  First,  get 

r i d 

0 f 

factors  of  2 in  p * / 

while  ((p  8 3) 

= = 

0) 

p >>  = 

2; 

if  ( (p  8 1 ) = = 

0) 

{ 

II 

A 

A 

Q. 

i; 

if  ( ( u A u>>1  ) & 2 ) 

j = _j;  /*  3 (011)  or  5 (101)  mod  8 */ 

> 

if  (p  ==  1 ) 

return  j; 

/*  Then,  apply  quadratic  reciprocity  */ 
if  (p  & u 8 2)  /*  p = u = 3 (mod  4?  */ 

j = - j ; 

/*  And  reduce  u mod  p */ 
u = bnModGKbn,  p); 

/*  Now  compute  Jacobi(u,p),  u < p */ 
while  (u)  C 

while  ((u  & 3)  ==  0) 
u >>=  2; 

if  ( (u  8 1 ) ==  0)  { 
u > > = 1 ; 

if  ( (p  A p>>1 ) 8 2) 

j = -j;  /*  3 (011)  or  5 (101)  mod  8 */ 

> 

if  (u  ==  1 ) 

return  j; 

/*  Now  both  u and  p are  odd,  so  use  quadratic  reciprocity  */ 
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if  ( u < p ) { 

unsigned  t = u;  u = p;  p = t 
if  ( u & p & 2 ) / * u = p = 3 

j = - j ; 

> 

/*  Now  u >=  p,  so  it  can  be  reduced 
u %=  p ; 

> 

return  0; 

> 


(mod  4?  */ 

*/ 
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jacobi.h 

/* 

* For  a small  (usually  prime,  but  not  necessarily)  prime  p, 

* Return  Jacobi (p, bn),  which  is  -1,  0 or  +1. 

* bn  must  be  odd. 

■ k 

* $ I d : jacobi. h,v  1.3  1 996/1  1 /1  2 01:42:48  mhw  Exp  $ 

*/ 

struct  BigNum; 

# i f nd  e f T Y P E_B I G N U M 

#define  T Y P E_B  I G N 1) M 1 

typedef  struct  BigNum  BigNum; 

#end  i i 

int  bnJacobiQCunsigned  p,  struct  BigNum  const  *bn); 
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kludge. h 

ft  i f nde  f K LU  D G E_H 
//define  KLUDGE_H 

/ * 

* Kludges  for  n o t -q u i t e- AN S I systems. 

* This  should  always  be  the  last  file  included,  because  it  may 

* mess  up  some  system  header  files. 

* 

* $ I d : kludge. h,v  1.1  0 1 996/1  1 /1  2 01:42:48  mhw  Exp  $ 

★ / 

/ * 

* Some  compilers  complain  about  //if  F00  if  F00  isn't  defined, 

* so  do  the  AN S I -ma nd a t e d thing  explicitly... 

* / 

//  i f nde  f A S S E R T_N E E D S_S T D I 0 
//define  A S S E RT_N  E E D S_S  T D I 0 0 
//endi  f 

//ifndef  A S S E R T_N  E E D S_S  T D L I B 
//define  A S S E R T_N  E E D S_S  T D L I B 0 
ft e nd i f 

//ifndef  N 0_S  T D L I B_H 
//define  N 0_S  T D L I B_H  0 
//end  i f 

/*  SunOS  4.1.x  <assert  . h>  needs  "stderr"  defined,  and  "exit"  declared...  */ 

//  i f d e f assert 

//if  A S S E R T_N  EEDS_STDI0 

//include  <stdio.h> 

//end  i f 

//if  ASSERT_NEEDS_STDLIB 
//if  ! N 0_S  T D L I B_H 
//include  <stdlib.h> 
ft  e n d i f 
ft  e n d i f 
//endi  f 

//ifndef  N 0_M  E M M 0 V E 
//define  N 0_M  E M M 0 V E 0 
//endi  f 

//if  N0_MEMM0VE  /*  memoveO  not  in  libraries  */ 

//define  memmove  ( de  s t , s r c , l en  ) b c o py  ( s r c , d e s t , l e n ) 

//endi  f 

//ifndef  N 0_M  E M C P Y 
//define  N 0_M  E M C P Y 0 
//endi  f 

//if  N0_MEMCPY  /*  memcpyC)  not  in  libraries  */ 

//define  m em  c py  ( d e s t , s r c , l e n ) b c opy  ( s r c , d e s t , l e n ) 

//end  i f 

//ifndef  M E M_P  ROTO  S_B  R 0 K E N 
//define  M E M_P  ROTO  S_B  R 0 K E N 0 
ft  e n d i f 

ft  i f M E M_P  ROTO  S_B  R 0 K E N 

//define  memc  py  ( d , s , l ) memcpy((void  *)(d),  (void  const  *)(s),  l) 

//define  memmove  ( d , s , l ) memmove  ((  vo  i d *)(d),  (void  const  *)(s),  l) 

//define  memcmp ( d , s , l ) memcmp((void  const  *)(d),  (void  const  *)(s),  l) 
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//define  memset (d, v,  l ) memset ( (void  *)(d),  v,  L) 
ft e nd  i f 

/* 

* If  there  are  no  prototypes  for  the  stdio  functions,  use  these  to 

* reduce  compiler  warnings.  Uses  EOF  as  a giveaway  to  indicate 

* that  <stdio.h>  was  ft included. 

* / 

# i f n d e f N 0_S T D I 0_P R 0T0 S 
//define  N 0_S T D I 0_P RO TO S 0 
ft  e nd  i f 

#if  N0_STDI0_PR0T0S  /*  Missing  prototypes  for  "simple"  functions  */ 

//ifdef  EOF 

//ifdef  cplusplus 

extern  " C " { 

# e nd  i f 

int  (put s )( char  const  *); 

int  (fputsHchar  const  * , FILE  *); 

int  (fflush)CFILE  * ) ; 

int  (printf)Cchar  const  *,  ...); 

int  (fprintf)CFILE  * , char  const  * , ...); 

/*  If  we  have  a sufficiently  old-fashioned  stdio,  it  probably  uses  these...  */ 
int  (_f l sbuf ) ( i nt , FILE  *); 
int  (_f  i IbufMFILE  *); 

#ifdef  cplusplus 

> 

Send  i f 

#endif  /*  EOF  * / 

#endif  /*  N0_S T D I 0_P ROTO S */ 

/* 

* Borland  C seems  to  think  that  it's  a bad  idea  to  decleare  a 

* structure  tag  and  not  declare  the  contents.  I happen  to  think 

* it's  a * g o o d * idea  to  use  such  "opaque"  structures  wherever 

* possible.  So  shut  up. 

* / 

#ifdef  BORLANDC 

Spragma  warn  -stu 
# i f nde  f MSDOS 
#define  MSDOS  1 
Send i f 
#endi f 

/*  Turn  off  warning  about  negation  of  unsigned  values  */ 

ft  ifdef  _MSC_VER 

//pragma  wa  r n i ng  ( d i s a b l e : 4 1 46  ) 

ft  e nd  i f 

/*  Cope  with  people  forgetting  to  define  the  OS,  if  possible...  */ 

# i f ndef  MSDOS 

//ifdef  MSDOS 

//define  MSDOS  1 
ft  e n d i f 
# e nd i f 

//ifndef  MSDOS 

//ifdef  MSDOS 

//define  MSDOS  1 
Send i f 
//end  i f 
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/*  By  MS-DOS,  we  mean  16-bit  brain-dead  MS-DOS.  Not  GCC 
tfifdef  G 0 3 2 

# u n d e f MSDOS 

# end  i f 

#ifdef  G 0 3 2 

#undef  MSDOS 
#end i f 

# e nd i f /*  KLUDGE  H */ 


G 0 3 2 */ 


444 


lib/bn/IbnOO.c 


IbnOO.c 

/ * 

* LbnOO.c  - auto-size-detecting  lbn??.c  file. 

* 

* Written  in  1995  by  Colin  Plumb. 

* 

* $ I d : l bnOO . c , v 1.5  1996/11/12  01:42:49  mhw  Exp  $ 
*/ 


^include  "bnsizeOO.h" 
#if  BNSIZE64 


/*  Include  all  of  the  C source  file  by  reference  */ 
ft  include  " l bn64  . c " 

# e l i f BNSIZE32 


/*  Include  all  of  the  C source  file  by  reference  */ 
#include  "lbn32.c" 


#e  Ise  /*  BNSIZE16  */ 

/*  Include  all  of  the  C source  file  by  reference  */ 
^include  "lbn16.c" 

U e nd  i f 
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legal.c 

/ * 

* BigNum  multipreci sion  integer  math  Library. 

★ 

* $ I d : Legal.  c,v  1.9  1996/1  1 /1  2 01:42:49  mhw  Exp  $ 
*/ 


//ifndef  H A V E_C  0 N F I G_H 
tfdefine  H A V E_C 0 N F I G_H  0 
#end  i f 

#if  H A V E_C  0 N F I G_H 

//include  "config.h"  /*  For  "const"!  */ 

# e nd  i f 


/ * Force 
# i n c L ude 
v o L a t i L e 


inclusion  of  this...  */ 

" Lega  L . h" 

const  char  bn C o py r i g h t C J 
\0bnlib  1.1.2  Copyright 


c ) 


1995,1996  Colin  Plumb."; 
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legal,  h 

/* 

* ANSI  C stadard,  section  3.5.3:  "An  object  that  has  volatile-qualified 

* type  may  be  modified  in  ways  unknown  to  the  implementation  or  have 

* other  unknown  side  effects."  Yes,  we  can't  expect  a compiler  to 

* understand  law... 

* 

* $ I d : legal. h , v 1.2  1996/11/12  01:42:49  mhw  Exp  $ 

★ / 

extern  volatile  const  char  bnCopyrightCD; 
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ppcasm.h 


# i f nde  f PPCASM_H 
#de  f i ne  PPCASM_H 
/ * 

* A PowerPC  assembler  in  the  C preprocessor. 

* This  assumes  that  ints  are  32  bits,  and  uses  them  for  the  values. 

* 

* An  a s s emb  l y- l a ng u a g e routine  is  simply  an  array  of  unsigned  ints, 

* initialized  with  the  macros  defined  here. 
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$Id:  ppcasm.h, v 1.3. 2.1  1 996/1  1 /1  4 04:09:24  cbertsch  Exp  $ 

In  the  PowerPC,  a generic  function  pointer  does  *not*  point  to  the 
first  word  of  code,  but  to  a two  (or  possibly  more)  word  "transition 
vector."  The  first  word  of  the  TV  points  to  the  function's  code. 

The  second  word  is  the  function's  TOC  (Table  Of  Contents)  pointer, 
which  is  loaded  into  r2.  The  function's  global  variables  are 
accessed  via  the  TOC  pointed  to  by  r2.  TOC  pointers  are  changed, 
for  example,  when  a dynamically  linked  library  is  called,  so  the 
library  can  have  private  global  variables. 

Saving  r2  and  reloading  r2  each  function  call  is  a hassle  that 
I'd  really  rather  avoid,  since  a lot  of  useful  assembly  language  routines 
can  be  written  without  global  variables  at  all,  so  they  don't  need  a TOC 
pointer.  But  I haven't  figured  out  how  to  persuade  CodeWarrior  7 to 
generate  an  intra-TOC  call  to  an  array.  (CodeWarrior  8 supports 
PowerPC  asm,  which  obviates  the  need  to  do  the  cast-to-funct ion-pointer 
trick,  which  obviates  the  need  for  cross-TOC  calls.) 

The  basic  PowerPC  calling  conventions  for  integers  are: 

rO  - scratch.  May  be  modified  by  function  calls. 

rl  - stack  pointer.  Must  be  preserved  across  function  calls. 

See  IMPORTANT  notes  on  stack  frame  format  below. 

This  must  *ALWAYS*,  at  every  instruction  boundary,  be  16-byte 

aligned  and  point  to  a valid  stack  frame.  If  a procedure 

needs  to  create  a stack  frame,  the  recommended  way  is  to  do: 

stwu  rl ,-f rame_si ze( rl ) 

and  on  exit,  recover  with  one  of: 

addi  r 1 , r 1 , f r a m e_s i z e , OR 

Iwz  r1,0(r1) 

r 2 - TOC  pointer.  Points  to  the  current  table  of  contents. 

Must  be  preserved  across  function  calls. 
r3  - First  argument  register  and  return  value  register. 

Arguments  are  passed  in  r3  through  r10,  and  values  returned  in 
r3  through  r6,  as  needed.  (Usually  only  r3  for  single  word.) 
r4-r10  - More  argument  registers 

r 1 1 - Scratch,  may  be  modified  by  function  calls. 

On  entry  to  indirect  function  calls,  this  points  to  the 
transition  vector,  and  additional  words  may  be  loaded 
at  offsets  from  it.  Some  conventions  use  r12  instead. 

M2  - Scratch,  may  be  modified  by  function  calls. 

r13-r31  - Callee-save  registers,  may  not  be  modified  by  function 
calls. 

The  LR,  CTR  and  XER  may  be  modified  by  function  calls,  as  may  the  MQ 
register,  on  those  processors  for  which  it  is  implemented. 

CR  fields  0,  1,  5,  6 and  7 are  scratch  and  may  be  modified  by  function 
calls.  CR  fields  2,  3 and  4 must  be  preserved  across  function  calls. 

Stack  frame  format  - READ 
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Offset  0 


Offset  4 


r 1 points  to  a stack  frame,  which  must  *ALWAYS*,  meaning  after  each  and 
every  instruction,  without  excpetion,  point  to  a valid  16  — byte  — aligned 
stack  frame,  defined  as  follows: 

- The  296  bytes  below  rl  (from  -296(r1)  to  - 1 ( r 1 ) ) are  the  so-called  Red 
Zone  reserved  for  leaf  procedures,  which  may  use  it  without  allocating 
a stack  frame  and  without  decrementing  rl.  The  size  comes  from  the  room 
needed  to  store  all  the  cal  lee  — save  registers:  19  64  — bit  integer  registers 
and  18  64-bit  floating-point  registers.  (18+19)*8  = 296.  So  any 
procedure  can  save  all  the  registers  it  needs  to  save  before  creating 
a stack  frame  and  moving  rl. 

The  bytes  at  -297(r1)  and  below  may  be  used  by  interrupt  and  exception 
handlers  *at  any  time*.  Anything  placed  there  may  disappear  before 
the  next  instruction. 

The  word  at  0(r1)  is  the  previous  rl,  and  so  on  in  a linked  list. 

This  is  the  minimum  needed  to  be  a valid  stack  frame,  but  some  other 
offsets  from  rl  are  preallocated  by  the  calling  procedure  for  the  called 
procedure's  use.  These  are: 

stack  frame  - saved  rl,  if  the  called 
i t . 

called  procedure  alters  the  callee-save 
no  important  reason  to  save  it  here, 
reserved  and  you  might  as  well  use  it 
purpose  unless  you  have  good  reason  to 
do  otherwise.  (This  may  help  some  debuggers.) 

Saved  LR,  if  the  called  procedure  needs  to  save  it  for 
later  function  return.  Saving  the  LR  here  helps  a debugger 
track  the  chain  of  return  addresses  on  the  stack. 

Note  that  a called  procedure  does  not  need  to  preserve  the 
LR  for  it's  caller's  sake,  but  it  uually  wants  to  preserve 
the  value  for  its  own  sake  until  it  finishes  and  it's 
time  to  return.  At  that  point,  this  is  usually  loaded 
back  into  the  LR  and  the  branch  accomplished  with  BLR. 

to  be  preverse,  you  could  load  it 
BCTR  instead. 

I can't  find  what  this  is  for. 

I 

Saved  TOC  pointer.  In  a 
is  saved  here  before  r2  i 
Again,  it's  not  important 
you  might  as  well, 
offset  24  is  the  argument 


Link  to  previous 
procedure  alters 
Saved  CR,  if  the 
fields.  There's 
but  the  space  is 
for  its  intended 


Offset  8 


Offset 

Offset 

Offset 


1 2 
1 6 
20 


However, 
into  the 
Reserved 
Reserved 


if  you  want 
CTR  and  use 
to  compiler 
to  compiler 


can't  find  what  this  is  for. 
cross-TOC  call,  the  old  TOC  (r2) 
s Loaded  with  the  new  TOC  value, 
to  use  this  slot  for  this,  but 


area  is  at  least  8 words 
long,  and  may  be  longer, 
function  called  by 


Beginning  at  offset  24  is  the  argument  area.  This 
(32  bytes;  I don't  know  what  happens  with  64  bits) 
up  to  the  length  of  the  longest  argument  list  in  a 
the  function  which  allocated  this  stack  frame.  Generally,  arguments 
to  functions  are  passed  in  registers,  but  if  those  functions  notice 
the  address  of  the  arguments  being  taken,  the  registers  are  stored 
into  the  space  reserved  for  them  in  this  area  and  then  used  from  memory. 
Additional  arguments  that  will  not  fit  into  registers  are  also  stored 
here.  Variadic  functions  (like  printf)  generally  start  by  saving 
all  the  integer  argument  registers  from  the  onwards  to  this  space. 

For  that  reason,  the  space  must  be  large  enough  to  store  all  the  argument 
registers,  even  if  they're  never  used. 

(It  could  probably  be  safely  shrunk  if  you're  not  calling  any  variadic 
functions,  but  be  careful!) 

Offsets  above  that  are  private  to  the  calling  function  and  shouldn't 
be  messed  with.  Generally,  what  appears  there  is  locals,  then  saved 
registers. 
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* The  floating-point  instruction  set  isn't  implemented  yet  (I'm  too 

* lazy,  as  I don't  need  it  yet),  but  for  when  it  is,  the  register 

* usage  convention  is: 

* FPSCR  - Scratch,  except  for  floating  point  exception  enable  fields, 

* which  should  only  be  modified  by  functions  defined  to  do  so. 

* frO  - scratch 

* frl  - first  floating  point  parameter  and  return  value,  scratch 

* fr2  - second  floating  point  parameter  and  return  value  (if  needed),  scratch 

* fr3  - third  floating  point  parameter  and  return  value  (if  needed),  scratch 

* fr4  - fourth  floating  point  parameter  and  return  value  (if  needed),  scratch 

* fr5-fr13  - More  floating  point  argument  registers,  scratch 

* fr14-fr31  - Cal  lee-save  registers,  may  not  be  modified  across  a func  call 

* 

* Complex  values  store  the  real  part  in  the  l owe r-numbe rd  register  of  a pair. 

* When  mixing  floating-point  and  integer  arguments,  reserve  space  (one  reg 

* for  single-precision,  two  for  double-precision  values)  in  the  integer 

* argument  list  for  the  floating-point  values.  Those  integer  registers 

* generally  have  undefined  values,  UNLESS  there  is  no  prototype  for  the  call, 

* in  which  case  they  should  contain  a copy  of  the  floating-point  value's 

* bit  pattern  to  cope  with  wierd  software. 

* If  the  floating  point  arguments  go  past  the  end  of  the  integer  registers, 

* they  are  stored  in  the  argument  area  as  well  as  being  passed  in  here. 

* 

* After  the  argument  area  comes  the  calling  function's  private  storage. 

* Typically,  there  are  locals,  followed  by  saved  GP  rgisters,  followed 

* by  saved  FP  registers. 

* 

* Suggested  instruction  for  allocating  a stack  frame: 

* stwu  rl ,-f rame_si ze( rl ) 

* Suggested  instructions  for  deallocating  a stack  frame: 

* addi  rl ,r1 , f rame_si ze 

* or 

* Iwz  r1,0(r1) 

* If  f rame_si ze  is  too  big,  you'll  have  to  load  the  offset  into  a temp 

* register,  but  be  sure  that  rl  is  updated  atomically. 

* 

★ 

* Basic  PowerPC  instructions  look  like  this: 

* 

* 1111111111222222222233 

* 01234567890123456789012345678901 

* I Opcode  I I I I I I | 1 | I I | I | | | | | | M II  I I I I 

* 

* Branch  instructions  look  like  this: 

* 

* | Opcode  | Branch  offset  |A|L| 

* 

* The  L,  or  LK,  or  Link  bit  indicates  that  the  return  address  for  the 

* branch  should  be  copied  to  the  link  register  (LR). 

* The  A,  or  AA,  or  absolute  address  bit,  indicates  that  the  address 

* of  the  current  instruction  (NOTE:  not  next  instruction!)  should  NOT 

* be  added  to  the  branch  offset;  it  is  relative  to  address  0. 

* 
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* Conditional  branches  looks  like  this: 

* | Opcode  | BO  | BI  | Branch  offset  |A|L| 

* 

* The  BI  field  specifies  the  condition  bit  of  interest  (from  the  CR). 

* The  BO  field  specifies  what's  interesting.  You  can  branch  on  a 

* combination  of  a bit  of  the  condition  register  and  --ctr,  the  CTR 

* register.  Two  bits  encode  the  branch  condition  to  use: 

* BRANCH  IF 

* 00 = Bit  BI  is  0 

* 01 = Bit  BI  is  1 

* 1z = don't  care  about  bit  BI  (always  true) 

* AND 

* — 00-  = — c t r ! = 0 

* --01-  = — ctr  ==  0 

* -~lz-  = don't  decrement  ctr  (always  true) 

* The  last  bit  us  used  as  a branch  prediction  bit.  If  set,  it  reverses 

* the  usual  backward-branch-taken  heuristic. 

* 


★ 

y = branch  prediction  bit.  z 

- 

unused 

1 , must 

★ 

OOOOy  - 

branch  if  --ctr 

! = 0 

&& 

BI 

= = 

0 

★ 

don't  branch  if 

--ctr 

= — 

0 

1 1 

BI  ! = 

★ 

000 1 y - 

branch  if  --ctr 

= = 0 

&& 

BI 

0 

★ 

don't  branch  if 

--ctr 

! = 

0 

1 1 

BI  ! = 

* 

OOlzy  - 

branch  if  BI  == 

0 

★ 

don't  branch  if 

BI  ! = 

0 

★ 

OlOOy  - 

branch  if  --ctr 

! = 0 

& & 

BI 

i = 

0 

* 

don't  branch  if 

--ctr 

= = 

0 

1 1 

BI  = = 

* 

OlOly  - 

branch  if  — c t r 

= = 0 

&& 

BI 

i = 

0 

★ 

don't  branch  if 

--ctr 

i - 

0 

1 1 

BI  = = 

★ 

01 1 zy  - 

branch  if  BI  ! = 

0 

★ 

don't  branch  if 

BI  = = 

0 

★ 

IzOOy  - 

branch  if  --ctr 

! = 0 

: k 

don't  branch  if 

--ctr 

= = 

0 

* 

1 zOI y - 

branch  if  --ctr 

= = 0 

* 

don't  branch  if 

--ctr 

i - 

0 

* 

Izlzz  - 

branch  always 

* If  y is  1,  the  usual  branch  prediction  (usually  not  taken,  taken  for 

* backwards  branches  with  immediate  offsets)  is  reversed. 

* 

* Instructions  with  2 operands  and  a 16-bit  immediate  field  look  like  this: 

* +-  + - + - + — + - + -H 1 1 1 1 1 f — ■+ 1 h — + — + - + — + - + - + — + - + -H (-  — + — | ( 1 | | (- 

* | Opcode  | D | A | 16-bit  immediate  value  | 

* +“  + ~H I I I H-H I I h — + -H h — H |--H I I h — + - H I | | h — + -H | | |-  - + — + 

* 

* Now,  there  are  three  variations  of  note.  In  some  instructions,  the  16-bit 

* value  is  sign-extended.  In  others,  it's  zero-extended.  These  are  noted 

* below  as  "simm"  (signed  immediate)  and  "uimm",  respectively.  Also,  which 

* field  is  the  destination  and  which  is  the  source  sometimes  switches. 

* Sometimes  it's  d = a OP  imm,  and  sometimes  it's  a = s OP  imm.  In  the 

* latter  cases,  the  "d"  field  is  referred  to  as  "s"  ("source"  instead  of 

* "destination".  These  are  logical  and  shift  instructions.  (Store  also 

* refers  to  the  s register,  but  that's  the  source  of  the  value  to  be  stored.) 

* The  assembly  mnemonics,  however,  always  lists  the  destination  first, 

* swapping  the  order  in  the  instruction  if  necessary. 

* Third,  quite  often,  if  r0  is  specified  for  the  source  a,  then  the  constant 

* value  0 is  used  instead.  Thus,  r0  is  of  limited  use  - it  can  be  used  for 

* some  things,  but  not  all. 
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* 

* Instructions  with  three  register  operands  Look  Like  this: 

* | Opcode  | D | A | B | Subopcode  |C| 

* H h — H 1 1 — H — H 1 1 — H 1 1 1 1 1 h — I 1 1 1 1 — H — + - + - + - + - + - + - + - + - + - + - + 

* 

* For  most  of  the  instructions  of  interest  the  Opcode  is  31  and  the  subopcode 

* determines  what  the  instruction  does.  For  a few  instructions  (mostLy  Loads 

* and  stores),  if  the  A fieLd  is  0,  the  constant  0 is  used.  The  "C" 

* bit  (aLso  known  as  the  "RC"  bit)  controLs  whether  or  not  the  condition 

* codes  are  updated.  If  it  is  set  (indicated  by  a suffix  on  the  official 

* PowerPC  opcodes,  and  a suffix  on  these  macros),  condition  code  register 

* fieLd  0 (for  integer  instructions;  fieLd  1 for  fLoating  point)  is  updated 

* to  ref  Lect  the  resuLt  of  the  operation. 

* Some  arithmetic  instructions  use  the  most  significant  bit  of  the  subopcode 

* fieLd  as  an  overf  Low  enabLe  bit  (o  suffix). 

* 

* Then  there  are  the  rotate  and  mask  instructions,  which  have  5 operands,  and 

* fiLL  the  subopcode  fieLd  with  2 more  5-bit  fieLds.  See  beLow  for  them. 

* 

* NOTE  NOTE  NOTE  NOTE  NOTE  NOTE  NOTE  NOTE  NOTE  NOTE  NOTE  NOTE  NOTE  NOTE  NOTE 

* These  macros  fuLLy  parenthesize  their  arguments,  but  are  not  themse  Lves 

* fuLLy  parenthesized.  They  are  intended  to  be  used  for  initiaLizer  Lists, 

* and  if  you  want  to  do  tricks  with  their  numeric  vaLues,  wrap  them  in 

* parentheses. 

* / 


//define 

# d e f i n e 
//  d e f i n e 

# d e f i n e 
//define 
//define 
#de  f i ne 
//  d e f i n e 
//define 


PPC_MA J OR ( x ) 

P P C_M I N 0 R ( x ) 

P P C_R  C 1 
P P C_0  E 1024 
P P C_D  E S T ( reg) 
P P C_S  RCA(reg) 
P P C_S  R C B ( reg) 
P P C_A  A 2 
PPC  LK  1 


((x)<<26)  /*  Major  opcode  (0..63)  */ 

( (x)«1  ) /*  Minor  opcode  (0..1  023)  */ 

/*  Record  carry  (.  suffix,  represented  as  _)  */ 
/*  Overf  Low  enabLe  (o  suffix)  */ 

((reg)<<21)  /*  Dest  register  fieLd  */ 

((reg)<<16)  / * First  source  register  fieLd  * / 

((reg)<<11)  /*  Second  source  register  fieLd  */ 

/*  Branch  is  absoLute,  reLative  to  address  0 */ 

/*  Branch  with  Link  (L  suffix)  */ 


/*  U n c o nd i t i o na L branch 
//define  PPC_B(dest) 
//define  PPC_BA(dest) 
//define  PPC_BL(dest) 
//define  PPC  BLA(dest) 


(dest  is  26  bits,  +/-  2 A 2 5 bytes)  */ 
PPC_MAJ0R(18) | ( ( (dest)<<2)  & 0x03fffffc) 
P P C_B (dest)  | P P C_A  A 
P P C_B (dest)  | P P C_L  K 
P P C_B (dest)  | P P C_A  A | PPC_LK 


/*  Three-operand  instruct 
//define  P P C_T  Y P E 3 1 ( m i n o r , 
PPC_MA J OR ( 31 ) | PPC 
//define  P P C_A  D D ( d , a , b ) 
//define  P P C_A  D D_(  d , a , b ) 
//define  P P C_A  D D 0 ( d , a , b ) 
//define  P P C_A  D D 0_(  d , a , b ) 
//define  P P C_A  D D C ( d , a , b ) 
//define  P P C_A  D D C_(  d , a , b ) 
//define  P P C_A  D D C 0 ( d , a , b ) 
//define  P P C_A  D D C 0_(  d , a , b ) 
//define  P P C_A  D D E ( d , a , b ) 
//define  P P C_A  D D E_(  d , a , b ) 
//define  P P C_A  D D E 0 ( d , a , b ) 
//define  P P C_A  D D E 0_(  d , a , b ) 
//define  P P C_A  D D M E ( d , a ) 


ions  * / 
d , a , b ) \ 

_DEST(d)  | P P C_S  R C A ( a ) | PPC_SRCB(b)  | P P C_M I N 0 R ( m i n o r ) 
P P C_T  Y P E 3 1 ( 266, d, a, b) 

P P C_T  Y P E 3 1 (266, d, a, b)  | PPC_RC 
P P C_T  Y P E 3 1 (266, d, a, b) j PPC_0E 
P P C_T  Y P E 3 1 (266, d, a, b)  j PPC_0E | PPC_RC 
P P C_T  Y P E 3 1 (10,d,a,b) 

P P C_T  Y P E 3 1 (10,d,a,b)  | PPC_RC 
P P C_T  Y P E 3 1 ( 1 0,d,a,b)  | PPC_0E 
P P C_T  Y P E 3 1 ( 1 0,d,a,b)  I PPC_0E | PPC_RC 
P P C_T  Y P E 3 1 ( 1 38,d,a,b) 

P P C_T  Y P E 3 1 (138, d, a, b)  | PPC_RC 
P P C_T Y P E 3 1 (138, d, a, b)  | PPC_0E 
P P C_T  Y P E 3 1 (138, d, a, b)  j PPC_0E | PPC_RC 
P P C_T  Y P E 3 1 (234, d, a, 0) 
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//define  P P C_A D D M E_( d , a ) 
//define  P P C_A D DM E 0 ( d , a ) 
//define  P P C_A D D M E 0_(  d , a ) 
//define  P P C_A D D Z E ( d , a ) 
//define  P P C_A D D Z E_( d , a ) 
//define  P P C_A D D Z E 0 ( d , a ) 
//define  P P C_A  D D Z E 0_(  d , a ) 
//define  P P C_A  N D ( a , s , b ) 
//define  P P C_A  N D_(  a , s , b ) 
//define  P P C_A  N D C ( a , s , b ) 
//define  P P C_A  N D C_(  a , s , b ) 
//define  P P C_C M P ( c r , a , b ) 
//define  P P C_C  M P L ( c r , a , b ) 
//define  P P C_C  N T L Z W ( a , s ) 
//define  P P C_C  N T L Z W_(  a , s ) 
//define  P P C_D  C B F ( a , b ) 
//define  P P C_D  C B I ( a , b ) 
//define  P P C_D C B S T ( a , b ) 
//define  P P C_D  C BT  ( a , b ) 
//define  P P C_D  C B T S T ( a , b ) 
//define  P P C_D  C B Z ( a , b ) 
//define  P P C_D I VW ( d , a , b ) 
//define  P P C_D  I VW_(  d , a , b ) 
//define  P P C_D I V WO ( d , a , b ) 
//define  PPC_D  I VWO_(  d , a , b ) 
//define  P P C_D  I V W U ( d , a , b ) 
//define  PPC_D  I VWU_(  d , a , b ) 
//define  P P C_D  I VWU  0 ( d , a , b ) 
//define  P P C_D  I VWUO_(  d , a , b ) 
//define  PPC_EIEIO() 

//define  P P C_E Q V ( a , s , b ) 
//define  P P C_E  Q V_(  a , s , b ) 
//define  P P C_E  X T S B ( a , s , b ) 
//define  P P C_E  X T S B_(  a , s , b ) 
//define  P P C_E  X T S H ( a , s , b ) 
//define  P P C_E  X T S H_(  a , s , b ) 
//define  P P C_I  C B I ( a , b ) 
//define  PPC_ISYNC() 

//define  PPC_LBZ  UX  ( d , a , b ) 
//define  P P C_LB  Z X ( d , a , b ) 
//define  PPC_LHAUX  ( d , a , b ) 
//define  P P C_L  H AX  ( d , a , b ) 
//define  P P C_LHB  R X ( d , a , b ) 
//define  P P C_L  H Z UX  ( d , a , b ) 
//define  P P C_L  H Z X ( d , a , b ) 
//define  P P C_L S W I ( d , a , n b ) 
//define  P P C_L  S W X ( d , a , b ) 
//define  P P C_L  S A RX  ( d , a , b ) 
//define  P P C_L  S B R X ( d , a , b ) 
//define  P P C_M  C R X R ( c r d ) 
//define  PPC_MFCR(d) 

//define  P P C_M  F S P R ( d , s p r ) 
//define  PPC_MFTB(d) 

//define  PPC_MFTBU(d) 
//define  P P C_MT  C R F ( ma  s k , s ) 
//define  P P C_MT  S P R ( s , s p r ) 
//define  P P C_MU L H W ( d , a , b ) 
//define  P P C_MU  LHW_(  d , a , b ) 
//define  P P C_MU  L FI  W U ( d , a , b ) 


P P C_T  YPE31  (234, d, a, 0)  | PPC_RC 
PPC_TYPE31  (234, d, a, 0)  | PP  C_0  E 
P P C_T  Y P E 3 1 (234, d, a, 0) | PPC_0E | PPC_RC 
P P C_T  Y P E 3 1 (202, d, a, 0) 

P P C_T  YPE31  (202, d, a, 0)  | PPC_RC 
P P C_T  YPE31  (202, d, a, 0)  | PP  C_0  E 
P P C_T  Y P E 3 1 (202, d, a, 0)  | PPC_0E | PPC_RC 
P P C_T  Y P E 3 1 (28,s,a,b) 

PPC_TYPE31 (28,s,a,b) | PPC_RC 
P P C_T  Y P E 3 1 (60,s,a,b) 

PPC_TYPE31 (60,s,a,b) | PPC_RC 
P P C_T  YPE31 (0,(cr)<<2,a,b) 

P P C_T  YPE31 (32,(cr)<<2,a,b) 

P P C_T  Y P E 3 1 (26,s,a,0) 
PPC_TYPE31(26,s,a,0)|PPC_RC 
P P C_T  Y P E 3 1 (86,0,a,b) 

P P C_T  Y P E 3 1 (470, 0, a, b) 

P P C_T  Y P E 3 1 ( 54,0,a,b) 

P P C_T  Y P E 3 1 (278, 0, a, b) 

P P C_T  Y P E 3 1 ( 246, 0, a, b) 

P P C_T  Y P E 3 1 (1014,0, a, b) 

P P C_T  Y P E 3 1 (491 ,d,a,b) 

P P C_T Y P E31 (491, d, a, b)  | PPC_RC 
P P C_T  YPE31 (491, d, a, b)  | PP  C_0  E 
P P C_T  Y P E 3 1 (491, d, a, b)  | PPC_OE | PPC_RC 
P P C_T  Y P E 3 1 (459, d, a, b) 

P P C_T  YPE31  (459, d, a, b)  | PPC_RC 
PPC_TYPE31 (459, d, a, b) | PPC_OE 
P P C_T  Y P E 3 1 (459, d, a, b)  | PPC_OE | PPC_RC 
P P C_T  Y P E 3 1 (854,0,0,0) 

P P C_T  Y P E 3 1 ( 284, s, a, b) 

P P C_T Y P E31  (284, s, a, b)  | PPC_RC 
P P C_T  Y P E 3 1 (954, s, a, b) 

P P C_T  YPE31  (954, s, a, b)  | PPC_RC 
P P C_T  Y P E 3 1 (922, s, a, b) 

P P C_T Y P E31  (922, s, a, b)  | PPC_RC 
P P C_T  Y P E 3 1 (982, 0, a, b) 

P P C_T  Y P E 3 1 ( 1 50,0,0,0) 

P P C__T  Y P E 3 1 ( 1 1 9,d,a,b) 

P P C_T  Y P E 3 1 (87,d,a,b) 

P P C_T  Y P E 3 1 (375, d, a, b) 

P P C_T  Y P E 3 1 (343, d, a, b) 

P P C_T  Y P E 3 1 (790, d, a, b) 

P P C_T  Y P E 3 1 (31 1 ,d,a,b) 

P P C_T  Y P E 3 1 (279, d, a, b) 

P P C_T  Y P E 3 1 ( 597,d,a,nb) 

P P C_T  Y P E 3 1 ( 533, d, a, b) 

P P C_T  Y P E 3 1 (20,d,a,b) 

P P C_T  Y P E 3 1 ( 534, d, a, b) 

PPC_TYPE31 (512, (crd) <<2,0,0 ) 

P P C_T  Y P E 3 1 ( 1 9, d, 0,0) 

P P C_T  YPE31  (339,d,(spr)&31,(spr)>>5) 

P P C_T  Y P E 3 1 ( 371 ,d, 1 2,8 ) 

P P C_T  Y P E 3 1 (371 ,d,1 3,8) 

P P C_T Y P E31 (144,s,0,(mask)S0xff) 
PPC_TYPE31(467,s,(spr)&31,(spr)>>5) 

P P C_T  Y P E 3 1 (75,d,a,b) 

P P C_T Y P E 3 1 (7  5,d,a,b)  | PPC_RC 
P P C_T  Y P E 3 1 ( 1 1 ,d,a,b) 
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if  d e f i n e 
if  define 
if  d e f i n e 
it  d e f i n e 
if  d e f i n e 
if  d e f i n e 
if  d e f i n e 
if  define 
//def i ne 
ttd  e f i n e 
//define 
//define 
//define 
it  d e f i n e 
//define 
//define 
if  d e f i n e 
if  d e f i n e 
//define 
//define 
//define 
if  d e f i n e 
//define 
if  define 
if  define 
if  d e f i n e 
//define 
//define 
//define 
//define 
//define 
#de  f i ne 
//define 
U d e f i n e 
it  d e f i n e 
U define 
if  d e f i n e 
if  d e f i n e 
if  d e f i n e 
if  d e f i n e 
if  d e f i n e 
it  d e f i n e 
//define 
if  d e f i n e 
if  d e f i n e 
//define 
if  d e f i n e 
//define 
//define 
//define 
//define 
//define 
//define 
//define 
if  d e f i n e 
it  define 
//define 
//define 
//define 


PPC_MULHWU_(d,a,b) 

PPC_MULLW(d,a,b) 

P P C_M  U L L W_( d , a , b ) 
PPC_MULLWO ( d, a , b ) 
PPC_MULLWO_(d,a,b) 
PPC_NAND(a,s,b) 
PPC_N AN  D_(a,s,b) 

P P C_N  E G ( d , a ) 

P P C_N  E G_( d , a ) 

P P C_N  EGO(d,a) 

P P C_N  E G 0_( d , a ) 
PPC_NOR(a,s,b) 
PPC_NOR_(a,s,b) 

P P C_0  R ( a , s , b ) 

PPC_OR_(a,s,b) 

PPC_ORC(a,s,b) 

PPC_ORC_(a,s,b) 

PPC_SLW(a,s,b) 

P P C_S  LW_( a , s , b ) 

PPC_SRAW(a,s,b) 

PPC_SRAW_(a,s,b) 

PPC_SRAWI(a,s,sh) 

PPC_SRAWI_(a,s,sh) 

P P C_S  RW(a,s,b) 

PPC_SRW_(a,s,b) 

PPC_STBUX(s,a,b) 

PPC_STBX(s,a,b) 

PPC_STHBRX(s,a,b) 

PPC_STHUX(s,a,b) 

PPC_STHX (s,a,b) 

PPC_STSWI ( s,a,nb) 

PPC_STSWX(s,a,b) 

PPC_STWBRX(s,a,b) 

PPC_STWCX_(s,a,b) 

PPC_STWUX(s,a,b) 

PPC_STWX(s,a,b) 

PPC_SUBF (d,a,b) 

PPC_SUBF_(d,a,b) 

PPC_SUBFO(d,a,b) 

PPC_SUBF  0_( d , a , b ) 

PPC_SUB(d,b,a) 

PPC_SUB_(d,b,a) 

PPC_SUBO ( d, b, a ) 

PPC_SUBO_( d, b, a ) 

PPC_SUBFC (d,a,b) 

PPC_SUBFC_(d,a,b) 

PPC_SUBFCO(d,a,b) 

PPC_SUBFCO_(d,a,b) 

PPC_SUBFE (d,a,b) 

PPC_SUBFE_(d,a,b) 

PPC_SUBFEO(d,a,b) 

PPC_SUBFEO_(d,a,b) 

PPC_SUBFME(d,a) 

PPC_SUBFME_(d,a ) 

PPC_SUBFMEO(d,a) 

PPC_SUBFME  0_( d , a ) 

PPC_SUBFZE(d,a) 

PPC_SUBFZE_(d,a ) 

PPC_SUBFZEO(d,a) 


P P C_T  Y P E 3 1 ( 1 1 ,d,a 
P P C_T  Y P E 3 1 ( 235  , d, 
P P C_T  Y P E 3 1 ( 235  , d, 
P P C_T  Y P E 3 1 ( 2 3 5 , d , 
P P C_T  Y P E 3 1 ( 235  , d, 
P P C_T  Y P E 3 1 (476, s, 
P P C_T  Y P E 3 1 (476, s, 
P P C_T  Y P E 3 1 ( 1 04, d, 
P P C_T  Y P E 3 1 ( 1 04, d, 
P P C_T  Y P E 3 1 ( 1 04, d, 
P P C_T  Y P E 3 1 ( 1 04, d, 
P P C_T  Y P E 3 1 ( 1 24, s, 
P P C_T  Y P E 3 1 ( 1 24, s, 
P P C_T  Y P E 3 1 (444, s, 
P P C_T  Y P E 3 1 (444, s, 
P P C_T  Y P E 3 1 (412, s, 
P P C_T  Y P E 3 1 (41 2, s, 
P P C_T  Y P E 3 1 (24, s, a 
P P C_T  Y P E 3 1 (24, s, a 
P P C_T  Y P E 3 1 (792, s, 
P P C_T  Y P E 3 1 (792, s, 
P P C_T  Y P E 3 1 ( 824, s, 
P P C_T  Y P E 3 1 (824, s, 
P P C_T  Y P E 3 1 ( 536, s , 
P P C_T  Y P E 3 1 ( 536, s, 
P P C_T  Y P E 3 1 ( 247, s , 
P P C_T  Y P E 3 1 (21 5, s, 
P P C_T  Y P E 3 1 ( 91 8, s , 
P P C_T  Y P E 3 1 (439, s, 
P P C_T  Y P E 3 1 (407, s, 
P P C_T  Y P E 3 1 ( 725  , s, 
P P C_T Y P E 3 1 (661  , s , 
P P C_T  Y P E 3 1 (662, s, 
P P C_T  Y P E 3 1 ( 1 50, s, 
P P C_T  Y P E 3 1 (1 83, s, 
P P C_T  Y P E 3 1 (1 51 ,s, 
P P C_T  Y P E 3 1 (40, d, a 
P P C_T  Y P E 3 1 (40, d, a 
P P C_T  Y P E 3 1 (40, d, a 
P P C_T  Y P E 3 1 (40, d, a 
PPC_SUBF(d,a,b) 
PPC_SUBF_(d,a,b) 

P P C_S  UBFO(d,a,b) 
PPC_SUBF  0_( d , a , b ) 
P P C_T  Y P E 3 1 ( 8 , d , a , 
P P C_T  Y P E 3 1 ( 8 , d , a , 
P P C_T  Y P E 3 1 ( 8 , d , a , 
P P C_T  Y P E 3 1 ( 8 , d , a , 
P P C_T  Y P E 3 1 ( 1 36, d, 
P P C_T  Y P E 3 1 ( 1 36,d, 
P P C_T  Y P E 3 1 ( 1 36, d, 
P P C_T  Y P E 3 1 ( 1 36, d, 
P P C_T  Y P E 3 1 ( 232, d, 
P P C_T  Y P E 3 1 ( 232, d, 
P P C_T  Y P E 3 1 ( 232 ,d, 
P P C_T  Y P E 3 1 (232, d, 
P P C_T  Y P E 3 1 (200, d, 
P P C_T  Y P E 3 1 ( 200, d, 
P P C_T  Y P E 3 1 ( 200, d. 


,b)  | P P C_R  C 
a , b ) 

a , b ) | P P C_R  C 
a , b ) | P P C_0  E 
a , b ) | P P C_0  E | P P C_R  C 
a , b ) 

a , b ) | PPC_RC 
a , b ) 

a , b ) | P P C_R  C 
a,b)  | P P C_0  E 
a , b ) | P P C_0  E | P P C_R  C 
a , b ) 

a , b ) | P P C_R  C 
a , b ) 

a , b ) | P P C_R  C 
a , b ) 

a , b ) | P P C_R  C 
,b) 

,b)  | P P C_R  C 
a , b ) 

a,b)  | P P C_R C 
a , s h ) 

a, sh ) | PPC_RC 
a , b ) 

a , b ) | P P C_R  C 
a , b ) 
a , b ) 
a , b ) 
a , b ) 
a , b ) 
a , n b ) 
a , b ) 
a , b ) 

a , b ) | PPC_RC 
a , b ) 
a , b ) 

,b) 

,b)  | PPC_RC 
, b ) | P P C_0  E 
,b)  | P P C_0  E | P P C_R  C 


b) 

b) | PPC_RC 
b)  | P P C_0  E 
b ) | P P C_0  E | PPC_RC 
a , b ) 

a,b)  | P P C_R  C 
a , b ) j PPC_OE 
a , b ) | P P C_0  E | P P C_R  C 
a , 0 ) 

a,0) | PPC_RC 
a , 0 ) | P P C_0  E 
a , 0 ) j PPC_OE | P P C_R  C 
a , 0 ) 

a,0)  | P P C_R  C 
a,0)  | P P C_0  E 
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//define  P P C_S U B F Z E 0_( d , a ) 
//define  PPC_SYNC() 

//define  P P C_TW ( t o , a , b ) 
//define  P P C_X 0 R ( a , s , b ) 


P P C_T  Y P E 3 1 (200, d, a, 0)  | PPC_0E | PPC_RC 
P P C_T  Y P E 3 1 ( 598,0,0,0  ) 

P P C_T  Y P E 3 1 (4,to,a,b) 

P P C_T  Y P E 3 1 (316, s, a, b) 


/*  Immediate-operand  instructions.  Take  a 16-bit  immediate  operand  */ 
//define  P P C_I MM ( ma j o r , d , a , i mm ) \ 

PPC_MAJ OR (major) | PPC_DEST(d) | PPC_SRCA(a) |((imm)&0xffff) 

/*  Trap  word  immediate  */ 

//define  P P V_TW I ( t o , a , s i mm ) P P C_I  MM  ( 3 , t o , a , s i mm  ) 

/*  Integer  arithmetic  */ 

//define  P P C_M  U L L I ( d , a , s i mm  ) P P C_I  M M ( 7 , d , a , s i mm  ) 

//define  P P C_S  U B F I C ( s , a , s i mm  ) P P C_I  MM  ( 8 , s , a , s i mm  ) 

//define  P P C_C  M P L I ( c r , a , u i mm  ) P P C_I  M M ( 1 0 , ( c r ) < < 2 , a , u i mm  ) 

//define  P P C_C  M P I ( c r , a , s i mm  ) PPC_I  MM  ( 1 1 , ( c r ) <<2  , a , s i mm  ) 

//define  P P C_A  D D I C ( d , a , s i mm  ) P P C_I  MM  ( 1 2 , d , a , s i mm  ) 

//define  P P C_A  D D I C_(  d , a , s i mm  ) P P C_I  MM  ( 1 3 , d , a , s i mm  ) 

//define  P P C_A  D D I ( d , a , s i mm  ) P P C_I  M M ( 1 4 , d , a , s i mm  ) 

//define  P P C_A  D D I S ( d , a , s i mm  ) P P C_I  M M ( 1 5 , d , a , s i mm  ) 


/*  Conditional  branch  (dest 
//define  P P C_B  C ( b o , b i , d e s t ) 
//define  P P C_B  C A ( bo  , b i , d e s t ) 
//define  P P C_B C L ( bo  , b i , d e s t ) 
#define  P P C_B C L A ( bo , b i , d e s t ) 


s 16  bits,  +/-  2A15  bytes)  */ 

PPC_IMM( 1 6,bo,bi , ((dest)<<2)&0xfffc) 
PPC_BC(bo,bi,dest) | PPC_AA 
P P C_B  C ( bo , b i , d e s t ) | PPC_LK 
P P C_B  C ( b o , b i , d e s t ) | PPC_AA | PPC_LK 


/*  Logical  operations  */ 
//define  P P C_0  R I ( a , s , u i mm  ) 
//define  P P C_0  R I S ( a , s , u i mm  ) 
//define  P P C_X  0 R I ( a , s , u i mm  ) 
//define  P P C_X  0 R I S ( a , s , u i mm  ) 
//define  P P C_AN  D I_(  a , s , u i mm  ) 
//define  P P C_A  N D I S ( a , s , u i mm  ) 


PPC_IMM(24,s,a,uimm) 

PPC_IMM(25,s,a,uimm) 

PPC_IMM(26,s,a,uimm) 

PPC_IMM(27,s,a,uimm) 

PPC_IMM(28,s,a,uimm) 

PPC_IMM(29,s,a,uimm) 


/ * Load/store  * / 


//define 
//define 
ft  d e f i n e 
//define 
//define 
//define 
//define 
//define 
//define 
#def i ne 
//define 
//define 
//define 
//define 
U d e f i n e 
//define 


PPC_LWZ(d,a,simm) 

PPC_LWZU(d,a,simm) 

PPC_LBZ(d,a,simm) 

PPC_LBZU(d,a,simm) 

PPC_STW(s,a,simm) 

PPC_STWU(s,a,simm) 

PPC_STB(s,a,simm) 

PPC_STBU(s,a,simm) 

PPC_LHZ(d,a,simm) 

PPC_LHZU(d,a,simm) 

PPC_LHA(d,a,simm) 

PPC_STH(s,a,simm) 

PPC_STHU(s,a,simm) 

PPC_LHAU(d,a,simm) 

PPC_LMW(d,a,simm) 

PPC_STMW(s,a,simm) 


PPC_IMM(32,d,a,simm) 
PPC_IMM(33,d,a,simm) 
PPC_IMM(34,d,a,simm) 
PPC_IMM(35,d,a,simm) 
PPC_IMM(36,s,a,simm) 
PPC_IMM(37,s,a,simm) 
PPC_IMM(38,s,a,simm) 
PPC_IMM(39,s,a,simm) 
PPC_IMM(40,d,a,simm) 
PPC_IMM(41 ,d,a,simm) 
PPC_IMM(42,d,a,simm) 
PPC_IMM(44,s,a,simm) 
PPC_IMM(45,s,a,simm) 
PPC_IMM(43,d,a,si mm) 
PPC_IMM(46,d,a,simm) 
PPC_IMM(47,s,a,simm) 


/*  Major  number  = 19  - condition  register  operations.  d,  a and  b are  CR  bits*/ 
//define  P P C_T  Y P E 1 9 ( m i n o r , d , a , b ) \ 


//define 
U d e f i n e 
//define 
//define 


P P C_M  A J 0 R ( 1 9)  | P P C_D  E S T ( d ) | PPC_SRCA(a ) | PPC_SRCB(b)  | P P C_M I N 0 R ( m i n o r ) 
P P C_M  CRF(d,s)  PPC_TYPE1  9(0,  (d)<<2,  (s)«2,0) 

PPC_CRN0R(d,a,b)  P P C_T Y P E 1 9 ( 3 3 , d , a , b ) 

PPC_CRANDC ( d , a , b ) P P C_T Y P E 1 9 ( 1 2 9 , d , a , b ) 

PPC_CRX0R(d,a,b)  P P C_T Y P E 1 9 ( 1 9 3 , d , a , b ) 
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//define  P P C_C R N A N D ( d , a , b ) 
//define  P P C_C R A N D ( d , a , b ) 
//define  P P C_C R EQ V ( d , a , b ) 
//define  P P C_C R 0 R C ( d , a , b ) 
//define  P P C_C  R 0 R ( d , a , b ) 


PPC_TYPE19(225,d,a,b) 
PPC_TYPE1 9(257, d, a, b) 
PPC_TYPE1 9(289, d, a, b) 
PPC_TYPE1 9(41 7,d,a,b) 
PPC_TYPE1 9(449, d,a,b) 


/*  Indirect  conditional  branch 
//define  PPC_BC  LR  ( bo,  bi  ) 

//define  P P C_B  C L R L ( bo  , b i ) 
//define  P P C_B C C T R ( bo  , b i ) 
//define  P P C_B  C C T R L ( b o , b i ) 
//define  PPC_BLR() 

//define  PPC  BCTRO 


* / 

P P C_T  Y P E 1 9 ( 1 6,bo,bi ,0) 
PPC_TYPE1 9(1 6,bo,bi ,0) | PPC_LK 
PPC_TYPE1 9 ( 528,bo,bi ,0) 

P P C_T  YPE19(528,bo,bi ,0)  | PPC_LK 
PPC_BCLR(20,31 ) 

PPC_BC  CTR ( 20, 31 ) 


/ * Other  * / 


//define  P P C_R  LW  I M I ( a , s , s h , mb  , m e ) \ 

PPC_MA J OR ( 2 0 ) | PPC_DEST(s)  | PPC_SRCA(A)  | PPC_SRCB(sh)  | (mb)<<6  | (me)«1 
//define  PPC_RLWIMI_(a,s,sh,mb,me)  PPC_RLWIMI(a,s,sh,mb,me)|PPC_RC 

#define  P P C_R LW I NM ( a , s , s h , mb , me ) \ 

P P C_M  A J 0 R ( 2 1 ) | PPC_DEST(s)  | PPC_SRCA(A)  | PPC_SRCB(sh)  | (mb)<<6  | (me)«1 

//define  PPC_RLWIN  M_( a,s,sh,mb,me)  PPC_RLWINM(a,s,sh,mb,me)  | P P C R C 

//define  P P C_R  LWNM  ( a , s , b , mb  , me  ) \ 

PPC_MA J OR ( 2 3 ) | P P C_D  E S T ( s ) | PPC_SRCA(A)  | PPC_SRCB(b)  | (mb)<<6  | (me)«1 
//define  P P C_R  LWN  M_(  a , s , b , mb  , me  ) P P C_R  L W N M ( a , s , b , m b , m e ) | P P C_R  C 


//define  PPC_SC()  P P C_M  A J 0 R ( 1 7 ) | 2 

/*  Major  number  = 63  Floating-point  operations  (not  implemented  for  now)  */ 


/*  Simplified  Mnemonics  */ 

/*  Fabricate  immediate  subtract  out  of  add  negative  */ 
//define  P P C_S  U B I ( d , a , s i mm  ) P P C_A  D D I ( d , a , - ( s i mm  ) ) 


//define  P P C_S  U B I S ( d , a , s i mm  ) 
//define  P P C_S  U B I C ( d , a , s i mm  ) 
//define  P P C_S  U B I C_(  d , a , s i mm  ) 
/*  Fabricate  subtract  out  of 
//define  P P C_S  U B C ( d , b , a ) 
//define  PPC_SUBC_(d,b,a) 
//define  P P C_S  l)  B C 0 ( d , b , a ) 
//define  P P C_S  U B C 0_(  d , b , a ) 

/*  Messy  compare  bits  omitte 
/*  Shift  and  rotate  omitted 


PPC_ADDIS(d,a,-(simm) ) 
PPC_ADDIC(d,a,-(simm) ) 
PPC_ADDIC_(d,a,-(simm) ) 
subtract  from  * / 

PPC_SUBFC(d,a,b) 
PPC_SUBFC_(d,a,b) 
PPC_SUBFCO(d,a,b) 
PPC_SUBFC  0_( d , a , b ) 

d * / 

*/ 


/*  Branch  coding  omitted  */ 
//define  PPC_CRSET(d) 

//define  PPC_CRCLR(d) 

//define  P P C_C  R M 0 V E ( d , s ) 
//define  P P C_C  R N 0 T ( d , s ) 

/*  Trap  menmonics  omitted  */ 


PPC_CREQV(d,d,d) 

PPC_CRXOR(d,d,d) 

PPC_CR0R(d,s,s) 

PPC_CRN0R(d,s,s) 


/*  Menmonics  for  u s e r -a c c e s s i b l e 
//define  PPC_MFXER(d) 

//define  PPC_MFLR(d) 

//define  PPC_MFCTR(d) 

//define  PPC_MTXER(s) 

//define  PPC_MTLR(s) 

//define  PPC  MTCTR(s) 


SPRs  */ 

P P C_M  FSPR(d,1 ) 
P P C_M  FSPR(d,8) 
P P C_M  FSPR(d,9) 
PPC_MTSPR ( s, 1 ) 
P P C_M  TSPR(s,8) 
P P C_M  TSPR(s,9) 


/*  Recommended  mnemonics  */ 


//define  PPC_N0P() 
//define  PP  C_L  I ( d , s 
//define  PPC_LIS(d, 
//define  PPC_LA(d,a 


PPC 

i mm ) PPC 
s i mm  ) PPC 
, s i mm  ) PPC 


0 R I (0,0,0) 
ADDI(d,0,simm) 
ADDIS(d,0,simm) 
ADDI(d,a,simm) 
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^define  PPC_MR(d,s) 
^define  PPC_NOT(d,s) 
# d e f i n e PPC  MTCR(s) 


#endif  /*  PPCASM  H */ 


PPC_OR(d,s,s) 

PPC_NOR(d,s,s) 

P P C_M  TCRF(Oxff,s) 


/*  45678901 2345678901 2345678901 2345678901 2345678901 2345678901 2345678901 234567*/ 
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prime. c 

/ * 

* Prime  generation  using  the  bignum  library  and  sieving. 

* 

* Written  by  Colin  Plumb 

* 

* $Id:  prime. c,v  1.35  1996/11/12  01:42:50  mhw  Exp  $ 

*/ 

# i f nd  e f H A V E_C 0 N F I G_H 
//define  H A V E_C  0 N F I G_H  0 
//end  i f 

tt i f H A V E_C  0 N F I G_H 
//include  "config.h" 
tt  e nd  i f 


/* 

* Some  compilers  complain 

* so  do  the  A N S I -ma nd a t e d 
*/ 

//ifndef  N 0_A  S S E R T_H 
//define  N 0_A  S S E R T_H  0 
tt  e nd  i f 

tt i f ! N 0_A  S S E R T_H 
//include  <assert . h> 

//else 

//define  assert(x)  (void)0 
tt  e nd  i f 


about  tt if  F00  if  F00  isn't  defined, 
thing  explicitly... 


//include  <stdarg.h>  /*  We  just  can 

# i f nd  e f BNDEBUG 
//define  BNDEBUG  0 
tt  e n d i f 
//if  BNDEBUG 
//include  <stdio.h> 
tt  end  i f 

//include  "bn.h" 

//include  "bnimem.h" 

//include  "prime. h” 

//include  "sieve. h" 

//include  "kludge. h" 

/*  Size  of  the  shuffle  table  */ 

//define  SHUFFLE  256 

/*  Size  of  the  sieve  area  */ 

//define  SIEVE  32768u/16 

/*  Confirmation  tests.  The  first  one 
static  unsigned  const  confirmed  = C2, 
//define  CONFIRMTESTS  ( s i z e o f ( c o n f i r m ) / 


't  live  without  this... 


*must*  be  2 * / 

3,  5,  7,  11,  13,  1 7 > ; 
sizeof (*confirm)) 


*/ 


/ * 

* Helper  function  that  does  the  slow  primality  test. 

* bn  is  the  input  bignum;  a and  e are  temporary  buffers  that  are 

* allocated  by  the  caller  to  save  overhead. 

* 

* Returns  0 if  prime,  >0  if  not  prime,  and  -1  on  error  (out  of  memory). 
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* If  not  prime,  returns  the  number  of  modular  exponentiations  performed. 

* Calls  the  given  progress  function  with  a '*'  for  each  primality  test 

* that  is  passed. 

* 

* The  testing  consists  of  strong  pseudopr i ma  l i ty  tests,  to  the  bases  given 

* in  the  confirmCD  array  above.  (Also  called  M i l l e r- R a b i n , although  that's 

* not  technically  correct  if  we're  using  fixed  bases.)  Some  people  worry 

* that  this  might  not  be  enough.  Number  theorists  may  wish  to  generate 

* primality  proofs,  but  for  random  inputs,  this  returns  non-primes  with 

* a probability  which  is  quite  negligible,  which  is  good  enough. 

* 

* It  has  been  proved  (see  Carl  Pomerance,  "On  the  Distribution  of 

* Pseudoprimes",  Math.  Comp,  v.37  (1981)  pp.  587-593)  that  the  number  of 

* pseudoprimes  (composite  numbers  that  pass  a Fermat  test  to  the  base  2) 

* less  than  x is  bounded  by: 

* exp(ln(x)A(5/14))  <=  P_2 ( x ) ###  CHECK  THIS  FORMULA  - it  looks  wrong!  ### 

* P_2 ( x ) <=  x * exp(-1/2  * ln(x)  * l n ( l n ( l n ( x ) ) ) / ln(ln(x))). 

* Thus,  the  local  density  of  Pseudoprimes  near  x is  at  most 

* exp(-1/2  * ln(x)  * ln(ln(ln(x)))  / ln(ln(x))),  and  at  least 

* exp(ln(x)A(5/14)  - l n ( x ) ) . Here  are  some  values  of  this  function 

* for  various  k-bit  numbers  x = 2Ak: 


* 

Bits 

Density  <= 

Bit  equivalent 

Density  > = 

Bit  equivalent 

★ 

128 

3 . 577869e-07 

21  .41  4396 

4 . 20221  3e-37 

120.840190 

★ 

192 

4 . 1 75629e-1 0 

31  . 1 57288 

4 . 936250e-56 

183.724558 

* 

256 

5 . 80431  4e-1 3 

40 . 647940 

4 . 97781 3e-75 

246 .829095 

★ 

384 

1 . 578039e-1 8 

59.136573 

3 . 938861 e-1 1 3 

373 . 400096 

★ 

512 

5 . 8582  5 5 e-24 

77 . 1 75803 

2 . 563353e-1 51 

500.253110 

★ 

768 

1 . 489276e-34 

1 1 2 .370944 

7 . 872825e-228 

754 . 422724 

* 

1 024 

6 . 6331  88e-45 

1 46 .757062 

1 . 882404e-304 

1 008.953565 

★ 

As  you  can  see,  there 

's  quite  a bit 

of  slop  between 

these  estimates. 

■k 

In  fact,  the  density 

of  pseudoprimes 

is  conjectured 

to  be  closer  to 

* square  of  that  upper  bound.  E.g.  the  density  of  pseudoprimes  of  size 

* 256  is  around  3 * 10A-27.  The  density  of  primes  is  very  high,  from 

* 0.005636  at  256  bits  to  0.001  409  at  1 024  bits,  i.e.  more  than  1 0 A — 3 . 

* 

* For  those  people  used  to  cryptographic  levels  of  security  where  the 

* 56  bits  of  DES  key  space  is  too  small  because  it's  exhaustible  with 

* custom  hardware  searching  engines,  note  that  you  are  not  generating 

* 50,000,000  primes  per  second  on  each  of  56,000  custom  hardware  chips 

* for  several  hours.  The  chances  that  another  Dinosaur  Killer  asteroid 

* will  land  today  is  about  1 0 A — 1 1 or  2A-36,  so  it  would  be  better  to 

* spend  your  time  worrying  about  *that*.  Well,  okay,  there  should  be 

* some  derating  for  the  chance  that  astronomers  haven't  seen  it  yet, 

* but  I think  you  get  the  idea.  For  a good  feel  about  the  probability 

* of  various  events,  I have  heard  that  a good  book  is  by  E'mile  Borel, 

* "Les  Probabi  l i te  ' s et  la  vie".  (The  's  are  accents,  not  apostrophes.) 

* 

* For  more  on  the  subject,  try  "Finding  Four  Million  Large  Random  Primes", 

* by  Ronald  Rivest,  in  Advancess  in  Cryptology:  Proceedings  of  Crypto 

* '90.  He  used  a sma  l l -d i v i so r test,  then  a Fermat  test  to  the  base  2, 

* and  then  8 iterations  of  a Miller-Rabin  test.  About  718  million  random 

* 256-bit  integers  were  generated,  43,741,404  passed  the  small  divisor 

* test,  4,058,000  passed  the  Fermat  test,  and  all  4,058,000  passed  all 

* 8 iterations  of  the  Miller-Rabin  test,  proving  their  primality  beyond 

* most  reasonable  doubts. 

* 

* If  the  probability  of  getting  a pseudoprime  is  some  small  p,  then  the 

* probability  of  not  getting  it  in  t trials  is  (1— p)At  . Remember  that. 
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* for  small  p,  (1-p)A(1/p)  ~ 1/e,  the  base  of  natural  logarithms. 

* (This  is  more  commonly  expressed  as  e = l i m_{ x \ t o \ i n f t y > (1+1/x)Ax.) 

* Thus,  ( 1 — p ) A t ~ eA(-p*t)  = exp(-p*t).  So  the  odds  of  being  able  to 

* do  this  many  tests  without  seeing  a pseudoprime  if  you  assume  that 

* p = 1 0 A — 6 (one  in  a million)  is  one  in  57.86.  If  you  assume  that 

* p = 2*10A-6,  it's  one  in  3347.6.  So  it's  implausible  that  the  density 

* of  pseudoprimes  is  much  more  than  one  millionth  the  density  of  primes. 

* 

* He  also  gives  a theoretical  argument  that  the  chance  of  finding  a 

* 256-bit  non-prime  which  satisfies  one  Fermat  test  to  the  base  2 is 

* less  than  1 0 A — 2 2 . The  small  divisor  test  improves  this  number,  and 

* if  the  numbers  are  512  bits  (as  needed  for  a 1024-bit  key)  the  odds 

* of  failure  shrink  to  about  10A-44.  Thus,  he  concludes,  for  practical 

* purposes  *one*  Fermat  test  to  the  base  2 is  sufficient. 

*/ 

static  i n t 

primeTest(struct  BigNum  const  *bn,  struct  Big N u m * e , struct  BigNum  *a, 
int  (*f)(void  *arg,  int  c),  void  *arg) 

unsigned  i,  j ; 
unsigned  k,  l ; 
int  err; 

#if  BNDEBUG  /*  Debugging  */ 

/ * 

* This  is  debugging  code  to  test  the  sieving  stage. 

* If  the  sieving  is  wrong,  it  will  let  past  numbers  with 

* small  divisors.  The  prime  test  here  will  still  work,  and 

* weed  them  out,  but  you'll  be  doing  a lot  more  slow  tests, 

* and  presumably  excluding  from  consideration  some  other  numbers 

* which  might  be  prime.  This  check  just  verifies  that  none 

* of  the  candidates  have  any  small  divisors.  If  this 

* code  is  enabled  and  never  triggers,  you  can  feel  quite 

* confident  that  the  sieving  is  doing  its  job. 

* / 

i = bnLSWord(bn); 


i f 

( ! ( i 

{ 2 ) ) 

pri  ntf ( " 

bn  d i v by  2 

! " ) ; 

i = 

bnModGKbn, 

51051); 

/*  51051 

=3*7*11*13*17 

i f 

( ! ( i 

4 3)  ) 

printf(" 

bn  d i v by  3 

!"); 

i f 

( ! ( i 

4 7)  ) 

pri  ntf (" 

bn  d i v by  7 

!"); 

i f 

( ! ( i 

4 11)) 

p r i n t f ( 

"bn  d i v by 

11!"); 

i f 

( ! ( i 

4 13)) 

p r i n t f ( 

"bn  d i v by 

13!"); 

i f 

( ! ( i 

4 17)) 

p r i n t f ( 

"bn  d i v by 

17!"); 

i = 

bnModGKbn, 

63365  ) ; 

/*  63365 

= 5 * 19  * 23  * 29  */ 

i f 

( ! ( i 

4 5)  ) 

p r i n t f ( " 

bn  d i v by  5 

!"); 

i f 

( ! ( i 

4 19)) 

p r i n t f ( 

"bn  d i v by 

19!"); 

i f 

( ! ( i 

4 23)  ) 

p r i n t f ( 

"bn  d i v by 

23!"); 

i f 

( ! ( i 

4 29)  ) 

p r i n t f ( 

"bn  d i v by 

29!"); 

i - 

bnModGKbn, 

47027)  ; 

/*  47027 

= 31  * 37  * 41  */ 

i f 

( ! ( i 

4 31  ) ) 

p r i n t f ( 

"bn  d i v by 

31  ! " ) ; 

i f 

( ! ( i 

4 37)  ) 

p r i n t f ( 

"bn  d i v by 

37  ! " ) ; 

i f 

( ! ( i 

4 41)) 

p r i n t f ( 

"bn  d i v by 

41!"); 

#end  i f 

/ * 

* Now,  check  that  bn  is  prime.  If  it  passes  to  the  base  2, 

* it's  prime  beyond  all  reasonable  doubt,  and  everything  else 

* is  just  gravy,  but  it  gives  people  warm  fuzzies  to  do  it. 

* 
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* This  starts  with  verifying  Euler's  criterion  for  a base  of  2 

* This  is  the  fastest  p s e ud o p r i ma l i t y test  that  I know  of, 

* saving  a modular  squaring  over  a Fermat  test,  as  well  as 

* being  stronger.  7/8  of  the  time,  it's  as  strong  as  a strong 

* pseudoprimality  test,  too.  (The  exception  being  when  bn  = = 

* 1 mod  8 and  2 is  a quartic  residue,  i.e.  bn  is  of  the  form 

* aA2  + (8*b)A2.)  The  precise  series  of  tricks  used  here  is 

* not  documented  anywhere,  so  here's  an  explanation. 

* Euler's  criterion  states  that  if  p is  prime  then  aA((p-1)/2) 

* is  congruent  to  Jacobi(a,p),  modulo  p.  Jacobi(a,p)  is 

* a function  which  is  +1  if  a is  a square  modulo  p,  and  -1  if 

* it  is  not.  For  a = 2,  this  is  particularly  simple.  It's 

* +1  if  p ==  +/- 1 (mod  8),  and  -1  if  m ==  + /-3  (mod  8). 

* If  p ==  3 mod  4,  then  all  a strong  test  does  is  compute 

* 2A((p-1)/2).  and  see  if  it's  +1  or  — 1 . (Euler's  criterion 

* says  *w  h i c h * it  should  be.)  If  p ==  5 (mod  8),  then 

* 2A((p-1)/2)  is  -1,  so  the  initial  step  in  a strong  test, 

* looking  at  2A( (p— 1 )/ 4),  is  wasted  - you're  not  going  to 

* find  a +/-1  before  then  if  it  *is*  prime,  and  it  shouldn't 

* have  either  of  those  values  if  it  isn't.  So  don't  bother. 

* 

* The  remaining  case  i s p ==  1 (mod  8).  In  this  case,  we 

* expect  2A((p-1)/2)  ==  1 (mod  p),  so  we  expect  that  the 

* square  root  of  this,  2A((p-1)/4),  will  be  +/- 1 (mod  p). 

* Evaluating  this  saves  us  a modular  squaring  1/4  of  the  time. 

* If  it's  -1,  a strong  pseudoprimality  test  would  call  p 

* prime  as  well.  Only  if  the  result  is  +1,  indicating  that 

* 2 is  not  only  a quadratic  residue,  but  a quartic  one  as  well 

* does  a strong  pseudoprimality  test  verify  more  things  than 

* this  test  does.  Good  enough. 

* 

* We  could  back  that  down  another  step,  looking  at  2A((p-1)/8) 

* if  there  was  a cheap  way  to  determine  if  2 were  expected  to 

* be  a quartic  residue  or  not.  Dirichlet  proved  that  2 is 

* a quartic  residue  iff  p is  of  the  form  aA2  + (8*bA2). 

* All  primes  ==  1 (mod  4)  can  be  expressed  as  aA2  + (2*b)A2, 

* but  I see  no  cheap  way  to  evaluate  this  condition. 

* / 

if  (bnCopy(e,  bn)  < 0) 
return  - 1 ; 

(void)bnSubQ(e,  1 ) ; 
l = bnLSWord(e); 

j = 1;  / * Where  to  start  in  prime  array  for  strong  prime  tests 

i f ( l 8 7)  { 

bnRShift(e,  1); 

if  ( bnTwoExpMod ( a , e,  bn)  < 0) 
return  - 1 ; 
if  ( ( l 8 7)  ==  6)  f 

/*  bn  ==  7 mod  8,  expect  +1  */ 
if  (bnBits(a)  !=  1) 

return  1;  / * Not  prime  * / 

k = 1; 

> else  { 

/*  bn  ==  3 or  5 mod  8,  expect  -1  ==  bn-1  */ 
if  ( bnAddQ ( a , 1)  < 0) 
return  - 1 ; 

if  (bnCmp(a,  bn)  !=  0) 
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return  1 ; / * Not  prime  * / 

k = 1 ; 

if  (L  S 4)  -C 

/*  bn  ==  5 mod  8,  make  odd  for  strong  tests 
bnRShiftCe,  1 ) ; 
k = 2; 

> 

> 


> else  { 

/*  bn  ==  1 mod  8,  expect  2A((bn-1)/4)  ==  +/-1  mod  bn  */ 
bnRShift(e,  2 ) ; 

if  ( bnTwoExpMod  ( a , e,  bn)  < 0) 
return  - 1 ; 

if  (bnBits(a)  ==  1)  { 

j = 0;  / * Re-do  strong  prime  test  to  base  2 * / 

> else  i 

if  ( bn AddQ ( a , 1)  < 0) 
return  -1; 

if  (bnCmpCa,  bn)  !=  0) 

return  1;  / * Not  prime  * / 

> 

k = 2 + bnMakeOdd(e); 

> 

/*  It's  prime!  Now  go  on  to  confirmation  tests  */ 


*/ 


/ * 

* Now,  e = (bn-1)/2Ak  is  odd.  k >=  1,  and  has  a given  value 

* with  probability  2A-k,  so  its  expected  value  is  2. 

* j = 1 in  the  usual  case  when  the  previous  test  was  as  good  as 

* a strong  prime  test,  but  1/8  of  the  time,  j = 0 because 

* the  strong  prime  test  to  the  base  2 needs  to  be  re-done. 

* / 

for  (i  = j;  i < C ON F I RMT E S T S ; i++)  { 

if  (f  &&  (err  = f(arg,  '*'))  < 0) 
return  err; 

( v o i d ) bn S e t Q ( a , confirmCi]); 
if  CbnExpModCa,  a,  e,  bn)  < 0) 
return  -1; 
if  (bnBits(a)  ==  1) 

continue;  / * Passed  this  test  * / 

l = k • 

for  ( ; ; ) { 

if  (bnAddQCa,  1)  < 0) 
return  - 1 ; 

if  (bnCmpCa,  bn)  ==  0)  /*  Was  result  bn-1 ? */ 

break;  /*  Prime  * / 

if  ( ! — l ) /*  Reached  end,  not  -1?  luck?  */ 

return  i+2-j;  /*  Failed,  not  prime  */ 

/*  This  portion  is  executed,  on  average,  once.  */ 
(void)bnSubQ(a,  1);  / * Put  a back  where  it  was.  * / 

if  (bnSquarela,  a)  <0  ||  bnModCa,  a,  bn)  < 0) 

return  - 1 ; 
if  (bnBits(a)  ==  1) 

return  i+2-j;  /*  Failed,  not  prime  * / 

> 

/*  It  worked  (to  the  base  confirmCi])  */ 
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> 


/*  Yes,  we've  decided  that  it's  prime.  */ 
if  (f  &&  (err  = f(arg,  '*'))  < 0) 
return  err; 

return  0;  / * Prime!  * / 


/* 

* Add  x * y to  bn,  which  is  usually  (but  not  always)  < 65536. 

* Do  it  in  a simple  linear  manner. 

* / 

static  int 

b n A d d M u 1 1 ( s t r u c t BigNum  *bn,  unsigned  x,  unsigned  y) 

{ 

unsigned  long  z = (unsigned  long)x  * y ; 

whi  le  (z  > 65535  ) { 

if  (bnAddGKbn,  65535)  < 0) 
return  -1; 
z -=  65535; 

> 

return  bnAddGKbn,  (unsigned)z); 

} 


static  int 

b n S u bMu  1 1 ( s t r u c t BigNum  *bn,  unsigned  x,  unsigned  y) 

C 

unsigned  long  z = (unsigned  long)x  * y; 

while  (z  > 65535)  { 

if  (bnSubGKbn,  65535)  < 0) 
return  - 1 ; 
z -=  65535; 

> 

return  bnSubGKbn,  (unsigned)z); 

} 

/* 

* Modifies  the  bignum  to  return  a nearby  (slightly  larger)  number  which 

* is  a probable  prime.  Returns  >=0  on  success  or  -1  on  failure  (out  of 

* memory).  The  return  value  is  the  number  of  unsuccessful  modular 

* exponentiations  performed.  This  never  gives  up  searching. 

* 

* All  other  arguments  are  optional.  They  may  be  NULL.  They  are: 

* 

* unsigned  ( * r a nd ) ( u n s i g n ed  limit) 

* For  better  distributed  numbers,  supply  a non-null  pointer  to  a 

* function  which  returns  a random  x,  0 <=  x < limit.  (It  may  make  it 

* simpler  to  know  that  0 < limit  <=  SHUFFLE,  so  you  need  at  most  a byte.) 

* The  program  generates  a large  window  of  sieve  data  and  then  does 

* pseudopr i ma l i ty  tests  on  the  data.  If  a rand  function  is  supplied, 

* the  candidates  which  survive  sieving  are  shuffled  with  a window  of 

* size  SHUFFLE  before  testing  to  increase  the  uniformity  of  the  prime 

* selection.  This  isn't  perfect,  but  it  reduces  the  correlation  between 

* the  size  of  the  prime-free  gap  before  a prime  and  the  probability 

* that  that  prime  will  be  found  by  a sequential  search. 

* 

* If  rand  is  NULL,  sequential  search  is  used.  If  you  want  sequential 

* search,  note  that  the  search  begins  with  the  given  number;  if  you're 

* trying  to  generate  consecutive  primes,  you  must  increment  the  previous 
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* one  by  two  before  calling  this  again. 

* 

* int  (*f)(void  *arg,  int  c),  void  *arg 

* The  function  f argument,  if  non-NULL,  is  called  with  progress  indicator 

* characters  for  printing.  A dot  (.)  is  written  every  time  a primality  test 

* is  failed,  a star  (*)  every  time  one  is  passed,  and  a slash  (/)  in  the 

* (very  rare)  case  that  the  sieve  was  emptied  without  finding  a prime 

* and  is  being  refilled.  f is  also  passed  the  void  *arg  argument  for 

* private  context  storage.  If  f returns  < 0,  the  test  aborts  and  returns 

* that  value  immediately.  (bn  is  set  to  the  last  value  tested,  so  you 

* can  increment  bn  and  continue.) 

* 

* The  "exponent"  argument,  and  following  unsigned  numbers,  are  exponents 

* for  which  an  inverse  is  desired,  modulo  p.  For  a d to  exist  such  that 

* (xAe)Ad  ==  x (mod  p),  then  d*e  ==  1 (mod  p-1),  so  gcd(e,p-1)  must  be  1. 

* The  prime  returned  is  constrained  to  not  be  congruent  to  1 modulo 

* any  of  the  zero-terminated  list  of  16-bit  numbers.  Note  that  this  list 

* should  contain  all  the  small  prime  factors  of  e.  (You'll  have  to  test 

* for  large  prime  factors  of  e elsewhere,  but  the  chances  of  needing  to 

* generate  another  prime  are  low.) 

* 


* The  list  is  terminated  by  a 0,  and  may  be  empty. 
*/ 


i nt 

b n P r i m e G e n ( s t r u c t BigNum  *bn,  unsigned  (*rand)  (unsigned), 

int  (*f)(void  *arg,  int  c),  void  *arg,  unsigned  exponent. 


{ 


int  retva  l; 
int  modexps  = 0; 

unsigned  short  offsetsCSHUFFLE]; 
unsigned  i,  j; 
unsigned  p,  q,  prev; 
struct  BigNum  a,  e; 

# i f d e f MSDOS 

unsigned  char  *sieve; 

# e l s e 

unsigned  char  sieveCSIEVEJ; 

# e n d i f 


. . . ) 


# i f d e f 


U e n d i f 


MSDOS 

sieve  = bn i M em A l l o c ( S I E V E ) ; 
if  ( ! s i e v e ) 

return  - 1 ; 


bnBegin(Sa); 

bnBegin(Se); 


#if  0 /*  Self-test  (not  used  for  production)  */ 

{ 


struct 

BigNum  t ; 

static 

unsigned 

char 

const 

p r i me  1 C ] 

= ( 5 > ; 

static 

unsigned 

char 

const 

p r i me2  C 1 

= { 7 } ; 

static 

unsigned 

char 

const 

prime3C] 

= { 1 1 > ; 

static 

unsigned 

char 

const 

p r i me4  C ] 

= (1 , 1 > 

; /* 

257 

* / 

static 

unsigned 

char 

const 

p r i me  5 C D 

= fOxFF, 

Ox  F 1 > ; 

/*  65521 

static 

unsigned 

char 

const 

p r i me6  C ] 

V 

O 

V 

II 

i>; 

/* 

65537 

*/ 

static 

unsigned 

char 

const 

p r i me7 [ ] 

- <1,  o. 

3>; 

/ * 

65  539 

*/ 

/*  A small  prime:  1234567891  */ 
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static  unsigned  char  const  prime8[]  = {0x49,  0x96,  0x02,  0xD3>; 
/*  A slightly  larger  prime:  12345678901234567891  */ 

static  unsigned  char  const  prime9[D  = { 

0 x A B , 0x54,  0 x A 9 , 0x8C,  OxEB,  OxlF,  OxOA,  0xD3  >; 

/ * 

* No,  123456789012345678901234567891  isn't  prime;  it's  just  a 

* lucky,  easy-to-remember  conicidence.  (You  have  to  go  to 

* ...4567907  for  a prime.) 

*/ 


static 


> const 


struct  { 
unsigned 
unsigned 
p r i m e l i s 
{ p r i me  1 
p r i me  2 
p r i me  3 
p r i m e 4 
p r i me  5 
pr i me6 
pr i me7 
p r i me8 
p r i me9 


char  const  * p r i 
si  ze; 
t C ] = { 

, sizeof(primel) 
, sizeof(prime2) 
, si zeof (prime3) 
, sizeof(prime4) 
, sizeof(prime5) 
, sizeof (prime6) 
, sizeof(prime7) 
, sizeof(prime8) 
, sizeof (prime9) 


me; 


>, 

y, 

>, 

>, 

>, 

>, 

> >; 


bnBeg i n ( St ) ; 


for  ( i = 0 ; 


> 


< sizeof(primelist)/sizeof(primelistCO]);  i++)  { 
bnlnsertBytes (St,  primelistCiO. prime,  0, 
primelistCiO.size); 
bnCopy(8e,  &t); 

(void)bnSubQ(Se,  1); 
bnTwoExpMod(&a,  8e,  St); 
p = bnBits(Sa); 
if  (p  ! = 1 ) { 

p r i n t f ( 

"Bug:  Fermat (2)  %u-bit  output  (1  expected)\n",  p); 
fputs("Prime  = Ox",  stdout); 
for  (j  = 0;  j < primelistEiD.size;  j++) 

printf("%02X",  primelistCiO.primeEjO); 
putchar(  ' \n'  ); 

> 

bnSetQ(Sa,  3); 
bnExpMod(Sa,  Sa,  Se,  St); 
p = bnBits(Sa); 
if  (p  ! = 1 ) { 

p r i n t f ( 

"Bug:  Fermat(3)  %u-bit  output  (1  expected)\n",  p); 
fputs("  Prime  = Ox",  stdout); 
for  (j  = 0;  j < primelistCiO.size;  j + + ) 

printf("%02X",  primelistCiD.primeCj]); 
putchar(  ' \ n'  ); 

> 


bnEnd(St); 

> 

tt e nd  i f 


/*  First,  make  sure  that  bn  is  odd.  */ 
i f ( (bnLSWord(bn)  S 1 ) ==  0) 
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(void)bnAddQ(bn,  1 ) ; 


retry: 

/*  Then  build  a sieve  starting  at  bn.  */ 
sieveBuild(sieve,  SIEVE,  bn,  2 , 0 ) ; 

/*  Do  the  extra  exponent  sieving  */ 
if  (exponent)  { 

va_list  ap; 

unsigned  t = exponent; 
va_start(ap,  exponent); 
do  { 

/*  The  exponent  had  better  be  odd!  */ 
assertCt  S 1 ) ; 

i = bnModQCbn,  t ) ; 

/ * Find  1 -i  * / 
if  (i  ==  0) 

i = 1; 

else  if  ( -- i ) 

i = t - i; 

/*  Divide  by  2,  modulo  the  exponent  */ 
i = (i  & 1)  ? i/2  + t/2  + 1 : i/2; 

/*  Remove  all  following  multiples  from  the  sieve.  */ 
sieveSingle(sieve,  SIEVE,  i,  t); 

/*  Get  the  next  exponent  value  */ 
t = va_arg(ap,  unsigned); 

} while  (t); 

va_e  nd ( a p ) ; 

> 

/*  Fill  up  the  offsets  array  with  the  first  SHUFFLE  candidates  */ 
i = p = 0; 

/*  Get  first  prime  */ 

if  (sieved)]  SI  ||  (p  = sieveSearch(sieve,  SIEVE,  p))  !=  0)  { 

offsetsli++]  = p; 

p = sieveSearch(sieve,  SIEVE,  p); 

} 

/* 

* Okay,  from  this  point  onwards,  p is  always  the  next  entry 

* from  the  sieve,  that  has  not  been  added  to  the  shuffle  table, 

* and  is  0 iff  the  sieve  has  been  exhausted. 

* 

* If  we  want  to  shuffle,  then  fill  the  shuffle  table  until  the 

* sieve  is  exhausted  or  the  table  is  full. 

* / 

if  (rand  SS  p)  { 
do  L 

offsetsCi++]  = p; 

p = sieveSearch(sieve,  SIEVE,  p); 

> while  (p  SS  i < SHUFFLE); 

> 
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/*  Choose  a random  candidate  for  experimentation  */ 
prev  = 0; 
while  ( i ) { 

/*  Pick  a random  entry  from  the  shuffle  table  */ 
j = rand  ? rand(i)  : 0; 

q = offsetsCjD;  / * The  entry  to  use  * / 

/*  Replace  the  entry  with  some  more  data,  if  possible  */ 
if  ( p ) { 

offsetsCjD  = p; 

p = sieveSearchCsieve,  SIEVE,  p ) ; 

> else  i 

offsetsCjD  = offsetsC--iD; 
offsetsCiD  = 0 ; 

> 

/*  Adjust  bn  to  have  the  right  value  */ 
if  ( ( q > prev  ? bnAddMu l t ( bn,  q-prev,  2) 

: bn S u bMu l t ( bn , prev-q,  2))  < 0) 
goto  failed; 
prev  = q ; 


> 


/*  Now  do  the  Fermat  tests  */ 

retval  = primeTestlbn,  &e,  &a,  f,  arg); 

if  (retval  <=  0) 

goto  done;  /*  Success  or  error  */ 

modexps  +=  retval; 

if  (f  SS  (retval  = f ( a r g , < 0) 

goto  done; 


/*  Ran  out  of  sieve  space  - increase  bn  and  keep  trying.  */ 
if  ( bn AddMu  1 1 ( bn , S I E V E * 8 - p r e v , 2)  < 0) 
goto  failed; 

if  (f  &&  (retval  = f(arg,  '/'))  < 0) 
goto  done; 
goto  retry; 


f a i led: 


done: 


ft  i f d e f 

# e l s e 

# e nd i f 


retval  = - 1 ; 

bnEnd(&e); 

bnEnd(Sa); 

bniMemWipe(offsets,  sizeof(offsets)); 
MSD0S 

bniMemFree(sieve,  SIEVE); 
bniMemWipe(sieve,  sizeof (sieve)); 


> 


return  retval  < 0 ? retval  : modexps  + C0NFIRMTESTS; 


/ * 

* Similar,  but  searches  forward  from  the  given  starting  value  in  steps  of 

* "step"  rather  than  1.  The  step  size  must  be  even,  and  bn  must  be  odd. 

* Among  other  possibilities,  this  can  be  used  to  generate  "strong" 

* primes,  where  p-1  has  a large  prime  factor. 

* / 
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i n t 

bn P r i m e G e n S t r on g ( s t r u c t BigNum  *bn,  struct  BigNum  const  *step, 
int  (*f)(void  *arg,  int  c),  void  *arg) 

{ 

int  retval; 
unsigned  p , prev; 
struct  BigNum  a,  e; 
int  modexps  = 0 ; 

#ifdef  MSDOS 

unsigned  char  *sieve; 

ft  e L s e 

unsigned  char  sieveHSIEVED; 

ft  e nd  i f 


ft  i t d e f 


ft  e n d i f 


MSDOS 

sieve  = bniMemAlloc(SIEVE); 
if  ( ! s i e v e ) 

return  -1; 


/*  Step  must  be  even  and  bn  must  be  odd  */ 
assertC (bnLSWord(step)  S 1)  ==  0); 
assert ( (bnLSWord(bn)  & 1)  ==  1 ) ; 

bnBegin(Sa); 

bnBegin(Se); 

for  ( ; ; ) { 

if  ( s i e v eBu i l dB i g ( s i e ve , SIEVE,  bn,  step,  0)  < 0) 
goto  failed; 

p = prev  = 0; 

if  (sieveCOD  & 1 ||  (p  = sieveSearchCsieve,  SIEVE,  p))  !=  0)  f 

do  f 

/* 

* Adjust  bn  to  have  the  right  value, 

* adding  (p-prev)  * 2*step. 

*/ 

assertCp  >=  prev); 

/*  Compute  delta  into  a */ 
if  (bnMulQ(8a,  step,  p-prev)  < 0) 
goto  failed; 
i f ( bnAdd (bn,  &a ) < 0 ) 

goto  failed; 
prev  = p ; 

retval  = primeTestCbn,  & e , & a , f,  arg); 
if  (retval  <=  0) 

goto  done;  / * Success!  * / 

modexps  +=  retval; 

if  (f  &&  (retval  = f(arg,  < 0) 

goto  done; 

/*  And  try  again  * / 
p = sieveSearch(sieve,  SIEVE,  p); 

> while  ( p ) ; 

> 

/*  Ran  out  of  sieve  space  - increase  bn  and  keep  trying.  */ 
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#if  S I E V E * 8 


#else 
#endi f 


> /* 


==  65536 

/*  Corner  case  that  will  never  actually  happen  */ 
if  ( ! prev)  { 

if  (bnAddCbn,  step)  < 0) 
goto  failed; 
p = 65535; 

> else  C 

p = ( uns i gned ) ( S I EVE*8  - prev); 

> 


p - SIEVE*8  - prev; 

if  (bnMulGK&a,  step,  p)  < 0 ||  bnAddlbn,  &a)  < 0) 
goto  failed; 

if  (f  &&  (retval  = f(arg,  '/'))  < 0) 
goto  done; 

for  ( ; ; ) * / 


f a i led: 

retval  = - 1 ; 

done: 


ft  i f d e f 
# e l s e 
ft  e n d i f 
> 


bnEnd(Se)  ; 
bnEnd(Sa); 

MSDOS 

bniMemFreelsi eve, 
bniMemWipelsieve, 
return  retval  < 0 


SIEVE); 

sizeof (sieve)); 

? retval  : modexps  + CONFIRMTESTS; 
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prime.h 


/ * 

* $ I d : prime. h,v  1 . 9 1 996/1  1 /1  2 01:42:50  mhw  Exp  $ 

* / 


# i f n d e f B N_P  R I M E_H 
//define  B N_P  R I M E_H 

struct  BigNum; 

# i f nd  e f T Y P E_B I G N U M 
//define  T Y P E_B I G N U M 1 
typedef  struct  BigNum  BigNum; 
//  e nd  i f 


/*  Generate  a prime  >=  bn.  leaving  the  result  in  bn.  */ 

int  bnPrimeGenCstruct  BigNum  * b n , unsigned  (*randnum)( unsigned), 

int  (*f)(void  *arg,  int  c ) , void  *arg,  unsigned  exponent,  ...); 


/ * 

* Generate  a prime  of  the  form  bn 

* bn  must  be  odd. 

*/ 

int  bnPrimeGenStrongCstruct  BigNum 

int  (*f)(void 


+ k*step.  Step  must  be  even  and 

*bn,  struct  BigNum  const  *step, 
*arg,  int  c),  void  *arg); 


//endif  /*  BN  PRIME  H */ 
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sieve.c 

/ * 

* sieve.c  — Trial  division  for  prime  finding. 

* 

* Written  by  Colin  Plumb 

* 

* $Id:  sieve. c,v  1.23  1 996/1  1 /1  2 01:42:51  mhw  Exp  $ 

* 

* Finding  primes: 

* - Sieve  1 to  find  the  small  primes  for 

* - Sieve  2 to  find  the  candidate  large  primes,  then 

* - Pseudo-pr i ma l i ty  test. 

* 

* An  important  question  is  how  much  trial  division  by  small  primes 

* should  we  do?  The  answer  is  a LOT.  Even  a heavily  optimized 

* Fermat  test  to  the  base  2 (the  simplest  pseudoprimality  test) 

* is  much  more  expensive  than  a division. 

* 

* For  an  prime  of  n k-bit  words,  a Fermat  test  to  the  base  2 requires  n*k 

* modular  squarings,  each  of  which  involves  n*(n+1)/2  signle-word  multiplies 

* in  the  squaring  and  n * ( n + 1 ) multiplies  in  the  modular  reduction,  plus 

* some  overhead  to  get  into  and  out  of  Montgomery  form.  This  is  a total 

* of  3/2  * k * nA2  * (n+1).  Equivalently,  if  n*k  = b bits,  it's 

* 3/2  * (b/k+1)  * bA2  / k. 

* 

* A modulo  operation  requires  n single-word  divides.  Let's  assume  that 

* a divide  is  4 times  the  cost  of  a multiply.  That's  4 * n multiplies. 

* However,  you  only  have  to  do  the  division  once  for  your  entire 

* search.  It  can  be  amortized  over  10-15  primes.  So  it's 

* really  more  like  n/3  multiplies.  This  is  b/3k. 

* 

* Now,  let's  suppose  you  have  a candidate  prime  t.  Your  options 

* are  to  a)  do  trial  division  by  a prime  p,  then  do  a Fermat  test, 

* or  to  do  the  Fermat  test  directly.  Doing  the  trial  division 

* costs  b / 3 k multiplies,  but  a certain  fraction  of  the  time  (1/p),  it 

* saves  you  3/2  b 3 / kA2  multiplies.  Thus,  it's  worth  it  doing  the 

* division  as  long  as  b/3k  < 3/2  * (b/k+1)  * bA2  / k / p. 


★ 

I . e . 

p < 9/2 

★ 

(b/k  + 1 ) 

* b 

= 9/2 

* ( b A 2 / k 

+ 

b)  . 

★ 

E.g. 

for  k = 1 6 

and 

b = 2 5 6 , 

P < 

9/2  * 

17  * 256 

= 

19584. 

★ 

"k 

S o l v i 

n g for  k 

= 

1 6 

and  k=32 

a t 

a few 

interesti 

ng 

value 

k 

k = 1 6, 

b = 2 5 6 : 

P 

< 

1 9584 

k = 32  , 

b = 2 5 6 : p 

< 

1 0368 

k 

k = 1 6, 

b = 3 8 4 : 

P 

< 

43200 

k = 32  , 

b = 3 8 4 ; p 

< 

22464 

k 

S 

sO 

II 

b = 51 2 : 

P 

< 

76032 

k = 32  , 

b = 5 1 2 : p 

< 

39168 

k 

k 

k = 1 6, 

b=640 : 

P 

< 

1 1 8080 

k = 32  , 

b = 640  : p 

< 

60480 

* H'm...  before  using  the  highly-optimized  Fermat  test,  I got  much  larger 

* numbers  (64K  to  256K),  and  designed  the  sieve  for  that.  Maybe  it  needs 

* to  be  reduced.  It  *is*  true  that  the  desirable  sieve  size  increases 

* rapidly  with  increasing  prime  size,  and  it's  the  larger  primes  that  are 

* worrisome  in  any  case.  I'll  leave  it  as  is  (64K)  for  now  while  I 

* think  about  it. 

* 

* A bit  of  tweaking  the  division  (we  can  compute  a reciprocal  and  do 

* multiplies  instead,  turning  4*n  into  4 + 2*n)  would  increase  all  the 

* numbers  by  a factor  of  2 or  so. 

k 

* 

* Bit  kina  sieve  corresponds  to  the  number  a + k*b. 
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For  a given  a and  b,  the 
k for  which  a + k*b  ==  0 
isolating  k,  you  get  k ==  -a*bA-1 
k which  should  be  worked  on  are  k 
for  i = 0,  1,  2,... 


Note  how  this  is 
It  just  requires 
inverse  of  that. 


k 
k 
k 
k 
* 

* 
k 
k 
k 
* 
k 
k 
k 
k 
k 
k 
k 
k 
k 
k 
k 
k 
k 
k 
k 
k 
k 
k 
k 
k / 

# i f n d e f 
H d e f i n e 
#endi f 
//if  HAVE 
U i nc  l ude 
# e nd  i f 


sieve's  job  is  to  find  the  values  of 
(mod  p).  Multiplying  by  bA-1  and 

(mod  p).  So  the  values  of 
= (-a*bA-1  mod  p)  + i * p. 


still  easy  to  use  with  very  large  b, 
computing  (b  mod  p)  and  then  finding 


if  you  need  it. 
the  multiplicative 


How  large  a space  to  search  to  ensure  that  one  will  hit  a prime? 

The  average  density  is  known,  but  the  primes  behave  oddly,  and  sometimes 
there  are  large  gaps.  It  is  conjectured  by  shanks  that  the  first  gap 
of  size  "delta"  will  occur  at  approximately  e x p ( s q r t ( d e 1 1 a ) ) , so  a delta 
of  65536  is  conjectured  to  be  to  contain  a prime  up  to  eA256. 

Remembering  the  handy  2<->e  conversion  ratios: 
l n ( 2 ) = 0.693147  log2(e)  - 1.442695 

This  covers  up  to  369  bits.  Damn,  not  enough!  Still, 


it'll  have  to  do. 


Cramer's  conjecture  (he  proved  it  for  "most"  cases)  is 
as  p goes  to  infinity,  the  largest  gap  after  a prime  p 
So,  for  a 1024-bit  p,  the  interval  to  the  next  prime 
about  709.78A2,  or  503791.  We'd  need  to  enlarge  our 
8 to  be  sure.  It  isn't  worth  the  hassle. 


that  in  the  limit, 
tends  to  (ln(p))A2 
is  expected  to  be 
space  by  a factor  of 


Note  that  a span  of  this  size 
in  the  vicinity  of  2A1024  (it 
So  the  probability 


of  failure 


is  expected  to  contain  92  primes  even 
s 369  at  256  bits  and  492  at  192  bits) 
is  pretty  low. 


HAVE. 

HAVE 


.CONFIG. 

CONFIG 


.CON  F IG_H 
" con  f i g . h " 


/ * 

* Some  compilers  complain 

* so  do  the  AN S I -ma nd a t ed 

*/ 

N 0_A  S S E R T_H 
NO  ASSERT  H 0 


about  //if  F00  if  F00 
thing  explicitly... 


isn't  defined. 


H i f n d e f 
H d e f i n e 

# e n d i f 

H i f nde  f 
//define 

# e nd i f 
Z/i f nd  e f 
if  define 
He nd  i f 

if  i f n d e f 
if  define 
He nd  i f 
it  i f nde  f 
//define 
H e nd i f 


NO. 

NO. 

NO. 

NO 


.LIMITS. 

.LIMITS. 

.STRING. 

STRING 


HAVE. 

HAVE. 

NEED. 

NEED 


.STRINGS. 

.STRINGS. 

_M  E M 0 R Y_l 
MEMORY  I 


H i f !N0_ASSERT_H 
//include  <assert  . h> 
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assert(x)  (void)O 


ft  if  ! N 0_L  I M I T S_H 
ft  include  <limits.h> 
ft  e n d i f 


/*  For  U I N T_M A X */ 

/*  If  not  avail,  default  value  of  0 is  safe  */ 


//if  ! N 0_S  T R I N G_H 

//include  <string.h>  /*  for  memset  ( ) */ 

#elif  H A V E_S  T R I N G S_H 
//include  <strings.h> 
ft  e nd  i f 

//if  NEE  D_M  E M 0 R Y_H 
//include  <memory  . h> 
ft  e nd  i f 


//include  "bn.h" 
ft  i nc  lude  "si  eve  . h" 

# i f d e f MSDOS 
//include  "bnimem.h" 
ft  e n d i f 


//include  "kludge. h" 

/* 

* Each  array  stores  potential  primes  as  1 bits  in  little-endian  bytes. 

* Bit  k in  an  array  represents  a + k*b,  for  some  parameters  a and  b 

* of  the  sieve.  Currently,  b is  hardcoded  to  2. 

* 

* Various  factors  of  16  arise  because  these  are  all  *byte*  sizes,  and 

* skipping  even  numbers,  16  numbers  fit  into  a byte's  worth  of  bitmap 

* / 


/* 

* The  first  number  in  the  small  prime  sieve.  This  could  be  raised  to 

* 3 if  you  want  to  squeeze  bytes  out  aggressively  for  a smaller  SMALL 

* table,  and  doing  so  would  let  one  more  prime  into  the  end  of  the  array, 

* but  there  is  no  sense  making  it  larger  if  you're  generating  small 

* primes  up  to  the  limit  if  2*16,  since  it  doesn't  save  any  memory  and 

* would  require  extra  code  to  ignore  65537  in  the  last  byte,  which  is 

* over  the  16-bit  limit. 

*/ 

//define  SMALLSTART  1 
/* 

* Size  of  sieve  used  to  find  large  primes,  in  bytes.  For  compatibility 

* with  16-bit-int  systems,  the  largest  prime  that  can  appear  in  it, 

* SMALL  * 16  + SMALLSTART  - 2,  must  be  < 65536.  Since  65537  is  a prime, 

* this  is  the  absolute  maximum  table  size. 

*/ 

//define  SMALL  (65536/  1 6 ) 


/* 

* Compute  the  multiplicative  inverse  of  x,  modulo  mod,  using  the  extended 

* Euclidean  algorithm.  The  classical  E E A returns  two  results,  traditionally 

* named  s and  t,  but  only  one  (t)  is  needed  or  computed  here. 

* It  is  unrolled  twice  to  avoid  some  variable-swapping,  and  because  negating 

* t every  other  round  makes  all  the  number  positive  and  less  than  the 
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* modulus,  which  makes  fixed-length  arithmetic  easier. 

* 

* If  gcd(x,  mod)  !=  1,  then  this  will  return  0. 

★ / 

static  unsigned 

s i e v e M od I n v e r t ( u n s i g n e d x,  unsigned  mod) 

{ 

unsigned  y ; 
unsigned  tO,  t 1 ; 
unsigned  q; 

if  ( x <=  1 ) 

return  x;  / * 0 and  1 are  self-inverse  * / 

/ * 

* The  first  round  is  simplified  based  on  the 

* initial  conditions  tO  = 1 and  tl  = 0. 

*/ 

tl  = mod  / x; 
y = mod  / x; 
if  (y  <=  1 ) 

return  y ? mod  - tl  : 0; 

tO  = 1 ; 
do  { 

q=x/y; 
x = x % y ; 
tO  +=  q * tl; 
if  (x  <=  1 ) 

return  x ? tO  : 0; 
q = Y / x; 
y = y % x; 
tl  +=  q * tO; 

> while  (y  > 1); 
return  y ? mod  - tl  : 0; 

> 


/ * 

* Perform  a single  sieving  operation  on  an  array.  Clear  bits  "start", 

* "start  + step",  " s t a r t + 2 * s t e p " , etc.  from  the  array,  up  to  the  size 

* limit  (in  BYTES)  "size".  All  of  the  arguments  must  fit  into  16  bits 

* for  portability. 

* 

* This  is  the  core  of  the  sieving  operation.  In  addition  to  being 

* called  from  the  sieving  functions,  it  is  useful  to  call  directly  if, 

* say,  you  want  to  exclude  primes  congruent  to  1 mod  3,  or  whatever. 

* (Although  in  that  case,  it  would  be  better  to  change  the  sieving  to 

* use  a step  size  of  6 and  start  ==  5 (mod  6).) 

* 

* Originally,  this  was  inlined  in  the  code  below  (with  various  checks 

* turned  off  where  they  could  be  inferred  from  the  environment),  but  it 

* turns  out  that  all  the  sieving  is  so  fast  that  it  makes  a negligible 

* speed  difference  and  smaller,  cleaner  code  was  preferred. 

* 

* Rather  than  increment  a bit  index  through  the  array  and  clear 

* the  corresponding  bit,  this  code  takes  advantage  of  the  fact  that 

* every  eighth  increment  must  use  the  same  bit  position  in  a byte. 

* I.e.  start  + k*step  ==  start  + (k+8)*step  (mod  8).  Thus,  a bitmask 

* can  be  computed  only  eight  times  and  used  for  all  multiples.  Thus,  the 
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* outer  Loop  is  over  (k  mod  8)  while  the  inner  Loop  is  over  (k  div  8). 

* 

* The  only  further  trickiness  is  that  this  code  is  designed  to  accept 

* start,  step,  and  size  up  to  65535  on  16-bit  machines.  On  such  a 

* machine,  the  computation  "start+step"  can  overflow,  so  we  need  to 

* insert  an  extra  check  for  that  situation. 

*/ 

void 

sieveSingleCunsigned  char  * a r r a y , unsigned  size,  unsigned  start,  unsigned  step) 

unsigned  bit; 
unsigned  char  mask; 
unsigned  i; 


# i f 


U I N T_M  A X < Oxlffff 

/*  Unsigned  is  small;  add  checks  for  wrap  */ 
for  (bit  = 0;  bit  < 8;  bit++)  { 
i = start/8; 
if  (i  >=  size) 
break; 

mask  = ~(1  <<  (start  & 7 ) ) ; 
do  { 


> 


arrayCi]  8=  mask; 
i + = step; 

> while  (i  >=  step  & & i < size); 
start  +=  step; 

if  (start  < step)  /*  Overflow  test 

break; 


//else 


/*  Unsigned  has  the  range  - no  overflow  possible 
for  (bit  = 0;  bit  < 8;  bit++)  { 
i = start/8; 
if  ( i >=  size) 
break; 

mask  = ~(1  <<  (start  & 7 ) ) ; 

do  { 

arrayCi]  &=  mask; 
i + = step; 

} while  (i  < size); 
start  +=  step; 

> 

# e n d i f 

> 


* / 


*/ 


/* 

* Returns  the  index  of  the  next  bit  set  in  the  given  array.  The  search 

* begins  after  the  specified  bit,  so  if  you  care  about  bit  0,  you  need 

* to  check  it  explicitly  yourself.  This  returns  0 if  no  bits  are  found. 

* 

* Note  that  the  size  is  in  bytes,  and  that  it  takes  and  returns  BIT 

* positions.  If  the  array  represents  odd  numbers  only,  as  usual,  the 

* returned  values  must  be  doubled  to  turn  them  into  offsets  from  the 

* initial  number. 

*/ 

unsigned 

s i e ve S ea r c h ( un s i gned  char  const  *array,  unsigned  size,  unsigned  start) 

{ 

unsigned  i;  /*  Loop  index  */ 
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unsigned  char  t ; / * Temp  * / 

if  (!++ start) 

return  0 ; 
i = start/8; 
if  (i  >=  size) 

return  0;  /*  Done!  */ 


/* 
i f 


> 


Deal  with  odd-bit  beginnings  =>  search  the  first  byte  */ 
(start  8 7)  { 

t = arraybi++D  >>  (start  & 7 ) ; 
if  ( t ) { 


i f 

( ! 

! ( t 

& 15)) 

{ 

t >>  = 

4; 

start 

+= 

4; 

> 

i f 

( ! 

! (t 

8 3)  ) 

{ 

t >>  = 

2; 

start 

+= 

2; 

> 

i f 

( ! 

! ( t 

8 1)) 

start 

+= 

1; 

return 

start; 

f 

( i 

= = 

size) 

{ 

return 

0; 

/ * 

/* 

Now  the  main 

search 

loop  * / 

d o 

{ 

if  ( ( t 

= arrayl 

i ] ) ! = 

0) 

{ 

start  = 

8*  i ; 

if  ( ! ( t 

8 15)) 

{ 

II 

A 

A 

4; 

start 

+ = 

4; 

> 

if  ( ! (t 

8 3)) 

{ 

t >>  = 

2; 

start 

+ = 

2; 

> 

if  ( ! ( t 

8 1 ) ) 

start 

+ = 

1; 

return 

start; 

> 

} 

while  ( ++ i < 

size); 

/* 

Failed  * / 

return  0; 

/ * 

* Build  a table  of  small  primes  for  sieving  larger  primes  with.  This 

* could  be  cached  between  calls  to  sieveBuild,  but  it's  so  fast  that 

* it's  really  not  worth  it.  This  code  takes  a few  milliseconds  to  run. 
*/ 

static  void 

s i e v e S ma  l l ( u n s i g n e d char  *array,  unsigned  size) 
t 
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unsigned  i ; 

/ 

* Loop 

index  * / 

unsigned  p; 

/ 

* The 

current  prime 

/ * Initialize 

t 0 

all  Is  * 

/ 

memset(array. 

OxFF,  size) 

/ 

ft  i f SMALLSTART  ==  1 

/ * Mark  1 as 

NOT 

prime  * / 

arraylO]  = Oxfe; 

i = 1;  / * Index 

of  first 

prime 

*/ 

ft  e l s e 

i - 0;  / * Index 

of  first 

prime 

*/ 

/* 

* 

* 

* 

* 

* 

* 

* 

* 

* 

* 

* 

* 

*/ 
d o 


Okay,  now  sieve  via  the  primes  up  to  256,  obtained  from  the 
table  itself.  We  know  the  maximum  possible  table  size  is 
65  536,  and  s i e v e S i n g l e ( ) can  cope  with  out-of-range  inputs 
safely,  and  the  time  required  is  trivial,  so  it  isn't  adaptive 
based  on  the  array  size. 

Convert  each  bit  position  into  a prime,  compute  a starting 
sieve  position  (the  square  of  the  prime),  and  remove  multiples 
from  the  table,  using  sieveSingleC).  I used  to  have  that 
code  in  line  here,  but  the  speed  difference  was  so  small  it 
wasn't  worth  it.  If  a compiler  really  wants  to  waste  memory, 
it  can  inline  it. 


p = 2 

if  ( p 


* 

> 


i + SMALLSTART; 
256  ) 
break; 

/*  Start  at  square  of  p 
sieveSinglelarray,  size 


*/ 


( p*p-SMALLSTART  ) / 2 , p); 


> while  ( i ) ; 


/*  And  find  the  next  prime  */ 
i = sieveSearchCarray,  16,  i); 


/* 

* This  is  the  primary  sieving  function.  It  fills  in  the  array  with 

* a sieve  (multiples  of  small  primes  removed)  beginning  at  bn  and 

* proceeding  in  steps  of  "step". 

* 

* It  generates  a small  array  to  get  the  primes  to  sieve  by.  It's 

* generated  on  the  fly  - sieveSmall  is  fast  enough  to  make  that 

* perfectly  acceptable. 

* 

* The  caller  should  take  the  array,  walk  it  with  sieveSearch,  and 

* apply  a stronger  primality  test  to  the  numbers  that  are  returned. 

* 

* If  the  "dbl"  flag  non-zero  (at  least  1),  this  also  sieves  2*bn+1,  in 

* steps  of  2*step.  If  dbl  is  2 or  more,  this  also  sieve  4*bn+3, 

* in  steps  of  4*step,  and  so  on  for  arbitrarily  high  values  of  "dbl". 

* This  is  convenient  for  finding  primes  such  that  ( p — 1 ) / 2 is  also  prime. 

* This  is  particularly  efficient  because  sieveSingle  is  controlled  by  the 

* parameter  s = -n/step  (mod  p).  (In  fact,  we  find  t = -1/step  (mod  p) 


477 


Iib/bn/ sieve. c 


* and  multiply  that  by  n (mod  p).)  If  you  have  -n/step  (mod  p),  then 

* finding  - ( 2 * n + 1 ) / ( 2* s t ep  ) (mod  p),  which  is  -n/step  - 1/(2*step)  (mod  p), 

* reduces  to  finding  -1/(2*step)  (mod  p),  or  t/2  (mod  p),  and  adding  that 

* to  s = -n/step  (mod  p).  Dividing  by  2 modulo  an  odd  p is  easy  - 

* if  even,  divide  directly.  Otherwise,  add  p (which  produces  an  even 

* sum),  and  divide  by  2.  Very  simple.  And  this  produces  s'  and  t' 

* for  step'  = 2*step.  It  can  be  repeated  for  step''  = 4*step  and  so  on. 

* 

* Note  that  some  of  the  math  is  complicated  by  the  fact  that  2 * p might 

* not  fit  into  an  unsigned,  so  rather  than  if  (odd(x))  x = ( x + p ) / 2 , 

* we  do  if  (odd(x))  x = x/2  + p/2  + 1; 

* 

* TODO:  Do  the  d o u b l e - s i e v i n g by  sieving  the  larger  number,  and  then 

* just  subtract  one  from  the  remainder  to  get  the  other  parameter. 

* ( bn-1 ) / 2 is  divisible  by  an  odd  p iff  bn-1  is  divisible,  which  is 

* true  iff  bn  ==  1 mod  p.  This  requires  using  a step  size  of  4. 

*/ 

i n t 

s i e v e B u i l d ( u n s i g n e d char  *array,  unsigned  size,  struct  BigNum  const  *bn, 
unsigned  step,  unsigned  dbl) 

{ 


# i f d e f 

# e l s e 

# e n d i f 


unsigned 

unsigned 

unsigned 

unsigned 

MSDOS 

unsigned 


i/  j ; 

/* 

Loop 

index  */ 

p; 

/* 

Current  small 

s; 

/* 

Where 

to  start 

t; 

/* 

Step 

modulo  p. 

/*  Use  dynamic  allocation 
char  * small; 


prime  * / 
operations 
the  current 
rather  than 


unsigned  char  smallCSMALL]; 


n the  big  sieve 
prime  * / 
on  the  stack  * / 


*/ 


assert(array); 


U i f d e f 


tfe  nd  i f 


MSDOS 

small  = bniMemAl  loc(SMALL);  / * Which 

if  (Ismail) 

return  -1;  /*  Failed  */ 


al  locator? 


Not  secure.  * / 


/ * 

* An  odd  step  is  a special  case,  since  we  must  sieve  by  2, 

* which  isn't  in  the  small  prime  array  and  has  a few  other 

* special  properties.  These  are: 

* - Since  the  numbers  are  stored  in  binary,  we  don't  need  to 

* use  bnModQ  to  find  the  remainder. 

* - If  step  is  odd,  then  t = step  % 2 is  1,  which  allows 

* the  elimination  of  a lot  of  math.  Inverting  and  negating 

* t don't  change  it,  and  multiplying  s by  1 is  a no-op, 

* so  t isn't  actually  mentioned. 

* - Since  this  is  the  first  sieving,  instead  of  calling 

* sieveSingle,  we  can  just  use  memset  to  fill  the  array 

* with  0x55  or  OxAA.  Since  a 1 bit  means  possible  prime 

* (i.e.  NOT  divisible  by  2),  and  the  least  significant  bit 

* is  first,  if  bn  % 2 ==  0,  we  use  OxAA  (bit  0 = bn  i s NOT 

* prime),  while  i f bn  % 2 ==  1,  use  0x55. 

* (If  step  is  even,  bn  must  be  odd,  so  fill  the  array  with  OxFF.) 

* - Any  doublings  need  not  be  considered,  since  2*bn+1  is  odd,  and 

* 2*step  is  even,  so  none  of  these  numbers  are  divisible  by  2. 

*/ 
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if  (step  & 1)  { 

s = bnLSWord(bn)  S 1 ; 
memsetCarray,  OxAA  >>  s , size); 

} else  { 

/*  Initialize  the  array  to  all  1's  */ 
memsetCarray,  255,  size); 
assert (bnLSWord(bn)  S 1); 

> 


/* 

* This  could  be  cached  between  calls  to  sieveBuild,  but 

* it's  really  not  worth  it;  sieveSmall  is  *very*  fast. 

* sieveSmall  returns  a sieve  of  odd  primes. 

*/ 

s i e veSma l l ( sma  l l , SMALL); 


/* 

* Okay,  now  sieve  via  the  primes  up  to  s s i z e * 1 6 + S M A L L S T A R T- 1 , 

* obtained  from  the  small  table. 

* / 

i = ( sma  l l C 0 ] & 1)  ? 0 : sieveSearchCsmall,  SMALL,  0); 
do  { 

p = 2 * i + SMALLSTART; 

/ * 

* Modulo  is  usually  very  expensive,  but  step  is  usually 

* small,  so  this  conditional  is  worth  it. 

*/ 

t = (step  < p)  ? step  : step  / p; 
if  (it)  ( 

/* 

* Instead  of  assert  failing,  returning  all  zero 

* bits  is  the  "correct"  thing  to  do,  but  I think 

* that  the  caller  should  take  care  of  that 

* themselves  before  starting. 

*/ 

assert(bnModQ(bn,  p)  !=  0); 
continue; 

} 

/ * 

* Get  inverse  of  step  mod  p.  0 < t < p,  and  p is  prime, 

* so  it  has  an  inverse  and  si  eveModlnvert  can't  return  0. 
*/ 

t = s i e v e Mod  I n v e r t ( t , p); 
assert(t); 

/*  Negate  t,  so  now  t ==  -1/step  (mod  p)  */ 
t = p - t; 

/*  Now  get  the  bignum  modulo  the  prime.  */ 
s = bnModGKbn,  p); 


/*  Multiply  by  t,  the  negative  inverse  of  step  size 
#if  U I NT_MAX / Ox f f f f < Oxffff 

s = (unsigned)(((unsigned  long)s  * t)  % p); 


ft  e l s e 


ft  e nd  i f 


s=(s*t)%p; 


*/ 


/*  s is  now  the  starting  bit  position,  so  sieve  */ 
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sieveSingletarray,  size,  s,  p ) ; 


/*  Now  do  the  double  sieves  as  desired.  */ 
for  (j  = 0;  j < dbl;  j + + ) { 

/*  Halve  t modulo  p */ 

#if  U I N T_M  A X < Oxlffff 

t = (t  8 1 ) ? p/2  + t/2  + 1 : t/2; 

/*  Add  t to  s,  modulo  p with  overflow 
s +=  t ; 

if  (s>=p  ||  s < t ) 


//else 


s -=  p; 
if  (t  S 1 ) 

t +=  p; 

t /=  2; 

/*  Add  t to  s,  modulo  p */ 
s + = t ; 
if  ( s >=  p ) 


U e n d i f 


> 


s -=  p; 

sieveSingletarray,  size,  s,  p); 


checks. 


*/ 


/*  And  find  the  next  prime  */ 

> while  ( ( i = sieveSearchtsmall,  SMALL,  i))  !=  0); 


# i f d e f 
U e n d i f 
> 


MSDOS 

bniMemFreetsmall,  SMALL); 
return  0;  /*  Success 


*/ 


/ * 

* Similar  to  the  above,  but  use  "step"  (which  must  be  even)  as  a step 

* size  rather  than  a fixed  value  of  2.  If  "step"  has  any  small  divisors 

* other  than  2,  this  will  blow  up. 

* 


* Returns  -1  on  out  of  memory  (MSDOS  only,  actually),  and  -2 

* if  step  is  found  to  be  non-prime. 

* / 


i n t 

s i e v e B u i l d B i g ( u n s i g n e d char  *array,  unsigned  size,  struct  BigNum  const  *bn, 
struct  BigNum  const  *step,  unsigned  dbl) 

{ 


# i f d e f 

# e l s e 


unsigned  i,  j; 
unsigned  p; 
unsigned  s; 
unsigned  t ; 

MSDOS  /*  Use 
unsigned  char 


/ * Loop  index  */ 

/*  Current  small  prime  */ 

/*  Where  to  start  operations 
/*  step  modulo  p,  the  current 
dynamic  allocation  rather  than 
* small; 


n the  big  sieve 
prime  * / 
on  the  stack  */ 


*/ 


unsigned  char  sma  l l C SMALL]  ; 

//end  i f 


a s s e r t ( a r r a y ) ; 

# i f d e f MSDOS 

small  = bniMemAlloc(SMALL);  / * Which  allocator?  Not  secure.  */ 

if  (Ismail) 
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ft  e nd  i f 


return  -1;  / * Failed  * / 


/ * 

* An  odd  step  is  a special  case,  since  we  must  sieve  by  2, 

* which  isn't  in  the  small  prime  array  and  has  a few  other 

* special  properties.  These  are: 

* - Since  the  numbers  are  stored  in  binary,  we  don't  need  to 

* use  b n M o d Q to  find  the  remainder. 

* - If  step  is  odd,  then  t = step  % 2 is  1,  which  allows 

* the  elimination  of  a lot  of  math.  Inverting  and  negating 

* t don't  change  it,  and  multiplying  s by  1 is  a no-op, 

* so  t isn't  actually  mentioned. 

* - Since  this  is  the  first  sieving,  instead  of  calling 

* sieveSingle,  we  can  just  use  memset  to  fill  the  array 

* with  0x55  or  OxAA.  Since  a 1 bit  means  possible  prime 

* (i.e.  NOT  divisible  by  2),  and  the  least  significant  bit 

* is  first,  i f bn  % 2 ==  0,  we  use  OxAA  (bit  0 = bn  is  NOT 

* prime),  while  if  bn  % 2 ==  1,  use  0x55. 

* (If  step  is  even,  bn  must  be  odd,  so  fill  the  array  with 

* - Any  doublings  need  not  be  considered,  since  2*bn+1  is  odd 

* 2*step  is  even,  so  none  of  these  numbers  are  divisible  by 
*/ 

if  ( bn L S Wo r d ( s t e p ) & 1)  { 

s = bnLSWord(bn)  & 1; 
memsettarray,  OxAA  >>  s,  size); 

> else  { 

/*  Initialize  the  array  to  all  1's  */ 
memset(array,  255,  size); 
assert(bnLSWord(bn)  & 1); 


/* 

* This  could  be  cached  between  calls  to  sieveBuild,  but 

* it's  really  not  worth  it;  sieveSmall  is  * v e r y * fast. 

* sieveSmall  returns  a sieve  of  the  odd  primes. 

*/ 

sieveSma l l (smal  l,  SMALL); 


/ * 

* Okay,  now  sieve  via  the  primes  up  to  s s i z e * 1 6 + S M A L L S T A R T- 1 , 

* obtained  from  the  small  table. 

* / 

i = (smallCOO  S 1)  ? 0 : si eveSearch(smal  l,  SMALL,  0); 
do  { 

p = 2 * i + SMALLSTART; 

t = bnModGKstep,  p); 
if  ( ! t ) { 

assert(bnModQ(bn,  p)  !=  0); 
continue; 

} 

/*  Get  negative  inverse  of  step  */ 
t = sieveMcdInvert(bnModQ(step,  p),  p); 
assert(t); 
t = p-t; 

/*  Okay,  we  have  a prime  - get  the  remainder  */ 
s = bnModGKbn,  p); 


Ox  F F . ) 
, and 
2 . 
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# if  U I N T_M  A X < 

/*  Now  multiply  s by  the  negative  inverse  of  step  (mod  p)  */ 
Oxffff  * Oxffff 

U e l s e 

s = (unsigned)  ( ( (unsigned  long)s  * t)  % p ) ; 

# end  i f 

s = ( s * t ) %p; 

/*  We  now  have  the  starting  bit  pos  */ 
sieveSingle(array,  size,  s,  p ) ; 

# it  U I N T_M  A X < 

/*  Now  do  the  double  sieves  as  desired.  */ 
for  (j  = 0;  j < dbl;  j + + ) { 

/*  Halve  t modulo  p */ 

0x1 f f f f 

t = ( t & 1 ) ? p/2  + t/2  + 1 : t / 2 ; 

/*  Add  t to  s,  modulo  p with  overflow  checks.  */ 
s +=  t ; 

if  (s>=p  ||  s<t) 

# e l s e 

s -=  p; 

if  ( t S 1 ) 

t +=  p; 

t /=  2; 

/*  Add  t to  s,  modulo  p */ 
s + = t ; 
if  ( s >=  p ) 

ft  e n d i f 

s -=  p; 

sieveSingle(array,  size,  s,  p); 

> 

/*  And  find  the  next  prime  */ 

> while  ( ( i = sieveSearch(small,  SMALL,  i))  !=  0); 

# i f d e f MSDOS 

bniMemFreeCsmall,  SMALL); 

U e nd  i f 

return  0;  / * Success  * / 

> 
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sieve.h 


/ ★ 

* sieve.h  - Trial  division  for  prime  finding. 

★ 

* This  is  generally  not  intended  for  direct  use  by  a user  of 

* the  prime,  c and  dhprime.c  functions,  are  more  likely  to  be 

* However,  a special  application  may  need  these. 

* 

* $Id:  sieve. h,v  1.10.2.1  1996/11/14  04:09:24  cbertsch  Exp  $ 

* / 

struct  BigNum; 

# i f n d e f T Y P E_B I G N U M 

#define  T Y P E_B I G N U M 1 

typedef  struct  BigNum  BigNum; 

# e nd i f 


the  library; 
used. 


/*  Remove  multiples  of  a single  number  from  the  sieve  */ 
void 

sieveSingleCunsigned  char  * a r r a y , unsigned  size,  unsigned  start, 
unsigned  step); 

/*  Build  a sieve  starting  at  the  number  and  incrementing  by  "step".  */ 
int  sieveBui IdCunsigned  char  *array,  unsigned  size,  struct  BigNum  const  *bn, 
unsigned  step,  unsigned  dbl); 

/*  Similar,  but  uses  a > 1 6 — b i t step  size  */ 

1 n t sieveBui  IdBigCunsigned  char  *array,  unsigned  size,  struct  BigNum  const  *bn, 
struct  BigNum  const  *step,  unsigned  dbl); 

/*  Return  the  next  bit  set  in  the  sieve  (or  0 on  failure)  */ 
unsigned  s i e v e S e a r c h ( u n s i g n e d char  const  *array,  unsigned  size, 
unsigned  start); 
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lib/ pgp/.cvsignore 

.cvs  ignore 

Makef i le  LIBDONE 


lib/ pgp/Makefile.in 


Makefile.in 

n 

# l i b / pg p 

# 

U $Id:  Ma k e 1 i L e . i n , v 1.2  1 996/1  1 /1  2 01:42:54  mhw  Exp  $ 

# 

L I B D 0 N E = h e l p e r / D 0 N E compress/DONE  hash/DONE  cipher/DONE  random/DONE  \ 
pubkey/DONE  pipe/LIBDONE  utils/DONE  keys/DONE 
S UB D I R S = i n c L ud e helper  compress  hash  cipher  random  pubkey  pipe  utils  \ 
keys 

INSTALLLIBS  = $(PGPLIB) 

LIBTARGET  = $(PGPLIB) 

LIBTDEPS  = LIBDONE 

all::  $(PGPLIB) 

very-clean:  : 

$ ( R M ) $(PGPLIB)  ../$(PGPLIB) 


486 


lib/ pgp/ makefile. msc 


makefile.msc 

! include  "makefi 

all  check  clean 
for  %d  i 


l e . i n " 

depend  headers  install  very-clean:: 
n ( $(SUBDIRS)  ) do  \ 

cd  %d  SS  $ ( M A K E ) / $ ( MAKE  F LAGS ) /f  makefile.msc  $3  &&  cd  .. 
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cipher/ 


. 


- 


.cvsignore 

Makef i Le  DONE 


lib/ pgp/ cipher/,  cvsignore 


lib/ pgp/cipher/Makefile.in 

Makefile.in 

u 

# lib/cipher 
ft 

U $Id:  Ma ke f i l e . i n , v 1.8  1 996/  1 1 / 1 2 02  : 1 7:23  mhw  Exp  $ 

# 

OBJS=  cfb.o  cipher. o idea.o  des3.o 

PUBHDRS=  cfb.h  cipher. h 

PRIVHDRS= 

all::  DONE 
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makefile.msc 

PGPLIB=  . . \. -\pgplib.  Lib 

C FLAGS  = -I  . . \ . . \ . . \ i nc L ude  - 1 . . \ . . \ i n c L u d e \ 

-DHAVE_C0NFIG_H=1  $(DEBUG) 

all::  Lib 

headers:  incl 


line lude  "makef i le  . i n" 
incl: 


if  not  " $ ( PUBHDRS ) "==" " \ 

for  %f  in  ( $(PUBHDRS)  ) do  copy  %f  . 
if  not  " $ ( PR  I VHDR S ) "=  = " " \ 

for  %f  in  ( S(PRIVHDRS)  ) do  copy  %f 


D0S0BJSX: 
DOSOB J S = 
lib: 


$ ( DOSOB J S ) 


$(0BJS:  . o = . o b j ) 

$ ( DOSOBJ  SX : uni x = wi n32  ) 


.\. .\. .\include\pgp 
. .\. .\include 


. c . o b j : 

$(CC)  $(CFLAGS)  -17  -c  $< 

# lib  / out :$(PGPLIB)  $(PGPLIB)  $*.obj 

clean: 

del  * . o b j 

DONE  : 

if  exist  $(PGPLIB)  lib/out:$(PGPLIB)  $(PGPLIB)  $(D0S0BJS) 
if  not  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(D0S0BJS) 
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cfb.c 


/ * 

* cfb.c  - generic  cipher  feedback  encryption,  using  cipher. h ciphers. 

★ 

* $Id:  cfb.c, v 1.16  1996/11/12  02:17:23  mhw  Exp  $ 

* / 


# i f d e f HAVE  CONFIG  H 


# i n c L ud  e 
#end  i f 

"config.h" 

^include 

<assert . h> 

# i nc  L ude 

<s  t r i ng  . h> 

^include 

" cf b . h " 

//include 

" c i p h e r . h " 

//include 

"pgp/pgpmem.h" 

//include 

"pgp/usuals . h" 

/* 

* I n i t i a 

lize  context. 

* If  key 

is  NULL,  the  current 

key 

* if  i v 
*/ 

is  NULL,  the  IV  is  set 

t 0 

is  not  changed, 
all  zero. 


void 

pg p C f b I n i t ( s t r u c t Pg p C f b C o n t e x t *cfb,  byte  const  *key, 
{ 


byte  const  * i v ) 


assert(cfb); 
assert(cfb->ci  p h e r ) ; 
if  (key) 

pgpCipherKey(cfb->cipher,  key); 
mem s e t ( c f b-> i v , 0,  s i z e o f ( c f b-> i v ) ) ; 
if  ( i v ) 

memcpy(cfb->iv,  iv,  cfb->cipher->cipher->blocksize); 
cfb->bufleft  = 0; 

> 


void 

pg p C f bW i pe ( s t r u c t Pg p C f b C on t ex t *cfb) 

{ 

struct  PgpCipherContext  * c i p h e r ; 

if  ( ! cf b) 

return; 

cipher  = cfb->cipher; 
if  (cipher) 

pgpCipherWipe  (cipher); 

memset ( cf b,  0,  s i z e o f ( * c f b ) ) ; 
cfb->cipher  = cipher; 

> 

struct  Pg p C f b C o n t e x t * 

pg p C f b C r e a t e ( s t r u c t PgpCipher  const  *c) 

C 

struct  PgpCfbContext  * c f b ; 
struct  PgpCipherContext  * c i p h e r ; 
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if  ( c->b L ocks i ze  > PG P_C F B_M AX B LO C KS I Z E ) 
return  0 ; 

cfb  - (struct  P g p C f b C o n t e x t * ) pg pMem A l L o c ( s i z e o f ( * c f b ) ) ; 
if  ( c f b ) { 

cipher  = pgpCipherCreate(c); 
if  (cipher)  { 

memset  (cfb,  0,  sizeof  ( * c f b ) ) ; 
cfb->cipher  = cipher; 
return  cfb; 

> 

pgpMemFree(cfb); 

> 

return  0; 

> 

struct  PgpCf bContext  * 

pgpCfbCopy  (struct  Pg p C f b C o n t e x t const  *cfb) 

{ 

struct  PgpCfbContext  * n e w c f b ; 
struct  PgpCipherContext  * c i p h e r ; 

if  ( ! c f b ) 

return  NULL; 

newcfb  = (struct  PgpCfbContext  * ) p g pM e m A L L o c (sizeof  (*newcfb))  • 
if  ( ! newcfb) 

return  NULL; 

cipher  = pgpCipherCopy  (cfb->cipher); 
if  (Icipher)  { 

pgpMemFree  (newcfb); 
return  NULL; 

> 

memcpy  (newcfb,  cfb,  sizeof  (*cfb)); 
newcfb->cipher  = cipher; 
return  newcfb; 

} 

void 

pgpC f bDes t roy ( s t rue t PgpCfbContext  *cfb) 

{ 

if  (cfb)  f 

if  (cfb->cipher)  { 

pgpCipherDestroy(cfb->cipher); 
cfb->cipher  = NULL; 

> 

pgpCfbWipe(cfb); 

pgpMemFree(cfb); 

> 

> 

/* 

* Encrypt  a buffer  of  data,  using  a block  cipher  in  CFB  mode. 

* There  are  more  compact  ways  of  writing  this,  but  this  is 

* written  for  speed. 

* / 

void 
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pg p C f b E n c r y p t ( s t r u c t P g p C f b C o n t e x t * c f b , byte  const  *src,  byte 


unsigned  blocksize  = cfb->cipher->cipher->blocksize; 

unsigned  bufleft  = cfb->bufleft; 

byte  * b u f p t r = c f b - > i v + blocksize-bufleft; 


*des t , 


assert(cfb)  ; 
assert(cfb->cipher); 


/ * 

* If  there  are  no  more  bytes  to  encrypt  that  there  are  bytes 

* in  the  buffer,  XOR  them  in  and  return. 

*/ 

if  (Len  <=  bufleft)  { 

cfb->bufleft  = bufleft  - len; 
while  (le  n — ) { 

*dest++  = *bufptr++  A=  * s r c + + ; 

> 

return; 

> 

len  -=  bufleft; 

/*  Encrypt  the  first  bufleft  (0  to  7)  bytes  of  the  input  by  XOR 

* with  the  last  bufleft  bytes  in  the  iv  buffer. 

*/ 

while  (bufleft  — ) { 

* d e s t + + = (*bufptr++  A=  * s r c + + ) ; 

> 

/*  Encrypt  middle  blocks  of  the  input  by  cranking  the  cipher, 

* XORing  b l o c k s i z e - by t e blocks,  and  repeating  until  the  len 

* is  blocksize  or  less. 

* / 

while  (len  > blocksize)  { 
bufptr  = cfb->iv; 

memcpy(cfb->prev,  bufptr,  blocksize); 
pgpCipherEncrypt(cfb->cipher,  bufptr,  bufptr)  ; 
bufleft  = blocksize; 
len  -=  blocksize; 
do  { 

*dest++  = (*bufptr++  A=  *src++); 

> while  (--bufleft); 

> 

/*  Do  the  last  1 to  blocksize  bytes  */ 
bufptr  = cfb->iv; 

memcpy(cf b->prev,  bufptr,  blocksize); 
pg p C i p h e r E n c r y p t ( c f b-> c i p h e r , bufptr,  bufptr); 
cfb->bufleft  = blocksize-len; 
do  { 

*dest++  = (*bufptr++  A=  *src++); 

> while  (--len); 

> 


/ * 

* Decrypt  a buffer  of  data,  using  a cipher  in  CFB  mode. 

* There  are  more  compact  ways  of  writing  this,  but  this  is 

* written  for  speed. 

* / 

void 
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p g p C f b D e c r y p t ( s t r u c t Pg p C f b C on t e x t *cfb,  byte  const  *src,  byte 


unsigned  blocksize  - cfb->cipher->cipher->blocksize; 
unsigned  bufleft  = cfb->bufleft; 
static  byte  *bufptr; 
byte  t ; 


*de  s t , 


assert(cfb); 

assert(cfb->cipher); 


} 


bufptr  = cfb->iv  + (blocksize-bufleft); 
if  (Len  <=  bufleft)  { 

cfb->bufleft  = bufleft  - len; 
while  (len--)  { 

t = *bufptr; 

*dest++  = t A (*bufptr++  = *src++) ; 

> 


return; 

> 

len  -=  bufleft; 
while  (bufleft--)  { 
t = * bu  f p t r ; 

*dest++  = t A (*bufptr++  = *src++); 

> 

while  (len  > blocksize)  t 
bufptr  = cfb->iv; 
memcpy(cfb->prev,  bufptr,  8); 

pgpCipherEncrypt(cfb->cipher,  bufptr,  bufptr); 
bufleft  = blocksize; 
len  -=  blocksize; 
do  { 

t = *bufptr; 

* d e s t + + = t A (*bufptr++  = *src++); 

> while  (--bufleft); 

> 

bufptr  = cfb->iv; 

memcpy(cfb->prev,  bufptr,  blocksize); 
pgpCipherEncrypt(cfb->cipher,  bufptr,  bufptr); 
cfb->bufleft  = blocksize-len; 
do  -C 

t = *bufptr; 

*dest++  = t A (*bufptr++  = *src++); 

> while  (--len); 


/* 

* Okay,  explanation  time: 

* Phil  invented  a unique  way  of  doing  CFB  that's  sensitive  to  semantic 

* boundaries  within  the  data  being  encrypted.  One  way  to  phrase 

* CFB  e n / d e c r y p t i o n on  an  8-byte  block  cipher  is  to  say  that  you  XOR 

* the  current  8 bytes  with  C R Y PT ( p r e v i ou s 8 bytes  of  ciphertext). 

* Normally,  you  repeat  this  at  8-byte  intervals,  but  Phil  decided  to 

* resync  things  on  the  boundaries  between  elements  in  the  stream  being 

* enc  rypted . 

* 

* That  is,  the  last  4 bytes  of  a 12-byte  field  are  en/decrypted  using 

* the  first  4 bytes  of  C R Y PT ( p r e v i ou s 8 bytes  of  ciphertext),  but  then 

* the  last  4 bytes  of  that  CRYPT  computation  are  thrown  away,  and  the 
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* first  8 bytes  of  the  next  field  are  en/decrypted  using 

* CRYPTClast  8 bytes  of  ciphertext).  This  is  equivalent  to  using  a 

* shorter  feedback  length  (if  you're  familiar  with  the  general  CFB 

* technique)  briefly,  and  doesn't  weaken  the  cipher  any  (using  shorter 

* CFB  lengths  makes  it  stronger,  actually),  it  just  makes  it  a bit  unusual. 

* 

* Anyway,  to  accomodate  this  behaviour,  every  time  we  do  an 

* encrpytion  of  8 bytes  of  ciphertext  to  get  8 bytes  of  XOR  mask, 

* we  remember  the  ciphertext.  Then  if  we  have  to  resync  things 

* after  having  processed,  say,  2 bytes,  we  refill  the  iv  buffer 

* with  the  last  6 bytes  of  the  old  ciphertext  followed  by  the 

* 2 bytes  of  new  ciphertext  stored  in  the  front  of  the  iv  buffer. 

*/ 

void 

pgpCf bSync ( st ruct  Pg p C f b C o n t e x t *cfb) 

{ 

unsigned  blocksize  = cfb->cipher->cipher->blocksize; 
unsigned  bufleft  = cfb->bufleft; 

if  (bufleft)  { 

memmove(cfb->iv+bufleft,  cfb->iv,  blocksize-bufleft); 
memcpy(cfb->iv,  cfb->prev+blocksize-bufleft,  bufleft); 
cfb->bufleft  = 0; 

> 

> 

/* 

* Cryptographically  strong  pseudo-random-number  generator. 

* The  design  is  from  Appendix  C of  ANSI  X9.17,  "Financial 

* Institution  Key  Management  (Wholesale)",  with  IDEA 

* substituted  for  triple-DES. 

* 

* This  generates  one  block  (64  bits)  of  random  number  R,  based  on  a 

* key  K,  an  initial  vector  V,  and  a time-dependent  salt  I.  I need  not 

* be  truly  random,  but  should  differ  for  each  block  of  output  R,  and 

* contain  as  much  entropy  as  possible.  In  X9.17,  I is  enc rypt ( K, t i me ( ) ) , 

* where  timeO  is  the  most  accurate  time  available.  This  has  I supplied 

* (from  the  true  random  number  pool,  which  is  based  on  similar  information) 

* to  the  i d e a R a nd C y c l e function. 

* 

* The  operation  of  i dea RandCy c l e is  straight  from  X9.17:: 

* R = enc  rypt ( K,  VA I ) 

* V = encrypt(K,  R A I ) 

* 

* One  thing  worth  noting  is  that,  given  fixed  values  of  K and  V, 

* there  is  an  isomorphism  between  values  of  I and  values  of  R. 

* Thus,  R always  contains  at  least  as  much  entropy  as  is  in  I; 

* if  I is  truly  completely  random,  it  does  not  matter  if  K and/or  V 

* are  known.  Thus,  if  the  supplied  I (from  the  true  random  number  pool) 

* are  good,  the  output  of  this  is  good. 

*/ 


/ * 

* Fills  in  the  supplied  buffer  with  up  to  "count"  pseudo-random  bytes. 

* Returns  the  number  of  bytes  filled  in.  If  less  than  "count", 

* pgpC f bRandCyc l e will  need  to  be  called  with  a new  random  salt  value 

* before  more  bytes  are  available.  pg p C f b R a ndBy t e s will  return  0 until 

* that  is  done. 
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* / 

unsigned 

pgpCfbRandBytesCstruct  PgpCfbContext  * c f b , byte  * d e s t , unsigned  count) 

unsigned  bufleft  = c f b-> bu f L e f t ; 

if  (count  > bufleft) 

count  = bufleft; 
cfb->buf  left  = bufleft  - count; 

memcpy(dest,  cfb->prev+cfb->cipher->cipher->blocksize-bufleft,  count); 
return  count; 

> 


/* 

* Make  more  random  bytes  available  from  ideaRandBytes  using  the  X9.17 

* algorithm  and  the  supplied  random  salt.  Expects  " c f b-> c i p h e r-> b l o c k s i z e " 

* bytes  of  salt. 

*/ 

void 

p g p C f b R a n d C y c l e ( s t r u c t PgpCfbContext  *cfb,  byte  const  *salt) 


> 


unsigned  in- 
struct PgpCipherContext  * c i p h e r = cfb->cipher; 
unsigned  blocksize  = cipher->cipher->blocksize; 

for  (i  = 0;  i < blocksize;  i + + ) 
c f b-> i v C i ] A=  saltCi]; 

pgpCipherEncryptCcipher,  cfb->iv,  cfb->prev); 
for  (i  = 0;  i < blocksize;  i++) 

cfb->ivCiD  = cfb->prevCi]  A saltCiD; 
pgpCi pherEncrypt (ci pher,  cfb->iv,  cfb->iv); 
cfb->bufleft  = blocksize; 


/* 

* "Wash"  the  random  number  state  using  an  irreversible  transformation 

* based  on  the  input  buffer  and  the  previous  state. 

*/ 

void 

pgpC f bRandWa s h ( s t rue t PgpCfbContext  *cfb,  byte  const  *buf,  unsigned  len) 

struct  PgpCipherContext  * c i p h e r = cfb->cipher; 
unsigned  blocksize  = cipher->cipher->blocksize; 
unsigned  i,  j; 


/*  Wash  the  key  (if  supported)  */ 
if  ( c i p h e r-> c i ph e r-> wa s h ) 

pgpCipherWash(cipher,  buf,  len); 


/* 

* Wash  the  I V - a bit  ad-hoc,  but  it  works.  It's 

* basically  a CBC-MAC. 

* / 

for  (i  = j = 0;  i < len;  i++)  { 
cfb->ivCj]  A=  b u f C i D ; 
if  (++j  ==  blocksize)  f 

pgpCi pherEncrypt(cipher,  cfb->iv,  cfb->iv); 
j = 0; 

> 
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> 

/*  Pad  with  typical  CBC  padding  indicating  the  length  */ 
while  (j  < blocksize) 

cfb->iv[j++]  A=  (byte)len; 
pgpCipherEncryptlcipher,  c f b - > i v , cfb->iv); 

/ * Set  to  empty  */ 
cfb->bufleft  = 0; 
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cfb.h 

/* 

* cfb.h  --  a Cipher  FeedBack  abstraction. 

* 

* This  is  a Public  API  Function  Header 

ic 

* $ I d : cfb.h, v 1.1  1 1 996/1  1 /1  2 02:1  7:24  mhw  Exp  $ 
*/ 

//  i f nde  f PGP_CFB_H 
//define  PGP  CFB  H 


//include  " pg p / u s u a l s . h " 

struct  PgpCipher; 

# i f nde  f T Y P E_PG P C I P H E R 
//define  T Y P E_PG P C I P H E R 1 
typedef  struct  PgpCipher  PgpCipher; 
//  e nd  i f 


struct  PgpCipherContext; 

# i f n d e f T Y P E_PG P C I P H E R C 0 N T E X T 
//define  T Y P E_PG  P C I PH  E R C 0 N T E X T 1 

typedef  struct  PgpCipherContext  PgpCipherContext; 
//  e n d i f 


//define  P G P_C  F B_M  A X B L 0 C K S I Z E 20 
/* 

* This  structure  does  double  duty  for  CFB  encryption/decryption, 

* and  for  X9.17  random  number  generation. 

* 

* When  used  for  CFB,  ivC]  is  used  as  a circular  buffer.  bufleft  is 

* the  number  of  bytes  at  the  end  which  have  to  be  filled  in  before  we 

* crank  the  block  cipher  again.  We  do  the  block  cipher  operation 

* lazily:  bufleft  may  be  0.  When  we  need  one  more  byte,  we 

* crank  the  block  cipher  and  set  bufleft  to  7. 

* 

* prevUT  holds  the  previous  8 bytes  of  ciphertext,  for  use 

* by  i d e a C f b S y n c ( ) and  Phil's,  ahem,  unique  (not  insecure,  just 

* unusual)  way  of  doing  CFB  encryption. 

ic 

* When  used  for  X9.17  random  number  generation,  ivCD  holds  the  V initial 

* vector,  and  prevl]  holds  the  R random  output.  bufleft  indicates  how 

* much  of  R is  still  available  before  the  generator  has  to  be  cranked  again. 

* / 

struct  Pg p C f b C o n t e x t C 

struct  PgpCipherContext  *cipher; 
byte  prevCPGP_C  FB_MAX BLOCKS  I ZED; 
byte  i v C P G P_C  F B_M  AXBLOCKSIZEH; 
unsigned  bufleft; 

>; 

# i f n d e f T Y P E_PG P C F B C 0 N T E X T 
//define  T Y P E_PG  P C F B C 0 NT  E XT  1 

typedef  struct  PgpCfbContext  PgpCfbContext; 

Send  i f 

/*  Initialize  a PgpCfbContext  with  the  key  and  iv  */ 

void  pgpCfblnitCstruct  PgpCfbContext  *cfb,  byte  const  *key,  byte  const  *iv); 


499 


lib/ pgp/ cipher/ cfb.h 


/*  Clear  a Pg p C f b C o n t e x t of  its  data  */ 
void  pgpCfbWipeCstruct  PgpCfbContext  * c f b ) ; 


/*  Allocate  a new  PgpCfbContext  structure  */ 

struct  PgpCfbContext  *pgpCfbCreate(struct  PgpCipher  const  * c ) ; 


/*  Copy  an  allocated  PgpCfbContext  structure  */ 

struct  PgpCfbContext  *pgpCfbCopy  (struct  PgpCfbContext  const  * c f b ) ; 


/*  Free  an  allocated  PgpCfbContext  structure  */ 
void  pgpCfbDestroyCstruct  PgpCfbContext  *cfb); 


void 

void 

void 


pgpCfbEncryptCstruct 
s i z e_t 

pgpCfbDecryptCstruct 
size  t 


PgpCfbContext  *cfb, 
len); 

PgpCfbContext  *cfb, 
len); 


pg p C f b S y n c ( s t r u c t PgpCfbContext  *cfb) 


byte  const  *src, 
byte  const  *src, 


byte  *dest, 
byte  *dest. 


/*  Returns  as  many  bytes  as  are  available  before  more  salt  is  needed  */ 
unsigned  pgpCfbRandBytesCstruct  PgpCfbContext  * c f b , byte  *dest,  unsigned  len); 

/*  Supply  c f b-> c i p h e r-> c i p h e r-> b l o c k s i z e bytes  of  salt  */ 

void  pgpCfbRandCycleCstruct  PgpCfbContext  *cfb,  byte  const  * s a 1 1 ) ; 


/*  Wash  the  state  with  the  given  buffer  of  entropy.  */ 
void  pg p C f b Ra nd W a s h ( s t r u c t PgpCfbContext  *cfb,  byte  const 


*buf,  unsigned  len); 


# e n d i f /*  ! P G P CFB  H */ 
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cipher.c 

/* 

* cipher.c  - header  file  for  generic  block  ciphers 

★ 

* $ I d : cipher. c,v  1.1  9 1 996/1  1 /1  2 02:1  7:24  mhw  Exp  $ 

*/ 

#ifdef  H A V E_C  0 N F I G_H 
#include  "config.h" 

# e nd  i f 

^include  "cipher. h" 

# i n c l ud  e "des3.h" 

^include  "idea.h" 

/*# include  "nullciph.h"*/ 

#include  " pg p / pg pm em  . h " 

#include  " pgp/pgpenv  . h " 

static  struct  PgpCipher  const  * const  cipherListCD  = l 
NULL,  /*  ScipherNULL,  */ 

ScipherlDEA, 

&cipher3DES 

>; 

struct  PgpCipher  const  * 
p g p C i p h e r By N umbe r (unsigned  num) 

{ 

if  (num  >=  sizeof  (cipherList)  / sizeof  ( c i p h e r L i s t E 0 ] ) ) 
return  0; 

return  c i p h e r L i s t E n um  ] ; 

> 

/*  Look  up  a cipher  by  name  (of  any  use?  Anyway,  I wrote  it.  * / 
struct  PgpCipher  const  * 

pgpC i pherByName  (char  const  *name,  size_t  namelen) 

{ 

unsigned  i; 

struct  PgpCipher  const  *cipher; 

for  (i  = 0;  i < sizeof  (cipherList)  / sizeof  (cipherListEO]); 
cipher  = cipherListEiO; 

if  (cipher  SS  Imemcmp  (name,  cipher->name,  namelen)  && 
c i p h e r-> n a me E n a me  l e n ] ==  ' \ 0 ' ) 

return  cipher;  /*  That's  it.  */ 

> 

return  0;  /*  not  found  */ 

> 

void 

pg p C i p h e r W i p e ( s t r u c t Pg p C i p h e r C on t e x t *cc) 

C 

memset(cc->priv,  0,  c c -> c i p h e r-> c o n t e x t_s i z e ) ; 

> 

struct  Pg p C i p h e r C o n t e x t * 

pg p C i p h e r C r e a t e ( s t r u c t PgpCipher  const  *cipher) 

{ 

struct  PgpCipherContext  *cc; 
void  *priv; 


i + + ) { 
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priv  = pgpMemA  L L oc ( ci phe r->contex t_si ze) ; 
if  ( ! p r i v ) 

return  0; 

cc  = (struct  PgpCipherContext  *)pgpMemAlloc(sizeof(*cc)); 
i f ( ! c c ) { 

pgpMemFree(priv)  ; 
return  0 ; 

> 

memset  (priv,  0,  ci pher->context_si ze) ; 
cc->ci pher  = cipher; 
cc->priv  = priv; 
return  cc; 


struct  PgpCipherContext  * 

pg p C i p h e r C o py  (struct  PgpCipherContext  const  *cc) 
{ 

struct  PgpCipherContext  * n e w c c ; 


newcc  = pg p C i p h e r C r e a t e ( cc->ci pher); 
if  ( Inewcc) 

return  NULL; 

memcpy  (newcc->priv,  cc->priv,  c c ->  c i p h e r ->  c on  t ex  t__s  i z e ) ; 
return  newcc; 


void 

pg p C i p h e r D e s t r o y ( s t r u c t PgpCipherContext  *context) 
{ 

if  (context)  C 

pgpCipherWipe(context) ; 

pgpMemFree(context->priv); 

pgpMemFree(context); 

} 

> 


/ * 

* "Bulk"  refers  to  bulk  data.  "Key"  refers  to  other 

* keys  and  similar  small  things.  You  might  want  to 

* make  different  s p e e d / s e c u r i t y tradeoffs  for  the  two. 

* / 


struct  PgpCipher  const  * 

pg p C i p h e r D e f a u 1 1 B u l k ( s t r u c t PgpEnv  const  *env) 
{ 

return  p g p C i p h e r B y N umb e r ( p g p e n v G e t I n t 

> 


(env,  PGPENV_C I PHER, 
NULL,  NULL)); 


struct  PgpCipher  const  * 

pg p C i p h e r D e f a u l t Key ( s t r u c t PgpEnv  const  *env) 

{ 

return  p g p C i p h e r By N u m b e r ( p g p e n v G e t I n t 

> 


(env,  PGPENV_C I PHER, 
NULL,  NULL)); 
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cipher.h 


* cipher.h  - header  fil 

* 

* This  is  a Public  API 

★ 

* $ I d : cipher. h,v  1.16 
*/ 


# i f n d e f PGP_CIPHER_H 
//define  PGP  CIPHER  H 


e for  generic  block 
Function  Header 
1 996/1 1/12  02:17:25 


ciphers 


mhw  Exp  $ 


^include  " pg p / u s u a l s . h 


/*  A description 

of  a c i 

struct  PgpCipher 

char  const  *name 

byte  type 

f 

unsigned 

b l o c k s i 

unsigned 

k e y s i z e 

unsigned 

context 

unsigned 

context 

/*  for  byte,  word16  */ 
pher  * / 

r 

/*  PGP  Cipher  Type  Byte  */ 


void 

void 

void 


align; 
(*key)(void  *priv. 


byte  const  * k e y ) ; 


> ; 

# i f nd e f 
//define 
t y pe d e f 
# e nd  i f 


( * e n c r y p t ) ( vo i d *priv,  byte  const  *in, 
(*wash) (void  *priv,  byte  const  *buf. 


byte  * o u t ) ; 
unsigned  len) 


TYPE_PGPCIPHER 
TYPE_PGPCIPHER  1 
struct  PgpCipher 


PgpCipher; 


/* 

* A cipher's  private  context  is  an  extension  on  this  - 

* the  size  and  alignment  restrictions  for  the  type  are  documented 

* in  the  struct  Cipher. 

*/ 

struct  P g p C i p h e r C o n t e x t C 

struct  PgpCipher  const  * c i p h e r ; 
void  * p r i v ; 

> ; 

# i f nde  f T Y P E_PG P C I PH E R C 0 N T E X T 
//define  T Y P E_PG P C I PH E R C 0 N T E X T 1 

typedef  struct  Pg p C i p h e r C on t e x t Pg p C i p h e r C on t e x t ; 
ft  end  i f 


/*  Macros  to  access  the  member  functions  */ 

//define  pg p C i p h e r Ke y ( c c , k)  ( ( c c ) -> c i p h e r-> k e y ( ( c c ) -> p r i v , k)) 

//define  pg p C i p h e r E n c r y p t ( c c , in,  out)  \ 

( ( c c ) -> c i p h e r -> e n c r y p t ( ( c c ) -> p r i v , in,  out)) 
//define  pg  p C i p h e r Wa  s h ( c c , buf,  len)  ( ( c c ) ->  c i p h e r ->  wa  s h ( ( c c ) ->  p r i v , buf. 


len)) 


/*  Wipe  out  a Pg p C i p h e r C o n t e x t without  freeing  it  */ 
void  pgpCipherWipe  (struct  PgpCipherContext  *cc); 


/*  Lookup  ciphers  by  name  and  number  */ 

struct  PgpCipher  const  *pgpCipherByNumber  (unsigned  num); 

struct  PgpCipher  const  *pgpCipherByName  (char  const  *name,  size_t  namelen); 
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/*  create  and  destroy  Cipher  Contexts  from  a cipher  */ 

struct  PgpCipherContext  *pgpCipherCreate  (struct  PgpCipher  const  *cc); 
void  pgpCipherDestroy  (struct  PgpCipherContext  * c c ) ; 


struct  PgpCipherContext  *pgpCipherCopy  (struct  PgpCipherContext  const  * c c ) ; 

/*  Cipher  Numbers  */ 

//define  PG  P_C  I P H E R_N  U L L 0 
//define  PG  P_C  I P H E R_I  D E A 1 
//define  PGP  CIPHER  3 D E S 2 


/ * Get 
struct 
struct 
struct 


the  default  ciphers  for  operations  */ 

PgpEnv; 

PgpCipher  const  *pgpCipherDefaultBulk(struct  PgpEnv  const  *env); 
PgpCipher  const  *pgpCipherDefaultKey(struct  PgpEnv  const  * e n v ) ; 


/*  Static  buffer  size  for  keys  */ 
//define  PGP  CIPHER  MAXKEYSIZE  32 


/*  256  bits  */ 


# e n d i f /*  !PGP  CIPHER  H */ 
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des3.c 

/ * 

* des3.c  - TripLeDES  EDE  Encryptor 

ic 

* des3.c  95/09/11  23:29:03  EDT  by  Richard  Outerbridge 

* 

* $Id:  d e s 3 . c , v 1.1  2 1 996/1  1 /1  2 02  : 1 7:25  mhw  Exp  $ 

*/ 


#ifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 
ft  e nd  i f 


//include  " cipher. h" 

//include  "des3.h" 

//include  " pg p / pg pmem  . h " 

//include  " p g p / u s u a l s . h " 

/*  The  size  of  a scheduled  DES  key  */ 

//define  DES_KEY  WORDS  32 

//define  DES_KEYBYTES  ( s i z e o f ( w o r d 3 2 ) * D E S_K  E Y W 0 R D S ) 
//define  D E S 3_KE Y W 0 R D S ( 3 * D E S_K  E Y W 0 R D S ) 

//define  D E S 3_KE  Y B Y T E S ( s i z e o f ( w o r d 3 2 ) * D E S 3_K  E Y W 0 R D S ) 

//define  D E S 3_U  S E R KE  Y B Y T E S 24 


static  word32  const 
0x800000l_, 
0x80000L, 
0x8000L, 
0x800L, 
0x80L, 

0 x 8 L , 


bi gbyteC243  = { 
0x400000L, 
0x40000L, 
0x4000L, 
0x400L, 
0x40L, 

0 x 4 L , 


0x200000L, 

0x20000L, 

0x2000L, 

0x200L, 

0x20L, 

0 x 2 L , 

the  Standard  (ANSI 


0x1 00000L, 

0x1  0000L, 

0x1 000L, 

0x1 00L, 

0x1 OL, 

0 x 1 L } ; 

X3. 92-1981).  */ 


/*  Use  the  key  schedule  specified  i 


static 

byte 

const  p c 1 C 5 6 3 = 

C 

56, 

48, 

40, 

32, 

24, 

16, 

8, 

o. 

57, 

49, 

41, 

33, 

25, 

1 7 

9, 

1, 

58, 

50, 

42, 

34, 

26, 

18, 

10, 

2, 

59, 

51, 

43, 

35 

62, 

54, 

46, 

38, 

30, 

22, 

14, 

6, 

61, 

53, 

45, 

37, 

29, 

21 

13, 

5, 

60, 

52, 

44, 

36, 

28, 

20, 

12, 

4, 

27, 

19, 

11, 

3 

static 

byte 

const  totrotC160 

= i 

[ 

1, 

2, 

4, 

6, 

8, 

10, 

12, 

14, 

15, 

17, 

19, 

21, 

23, 

25, 

27 

static 

byte 

const  pc2L483  = 

{ 

13, 

16, 

10, 

23, 

o. 

4, 

2, 

27, 

14, 

5, 

20, 

9, 

22, 

18, 

11, 

3, 

25, 

7, 

15, 

6, 

26, 

19, 

12, 

1, 

40, 

51, 

30, 

36, 

46, 

54, 

29, 

39, 

50, 

44, 

32, 

47, 

43, 

48, 

38, 

55, 

33, 

52, 

45, 

41, 

49, 

35, 

28, 

31  ] 

■; 

/* 

* This  is  a less-that-brilliant  key  scheduling  routine. 

* It  could  stand  optimization  some  time. 

* 

* cookey  "cooks"  the  key  into  the  desired  form,  from  the  basic  one 

* has  the  keys  for  S-boxes  1 through  8 in  adjacent  words  of  the 

* "raw"  array.  I.e.  the  bits  start  out  like  this: 

* xxxxxxxxlll 111222222333333444444 


> ; 

2 8 } ; 


that 
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* xxxxxxxx555555666666777777888888 

* We  actually  want  the  keys  to  look  like  this: 

* 1 1 1 1 1 1 xx333333xx555555xx777777xx 

* 222222xx444444xx666666xx888888xx 

* Where  the  "xx"  patterns  are  set  to  01020300  for  use  by  the  s-box 

* lookup  code  in  the  main  encrypt  loop. 

* / 

static  void 

cookey  (word32  *raw,  word32  *cooked) 

{ 

i n t i ; 


0 ; i < 16 

; i + + , raw 

+ = 

2 , cooked  + 

= 2) 

t 

cookedCO] 

= (rawCO] 

& 

OxOOf cOOOOL) 

<< 

8; 

cookedCO] 

|=  (rawCO] 

& 

OxOOOOOf cOL) 

<< 

12; 

cookedCO] 

|=  ( r a w C 1 ] 

& 

OxOOf cOOOOL) 

>> 

8; 

cookedCO] 

|=  ( r a w C 1 ] 

& 

OxOOOOOf cOL) 

>> 

4; 

cookedCO] 

|=  0x01020300 

r 

cookedCI ] 

= (rawCO] 

& 

0x0003f 000L ) 

<< 

14; 

cookedCI ] 

|=  (rawCO] 

& 

0x0000003f L) 

<< 

18; 

cookedCI ] 

|=  ( r a w C 1 ] 

& 

0x0003f 000L) 

>> 

2; 

cookedCI ] 

|=  ( r a w C 1 ] 

& 

0x0000003f L) 

<< 

2; 

cookedCI ] 

|=  0x01020300 

/ 

> 

return; 

> 


static  void 

deskey  (byte  const  *key,  int  decryptf,  word32  *outbuf) 
{ 

int  i , j , l,  m , n ; 
byte  pc1mC56],  pcrC56]; 
word32  k n C 3 2 ] ; 


for  ( j = 0;  j < 56;  j + + ) { 
l = p c 1 C j ] ; 
m = l 8 07; 

p c 1 m [ j ] = ( key [ l >>  33  >>  ( ~ l & 7)  ) & 1; 

> 

for  (i  = 0;  i < 16;  i++  ) { 

m = (decryptf  ? 1 5 - i : i)  <<  1; 
n = m + 1 ; 
k n C m ] = k n C n ] = 0 L ; 
for  (j  = 0;  j < 28;  j + + ) { 

l = j + totrotCi]; 
if  (l  >=  28) 

l -=  28; 

pcrCj]  = pclmll]; 

> 

for  (j  = 28;  j < 56;  j + + ) { 
l = j + totrotCid; 
if  (l  >=  56) 

l -=  28; 

pcrCj]  = pcImCl]; 

> 

for  (j  = 0;  j < 24;  j++)  f 
if  (pcrCpc2Cj]3) 

knCm]  |=  bigbyteCj]; 
if  ( p c r C p c 2 C j +2 4 ] ] ) 
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> 

> 

cookeyC  k n , 
return; 

> 

/*  S-boxes  1 , 3,  5, 

static  word32  const 
0x00404100, 
0x00404001  , 
0x00000100, 
0x004001  01  , 
0x000001  01  , 
0x00004100, 
0x00004001  , 
0x00000000, 
0x00004000, 
0x00404100, 
0x00404001  , 
0x00000100, 
0x004041  01  , 
0x00400001  , 
0x000001  01  , 
0x00004001  , 

0x00000082, 

0x02000080, 

0x00008002, 

0x02008082, 

0x02000000, 

0x00008080, 

0x02000082, 

0x00000002, 

0x02008080, 

0x00008000, 

0x00000080, 

0x02000002, 

0x02000082, 

0x00000002, 

0x02008000, 

0x00008082, 

0x00000040, 

0x00020000, 

0x10020040, 

0x10800040, 

0x00800000, 

0x10000040, 

0x10820000, 

0x00820040, 

0x00020000, 

0x10000000, 

0x00800040, 

0x10020040, 

0x10820040, 

0x00820000, 

0x00020040, 

0x00000000, 


knCn]  | = bi gbyteC j ]; 


outbuf); 


7,  plus  P permutation,  rotated  */ 
SPOC512:  = { 

0x00000000,  0x00004000,  0x00404101, 
0x00004101,  0x00000001,  0x00004000, 
0x00404100,  0x00404101,  0x00000100, 
0x00404001,  0x00400000,  0x00000001, 
0x00400100,  0x00400100,  0x00004100, 
0x00404000,  0x00404000,  0x00400101, 
0x00400001,  0x00400001,  0x00004001, 
0x00000101,  0x00004101,  0x00400000, 
0x00404101,  0x00000001,  0x00404000, 
0x00400000,  0x00400000,  0x00000100, 
0x00004000,  0x00004100,  0x00400001, 
0x00000001,  0x00400101,  0x00004101, 
0x00004001,  0x00404000,  0x00400101, 
0x00000101,  0x00004101,  0x00404100, 
0x00400100,  0x00400100,  0x00000000, 
0x00004100,  0x00000000,  0x00404001, 

0x02008080,  0x00000000,  0x02008002, 
0x00000000,  0x00008082,  0x02000080, 
0x02000002,  0x02000002,  0x00008000, 
0x00008002,  0x02008000,  0x00000082, 
0x00000002,  0x02008080,  0x00000080, 
0x02008000,  0x02008002,  0x00008082, 
0x00008080,  0x00008000,  0x02000082, 
0x02008082,  0x00000080,  0x02000000, 
0x02000000,  0x00008002,  0x00000082, 
0x02008080,  0x02000080,  0x00000000, 
0x00008002,  0x02008082,  0x02000080, 
0x00000080,  0x00000000,  0x02008002, 
0x00008000,  0x02000000,  0x02008082, 
0x00008082,  0x00008080,  0x02000002, 
0x02000082,  0x00000082,  0x02008000, 
0x00000002,  0x02008002,  0x00008080, 

0x00820040,  0x00820000,  0x10800040, 
0x00000040,  0x10000000,  0x00820000, 
0x00020000,  0x00800040,  0x10020040, 
0x10820000,  0x00020040,  0x10000000, 
0x10020000,  0x10020000,  0x00000000, 
0x10820040,  0x10820040,  0x00800040, 
0x10000040,  0x00000000,  0x10800000, 
0x00800000,  0x10800000,  0x00020040, 
0x10800040,  0x00000040,  0x00800000, 
0x00820000,  0x10800040,  0x10020040, 
0x10000000,  0x10820000,  0x00820040, 
0x00000040,  0x00800000,  0x10820000, 
0x00020040,  0x10800000,  0x10820040, 
0x00000000,  0x10020000,  0x10800000, 
0x00800040,  0x10000040,  0x00020000, 
0x10020000,  0x00820040,  0x10000040, 
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0x00080000, 

0x00000200, 

0x81080200, 

0x80000000, 

0x01000200, 

0x81000000, 

0x01080000, 

0x00080200, 

0x01000000, 

0x81000200, 

0x80080000, 

0x01080200, 

0x80000200, 

0x00080200, 

0x00000000, 

0x81000000, 

/ * S-boxes  2,  4 , 6, 

static  word32  const 
0x20042008, 
0x00040000, 
0x20000008, 
0x20002000, 
0x00042000, 
0x20000000, 
0x00040008, 
0x00002008, 
0x00000000, 
0x20002008, 
0x20040000, 
0x00042008, 
0x00002008, 
0x00040008, 
0x00042000, 
0x20000000, 

0x40200800, 

0x00200820, 

0x00000000, 

0x40000020, 

0x40000000, 

0x00000020, 

0x40200020, 

0x00000800, 

0x00200020, 

0x40000020, 

0x00000820, 

0x40200800, 

0x40200820, 

0x40200000, 

0x40000800, 

0x00000020, 

0x08000004, 

0x08100000, 

0x08001000, 

0x00100004, 

0x00000000, 


0x81080000, 

0x81000200, 

0x00080000, 

0x01000000, 

0x80080200, 

0x01080000, 

0x00000200, 

0x80000000, 

0x00080200, 

0x81080000, 

0x01000000, 

0x80000200, 

0x81000000, 

0x00000000, 

0x80080200, 

0x01000200, 


0x81000200,  0x00000000, 
0x80080200,  0x01080200, 
0x00000000,  0x81000000, 
0x81080000,  0x80000200, 
0x80080000,  0x01000200, 
0x01080200,  0x80080000, 
0x80000200,  0x81080200, 
0x01000000,  0x00080200, 
0x00080000,  0x81000200, 
0x81080000,  0x80000000, 
0x01000200,  0x00080000, 
0x80080200,  0x01080200, 
0x81080200,  0x01080000, 
0x80000000,  0x81080200, 
0x01080000,  0x00000200, 
0x00000200,  0x80080000  >; 


8,  plus  P permutation,  rotated  */ 
SP1C5120  = { 

0x20002000,  0x00002000,  0x00042008, 
0x00000008,  0x20040008,  0x20002008, 
0x20042008,  0x20042000,  0x20000000, 
0x00040000,  0x00000008,  0x20040008, 
0x00040008,  0x20002008,  0x00000000, 
0x00002000,  0x00042008,  0x20040000, 
0x20000008,  0x00000000,  0x00042000, 
0x20042000,  0x20040000,  0x00002008, 
0x00042008,  0x20040008,  0x00040000, 
0x20040000,  0x20042000,  0x00002000, 
0x20002000,  0x00000008,  0x20042008, 
0x00000008,  0x00002000,  0x20000000, 
0x20042000,  0x00040000,  0x20000008, 
0x20002008,  0x20000008,  0x00040008, 
0x00000000,  0x20002000,  0x00002008, 
0x20040008,  0x20042008,  0x00042000, 

0x40000820,  0x40000820,  0x00000020, 
0x40200020,  0x40200000,  0x40000800, 
0x00200800,  0x00200800,  0x40200820, 
0x00000000,  0x00200020,  0x40200000, 
0x00000800,  0x00200000,  0x40200800, 
0x00200000,  0x40000800,  0x00000820, 
0x40000000,  0x00000820,  0x00200020, 
0x00200820,  0x40200820,  0x40000020, 
0x40200000,  0x00200800,  0x40200820, 
0x00000000,  0x00000000,  0x00200800, 
0x00200020,  0x40200020,  0x40000000, 
0x40000820,  0x40000820,  0x00000020, 
0x40000020,  0x40000000,  0x00000800, 
0x40000800,  0x00200820,  0x40200020, 
0x00000820,  0x00200000,  0x40200800, 
0x00200000,  0x00000800,  0x00200820, 

0x08100000,  0x00001000,  0x08101004, 
0x00000004,  0x08101004,  0x00100000, 
0x00101004,  0x00100000,  0x08000004, 
0x08001000,  0x08000000,  0x00001004, 
0x00100004,  0x08001004,  0x00001000, 
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0x00101000 

0x08100004 

0x00001004 

0x08001000 

0x08101004 

0x00100000 

0x08000004 

0x00101004 

0x00000004 

0x00001000 

0x08101000 


0x08001004 
0x00000000 
0x00101 000 
0x00000004 
0x00100000 
0x08001000 
0x08101004 
0x08101000 
0x00001 000 
0x00100004 
0x08000000 


0x00000004 

0x00101004 

0x08101000 

0x08100004 

0x00001004 

0x08000000 

0x00101000 

0x00000000 

0x08100000 

0x08001004 

0x00100004 


0x08100004 

0x08101000 

0x08000000 

0x00101000 

0x08000004 

0x00001004 

0x08100000 

0x08100004 

0x00101004 

0x00000000 

0x08001004 


0x04000410, 

0x04000000, 

0x00010010, 

0x04010400, 

0x04010000, 

0x00010400, 

0x00000410, 

0x04000010, 

0x00010410, 

0x00000010, 

0x04000400, 

0x04010010, 

0x00000000, 

0x04010000, 

0x04010410, 

0x00000410, 


0x00000400, 

0x04000410, 

0x04010000, 

0x00010410, 

0x04000010, 

0x00010010, 

0x00000000, 

0x04000400, 

0x00010000, 

0x04010010, 

0x00000010, 

0x04000000, 

0x04010410, 

0x04000400, 

0x00010400, 

0x00010010, 


0x00010000 

0x00000010 

0x04010410 

0x00000400 

0x04000400 

0x04010010 

0x00000000 

0x00010410 

0x04010400 

0x00000400 

0x04000010 

0x00010000 

0x00010010 

0x04000410 

0x00010400 

0x04000000 


0x04010410, 
0x04000000, 
0x00010400, 
0x00000010, 
0x00000410, 
0x04010400, 
0x04010010, 
0x00010000, 
0x00000400, 
0x00010410, 
0x04010000, 
0x04000410, 
0x04000010, 
0x00000000, 
0x00000410, 
0x04010400  > ; 


/* 

* This  encryption  function  is  fairly  clever  in  the  way  it  does  its 

* s-box  lookup.  The  S-boxes  are  indexed  by  bytes,  rather  than 

* words,  because  that's  faster  on  many  machines,  and  shifting 

* everything  two  bits  to  do  the  multiply  by  4 is  trivial. 

* Then,  the  indexing  into  the  various  S boxes  is  done  by 

* adding  the  appropriate  offset  bits  into  the  key  array,  so  the 

* addition  is  done  by  the  X0R  with  the  key  rather  than  having  to 

* be  done  explicitly  here. 

*/ 

static  void 

d e s 3 D E S (byte  const  i n b l o c k [ 8 0 , byte  o u t b l o c k [ 8 3 , word32  const  *keys) 
{ 

w o r d 3 2 s,  t,  right,  leftt; 
int  round,  iterate; 


leftt 

= ( ( wo rd3 2 ) i n b l o c k C 0 3 

<< 

24) 

| ((word32)inblockC13 

<< 

16) 

| ( ( wo r d 3 2 ) i n b l o c k C 2 3 

| (word32)inblockE33; 

<< 

8) 

right 

= ( ( wo rd 3 2 ) i n b l o c k C 4 3 

<< 

24) 

| ( ( w o r d 3 2 ) i n b l o c k [ 5 3 

<< 

16) 

| ( ( wo rd 3 2 ) i n b l o c k C 6 3 

<< 

8) 

(word32)inblockC73; 


/*  Initial  permutation  IP  */ 

t = ((leftt  >>  4)  A right)  & OxOfOfOfOfL; 

right  A=  t; 

leftt  A=  (t  <<  4); 

t = ((leftt  >>  16)  A right)  & OxOOOOffffL; 
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D e s 0 : 


right  A=  t ; 

leftt  A=  (t 

<< 

16); 

t = ((right 
Leftt  A=  t; 

>> 

2)  A 

Leftt)  & 0x33333333L; 

right  A=  (t 

<< 

2); 

t = ((right 
Leftt  A=  t; 

>> 

8)  A 

Leftt)  8 OxOOffOOffL; 

right  A=  (t 

<< 

8); 

Leftt  = ( ( L e 

f tt 

>> 

1 ) | (Leftt  < < 31)); 

t = (Leftt  A 
Leftt  A=  t; 
right  A=  t ; 

r i 

g h t ) 

& Ox55555555L; 

right  = ( ( r i 

g h t 

> > 

1)  | (right  <<  31)); 

/ * The  main 
iterate  = 3; 
goto  DesO; 
do  ( 

e n c 

rypt 

ion  Loop  * / 

t = right; 


right  = Leftt 

Leftt  = t ; 

for  (round 

= 

0;  round  < 8 

; round++) 

s 

= 

(right  8 Oxfcfcfcfc)  A 

keysCOO; 

t 

= 

(((right  >> 

28)  | (right  <<  4)) 

8 

Oxfcfcfcfc) 

A keysCID 

F 

Leftt 

A=  * ( w o r d 3 2 

*)  ( (char 

* ) S P0+ ( s 

8 

0x3f  c 

) ) 

A * ( w o r d 3 2 

* ) ( ( c h a r 

*) SP0+( ( s 

>> 

8 ) 

8 

0 x 3 f c 

) ) 

A *(word32 

*)((char 

* ) S P 0 + ( ( s 

>> 

16) 

8 

0 x 3 f c 

) ) 

A *(word32 

*)((char 

* ) S P 0 + ( (s 

>> 

24) 

8 

0 x 0 f c 

) ) 

A * ( wo  rd32 

*)((char 

* ) S P 1 + ( t 

8 

0 x 3 f c 

) ) 

A *(word32 

* ) ( ( c h a r 

*) SP1 +( ( t 

>> 

8 ) 

8 

0 x 3 f c 

) ) 

A *(word32 

* ) ( ( c h a r 

*)SP1+( (t 

>> 

16) 

8 

Ox  3 f c 

) ) 

A *(word32 

*)  ( (char 

*)SP1+( (t 

>> 

24) 

8 

0 x 0 f c 

)); 

s 

- 

(Leftt  8 Oxfcfcfcfc)  A 

keysC2D; 

t 

= 

(((Leftt  >> 

28)  | (Leftt  <<  4) ) 

8 

Oxfcfcfcfc) 

A key s C 3 ] 

r 

r i 

g h t 

A = *(word32 

*)((char 

* ) S P 0 + ( s 

8 

Ox  3 f c 

) ) 

A *(word32 

*)((char 

* ) SP0  + ( ( s 

>> 

8 ) 

8 

0x3f  c 

) ) 

A *(word32 

*)((char 

* ) S P 0 + ( (s 

>> 

16) 

8 

0x3f  c 

) ) 

A *(word32 

*)((char 

* ) SP0+( ( s 

>> 

24) 

8 

OxOf  c 

) ) 

A *(word32 

* ) ( ( c h a r 

*)SP1+(  t 

8 

0 x 3 f c 

) ) 

A *(word32 

*)  ( (char 

*)SP1+((t 

>> 

8 ) 

8 

0 x 3 f c 

) ) 

A * ( word32 

*)  ( (char 

* ) SP1 +( ( t 

>> 

16) 

8 

0x3f  c 

) ) 

A * ( wo  r d32 

*)((char 

*)SP1+( (t 

>> 

24) 

8 

0 x 0 f c 

>>; 

keys  + = 4 ; 


> 


> whiLe  (--iterate) 

F 

/ * Inverse  IP  * / 
Leftt  = ((Leftt  << 

1 ) 

| (Leftt  >> 

31  ) ) ; 

t = (Leftt  A right) 

8 

Ox55555555L; 

Leftt  A=  t; 
right  A=  t; 
right  = ((right  << 

1 ) 

| (right  > > 

31  ) ) ; 

t = (( Leftt  >>  8)  A 

right)  8 OxOOffOOffL; 

right  A=  t; 

Leftt  A=  (t  <<  8); 
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t = ((leftt 

>>  2)  A right) 

& 

0x33333333L; 

right  A = t ; 

leftt  A=  (t 

<<  2); 

t = ((right 

>>  16)  A leftt) 

8 

OxOOOOf f f f L 

leftt  A = t ; 

right  A=  ( t 

<<  16); 

t = ((right 

>>  4)  A leftt) 

8 

OxOf Of  Of  Of L; 

leftt  A=  t ; 

right  A=  (t 

<<  4); 

outblockEOd 

= (byteMright 

>> 

24)  ; 

outblockCld 

= (byteMright 

>> 

16); 

outblockC2d 

= (byteMright 

>> 

8); 

outblockC3d 

= (byteMright 

>; 

outblockC4D 

= (byteMleftt 

>> 

24); 

outblockC5] 

= (byteMleftt 

>> 

16); 

outb  lockC6] 

= (byteMleftt 

>> 

8); 

outblockC7] 

= (byteMleftt 

); 

return 


/***  Externally  called  functions  ***/ 
static  void 

des3Key  (void  *priv,  byte  const  *key) 

/ * EDE  triple-DES  * / 

deskey  (key  , 0,  ( w o r d 3 2 * ) p r i v ) ; 

deskey  (key+  8,  1,  (word32  *)priv  + D E S_KE Y WO R D S ) ; 

deskey  (key  + 16,  0,  (word32  *)priv  + 2 * D E S_KE Y WO R D S ) ; 

/*  To  decrypt,  do  DED  with  the  keys  in  the  opposite  order  */ 

/*  Keep  a copy  of  the  unscheduled  key  for  Washing  purposes  */ 
memcpy  ((byte  *)priv  + D E S 3_KE Y B Y T E S , key,  D E S 3_U S E R K E Y BYTES); 


static  void 

des3Encrypt  (void  *priv,  byte  const  *i n,  byte  *out) 
{ 

des3DES  (in,  out,  (word32  const  * ) p r i v ) ; 

> 


/ * 

* Do  one  64-bit  step  of  a Triple  Tandem  Davies-Meyer  hash  computation. 

* The  hash  buffer  is  32  bytes  long  and  contains  H (0..7),  then  G (8.  .15), 

* then  F (16. .23),  then  8 bytes  of  scratch  space.  The  buf  is  8 bytes  long. 

* xkey  is  a temporary  key  schedule  buffer,  with  room  for  *4*  DES 

* keys,  i.e.  4* D E S KE Y WO R D S words. 

* This  and  the  extra  data  in  the  hash  buffer  are  allocated  by  the 

* caller  to  reduce  the  amount  of  b u f f e r - w i p i ng  we  have  to  do. 

* (It's  only  called  from  des3Wash,  so  the  interface  can  be  a bit 

* specialized.) 

* 

* What  is  triple  Tandem  Davies-Meyer?  Well,  it's  a simple 

* extension  of  (double)  Tandem  Davies-Meyer,  which  goes 

* like  this,  to  hash  (H,G)  with  message  block  M: 

* H'  = E_{ G , M > ( H ) 

* G ' = E_T M, H 1 > ( G ) 

* H A=  H ' 
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* G A = G ' 

* 

* The  extension,  to  a triple-width  hash  (H,G,F)  is  just: 

* H'  = E_{ F,G,M>(H) 

* G ' = E_{ F,M,H ' > ( G ) 

* F ' = E_( M , G ' , H ' } ( F ) 

* H A=  H ' 

* G A=  G ' 

* F A=  F ' 

* 

* This  schedules  individual  DES  keys  to  avoid  having  to  copy  the 

* bits  to  contiguous  buffers  and  to  re-use  the  already-scheduled 

* leys.  F and  H'  are  used  twice  in  the  same  spot,  and  M is  scheduled 

* twice  for  encryption. 

*/ 

static  void 

d e s 3 S t e p T r i p l e D M ( by t e *hash,  byte  const  *buf,  word32  *xkey) 

{ 

i n t i ; 


/*  Set  up  triple-DES  with 
deskey(hash+16,  0,  xkey); 
de  s key  ( h a.s  h + 8,  1,  xkey  + 
deskeylbuf,  0,  xkey  + 


F,  G,  M */ 

D E S_K  EYWORDS)  ; 
2*DES_KEYW0RDS  ) ; 


/*  Compute  H'  and  new  H */ 
des3DES(hash,  hash+24,  xkey); 
for  (i  = 0;  i < 8;  i++) 

hashCi]  A=  hashCi+24D; 

/*  Copy  encryption  schedule  for  M out  of  harm's  way  */ 
memcpylxkey  +3* D E S_KE Y WO R D S , x k e y + 2 * D E S_K E Y W 0 R D S , D E S_K E Y B Y T E S ) ; 

/*  Set  up  triple-DES  with  F,  M,  H'  */ 
deskeylbuf,  1,  xkey  + D E S_KE Y WO R D S ) ; 

deskey(hash  + 24,  0,  xkey  + 2 * D E S_KE Y WO R D S ) ; 


/*  Compute  G'  and  new  G */ 
des3DES(hash+8,  hash+24,  xkey); 
for  (i  = 0;  i < 8;  i + + ) 

hashEi+83  A=  hashCi+243; 


/*  Set  up  triple-DES  with  M,  G',  H'  */ 
memcpylxkey,  x k e y+ 3* D E S_KE Y W0 R D S , D E S_KE Y B Y T E S ) ; 
deskey(hash+24,  1,  xkey  + D E S_KE Y WORDS); 


> 


/*  Compute  F'  and  new  F */ 
des3DES(hash+16,  hash+24,  xkey); 
for  (i  = 0;  i < 8;  i++) 

hashCi+16]  A=  hashCi+24]; 


/ * 

* Munge  the  key  of  the  C i p h e r C on t e x t based  on  the  supplied  bytes. 

* This  is  for  random-number  generation,  so  the  exact  technique  is 

* unimportant,  but  it  happens  to  use  the  current  key  as  the 

* IV  for  computing  a t r i p l e-Tandem  Davi es-Meyer  hash  of  the  bytes, 

* and  uses  the  output  as  the  new  key. 

*/ 

static  void 
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des3Wash(void  *priv,  byte  const  * b u f , unsigned  ten) 

unsigned  i ; 
byte  tempC8Il; 

w o r d 3 2 xkeyC4*DE  S_K  EYW0RDS3; 


/ * The  key  is 


used  as  the  IV  for  the  hash  */ 


/ * Do  the  initial  blocks  of  the  hash  * / 
i = len; 

while  (i  >=  8)  { 

des3StepTri pleDMC (byte  * ) p r i v+ D E S 3_KE Y B Y T E S , buf,  xkey); 
b u f + = 8 ; 
i -=  8; 

> 

/* 

* At  the  end,  we  do  D a mg  a r d-Me r k l e strengthening,  just  like 

* M D 5 or  SHA.  Pad  with  0x80  then  0 bytes  to  6 mod  8,  then 

* add  the  length.  We  use  a 16-bit  length  in  bytes  instead 

* of  a 64-bit  length  in  bits,  but  that  is  cryptographically 

* irrelevant,  as  long  as  the  length  is  there. 

*/ 

/*  Do  the  first  partial  block  - i <=  7 */ 
memcpyCtemp,  buf,  i ) ; 
tempCi++3  = 0x80; 
if  ( i > 6 ) i 

memset(temp+i,  0,  8-i); 

des3StepTripleDM(  (byte  * ) p r i v + D E S 3_K E Y B Y T E S , temp,  xkey); 
i = 0; 

> 

memset(temp+i,  0,  6 - in- 
tern p [ 6 ] = (byteMlen  >>  8); 
tempC7D  = (byte)len; 

des3StepTri pleDM( (byte  * ) p r i v+ D E S 3_KE YB Y T E S , temp,  xkey); 


/*  Re-schedule  the  key  */ 

deskey  ((byte  * ) pr i v+DES3_KE YBYTES  , 0, 

(word32  *)priv); 

deskey  ((byte  * ) p r i v+ D E S 3_KE YB YT E S+  8,  1, 

(word32  * ) p r i v + D E S_K E Y W0 R D S ) ; 
deskey  ((byte  * ) p r i v + D E S 3_KE Y B Y T E S + 1 6 , 0, 

(word32  *)priv  + 2 * D E S_K E Y W 0 R D S ) ; 

memset(temp,  0,  si  zeof ( temp) ); 
mems e t ( x key , 0,  s i z e o f ( x k e y ) ) ; 

> 

/ * 

* Define  a struct  Cipher  for  the  generic  cipher.  This  is  the  only  real 

* exported  symbol  --  everything  else  can  be  static,  since  everything 

* is  referenced  through  function  pointers! 

*/ 

struct  PgpCipher  const  cipher3DES  = i 
"3DES", 

P G P_C I P H E R_3  D E S , 

8,  /*Blocksize*/ 

D E S 3_U  SERKEYBYTES,  /*  Keysize  */ 

D E S 3_K  E Y B Y T E S + D E S 3_U S E R K E Y B Y T E S , 
alignof(word32). 
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des3Key , 

des3Encrypt, 

des3Wash 


# i f UNITTEST 
/ * Validation  set: 


* 


★ 

Double- 

length 

key. 

s i n g l 

e-length 

plaintext  - 

★ 

Key 

: 0123 

4567 

89a  b 

cdef  fedc 

ba 98  7654  321  0 

* 

Plain 

: 0123 

4567 

89a  b 

c d e 7 

★ 

Cipher 

: 7 f 1 d 

0a77 

826b 

8a  f f 

* 


//include  <stdio.h> 

//include  <time.h> 

void 

printhexCunsigned  char  const  *buf,  unsigned  len) 

< 

while  (l en-- ) { 

p r i n t f ( " % 0 2 X " , *buf++); 
putcharC  len  ? 1 ' : ' \ n 1 ) ; 

> 

> 


i n t 

ma i n ( vo i d ) 


unsigned  i; 
c l o c k_t  c ; 

static  unsigned  char  const  keyC24D  = { 

0x01,  0x23,  0x45,  0x67,  0x89,  Oxab,  Oxcd, 

Oxfe,  Oxdc,  Oxba,  0x98,  0x76,  0x54,  0x32, 

0x01,  0x23,  0x45,  0x67,  0x89,  Oxab,  Oxcd, 

>; 

static  unsigned  char  const  plainC80  = i 

0x01,  0x23,  0x45,  0x67,  0x89,  Oxab,  Oxcd, 

> ; 

static  unsigned  char  const  cipherC8H  = f 

0x7f,  Oxld,  0x0a,  0x77,  0x82,  0x6b,  0x8a, 


>; 

unsigned  char  o u t C 8 ] ; 

word  3 2 xkeyC  DES3_KEYW0RDS  + 6d  ; 


des3Key(xkey,  key); 

d e s 3 E n c r y p t ( x k e y , plain,  out); 

printfl"  key="); 

printhexCkey,  24); 

printfC"  p lai n = " ) ; 

printhexCplain,  8); 

printfC"  ou t =" ) ; 

printhexCout,  8); 

printf("cipher="); 

p r i n t h e x ( c i p h e r , 8); 

if  (memcmpCcipher,  out,  8)  ==  0) 


Ox  e f , 
0x10, 
Ox  e f 


0 x e 7 


Oxf  f 
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> 

# e nd  i f 


printfC'Test  successfuLXn"); 

else 

printf("###  ERRORXn"); 

printfC" Doing  test  encryptions\n"); 
c = clockC); 

for  (i  = 0;  i < 100000;  i + + ) 

des3Encrypt(xkey,  out,  out); 
c = clockC)  - c; 

printf("%u  encryptions  required  % l u 
i,  (unsigned  long)c); 
return  0; 


i c k s \ n " , 
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des3.h 

/*  des3.h  - headers  for  TripleDES 
* 

* By  Richard  Outerbridge 

* 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  functions  in  an  application. 

* 

* $ I d : d e s 3 . h , v 1.4  1 996/1  1 /1  2 02:1  7:26  mhw  Exp  $ 

*/ 

# i f n d e f PGP_3DES_H 
^define  PGP_3DES_H 

^include  "cipher. h" 

/ * This  is  the  definition  of  the  3DES  cipher,  for  use  with  the  PGP 

* Generic  Cipher  code. 

*/ 

extern  struct  PgpCipher  const  cipher3DES; 

# e n d i f /*  PGP  3DES  H */ 
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des3_68K.c 

/ * 

* $ I d : d e s 3_6  8 K . c , v 1.2  1 996/  1 1 / 1 2 02:1  7:27  mhw  Exp  $ 
*/ 


#inc lude  <std  L i b . h> 

^include  " PG P F o n e U t i l s . h " 
^include  "des3.h" 


static  void  deskeyCuchar  * , short,  ulong  *); 


static  asm 
{ 

f r a l L o c 
mo vem  . L 
L e a 
L e a 

mo vea  . L 
m o v e q 
mo  veq 
movea  . L 
c m p i . w 
beq 
lea 
bra 
akpp  : 

d c . w 
a kpO  : 

d c . b 
d c . b 
d c . b 
d c . b 


void  deskeyCuchar  *key,  short  edf,  ulong  *buf) 


d3-d5/a2-a3,-(a7) 
a kpp  , a 2 
a k pO , a 0 
k e y , a 1 
# 0 , d 4 
#1 5,d0 
b u f , a 3 
#EN0,edf 
a c k s 1 

120(a3),a3 
a c k s 1 


//save  registers 

//table  of  permutation  adjusts 

//tables  of  byte/bit  offsets 

//load  address  of  nominal  key 

//clear  this  register 

//do  all  16  rounds 

//load  address  of  key  register 

//are  we  encrypting 

//yes  - start  now 

//no  - adjust  backfill 

//now  start 


0,0,0,112,112,112,112,112,224,0,112,112,112,112,112,224 


6. 6. 1.6. 6. 5. 4. 6. 7. 4. 6. 7. 2. 7. 1.5. 0. 5. 4. 5. 3. 6. 3. 7. 5. 4. 7. 6 
0,1, 2, 2, 3, 4, 4, 1,6, 2, 4, 3, 0,4, 0,2, 7, 3, 2, 3, 4, 2, 7, 1,1, 1,2, 4 

5. 5. 4. 7. 7. 7. 0. 6. 1.7. 2. 5. 5. 6. 6. 4. 7. 5. 0.7. 4. 4. 3. 5. 2. 6. 5. 7 

5. 2. 5. 1.3. 2. 0. 3. 6. 3. 2. 1.3. 3. 1.4. 5. 3. 1.2. 1.3. 7. 2. 6. 1.3.1 


d c . b 
d c . b 
d c . b 
d c . b 


4. 0. 4. 3. 4. 6. 1.3. 5. 6. 5. 0.4. 2. 1.5. 0.2. 5. 2. 5. 1.0. 0.5. 3. 0.6 

7. 2. 7. 4. 3. 0. 7. 0.6. 6. 6. 0.3. 2. 3. 5. 6. 2. 7. 3. 6. 4. 7. 1.2. 6. 7. 6 

1.4. 1.2. 0. 1. 5. 5. 5. 4. 1.6. 0.3. 1.1. 0.4. 1.0. 4. 4. 4. 1.0. 5. 4. 5 

3. 3. 2. 3. 2. 5. 2. 4. 7. 5. 3. 1.3. 4. 2. 0. 2. 1.3. 6. 6. 3. 2. 2. 6. 5. 6.1 


dc.b  0,3, 5, 5, 1,4, 5, 1,1,1 

dc.b  2, 2, 3, 6, 7, 6, 6,1 ,3,3 

dc.b  5 , 2 , 0 , 0 , 5 , 0 , 0 , 4 , 1 , 0 
dc.b  6, 4, 7, 0,7, 4, 3, 0,2,1 

a c k s 1 : 

suba.w  Ca2)+,a0 
moveq  # 7 , d 1 
a c k s 2 : 

moveq  # 6 , d 2 
moveq  # 0 , d 3 
a c k s 3 : 

move.b  Ca0)+,d4 
move.b  Ca0)+,d5 
btst  d5,0(a1,d4.w) 
beq.s  3cks4 
bset  d2,d3 
a c k s 4 : 

dbf  d2,3cks3 

move.b  d3,(a3)+ 
dbf  d1,3cks2 


4. 5. 5. 4. 0. 2. 5. 6. 4. 1.0. 5. 4. 2. 4. 4. 4.0 
3, 4, 7, 1,6, 2, 7, 5, 6, 3, 2, 5, 6, 5, 7, 2, 2,0 

1.5. 1.3. 5. 3. 4. 6. 0. 6. 0.1. 1.6. 4. 3. 1.2 

2. 6. 7. 3. 3. 2. 6. 0. 3. 5. 2. 4. 6. 6. 2. 3. 3.1 

//correct  permutation 
//do  8 bytes  worth 

//do  7 bits  per  byte 
//clear  a byte  to  fill 

//get  a byte  number 
//get  a bit  number 
//test  bit  in  key  byte 
//if  no  bit  to  set 
//else  set  a bit 

//loop  until  all  bits  done 
//set  byte 

//loop  through  all  bytes 
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lea  -8(a3),a1 

cmpi.w  #ENO,edf 
beq.s  Scks5 
lea  -16(a3),a3 

5)  c k s 5 : 

dbf  d0,3cks1 

move. I #0x3f 3f 3f 3f  ,d1 
movea.l  bu  f , a 0 
moveq  #15, d 2 
a c k s 6 : 

move. I (aO),dO 

and . I dl ,d0 

rol.l  # 4 , d 0 

move  .1  dO, ( aO  ) + 

and. I d1,(a0)+ 

dbf  d2,3cks6 

movem.l  ( a 7 ) + , d 3- d 5 / a 2 -a  3 

f rf ree 

rts 


//reset  al  to  last  subkey 
//check  mode 
//encryption 
//adjust  filling 

//for  all  rounds 
//load  bit  mask 
//reload  key  register 
//load  loop  index 

//next  raw  target 
//clear  bits 
//preallign 

//set  cooked  key  - even 
//set  cooked  key  - odd 
//all  32  longs 
//restore  registers 


void  d e s 3 k e y ( u c h a r *hexkey,  short  mode,  void  **ksa) 
ulong  * k s ; 

uchar  * f i r s t , * t h i r d ; 
short  revmod; 


★ ksa  = ks  = (ulong  * ) pg p_ma l l o c ( 96  * si zeof (ulong)  ); 


> 


if(mode  ==  ENO) 

revmod  = DEI; 
first  = hexkey; 
third  = ShexkeyC16]; 

> 


else 

C 

revmod  = ENO; 
first  = &hexkey[16]; 
third  = hexkey; 

> 


deskey(first,  mode,  ks); 
deskey(ShexkeyC8d,  revmod,  &ksE32D); 
d e s ke y ( t h i r d , mode,  &ksC64]); 


void  D E S D Ke y D o n e ( v o i d *ksa) 
{ 


P9P_f  ree ( (ulong  *)ksa); 

> 

asm  void  D3des(uchar  *in,  uchar 
C 


f r a l l o c 

+ 

m o v e m . 

l 

d3-d7/a2,-(a7) 

mo  v e a . 

l 

i n , a 0 

move  . 1 

( a 0 ) + , d 3 

/* 

mo ve  . 1 

(aO)  ,d5 

/* 

move  . 1 

d 3 , d 2 

/* 

★out,  void  *ksa) 


D 3 = L * / 

D 5 = R * / 

EXSHMSK(R,0x0f0f0f0f,L,4,tmp)  */ 
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l s r . 1 

# 4 , d 2 

eor  . 1 

d 5 , d 2 

a nd  i . 1 

#0x0f Of  Of  Of ,d2 

e o r . 1 

d 2 , d 5 

l s l . 1 

# 4 , d 2 

eor  . 1 

d 2 , d 3 

swap 

d 3 

mo ve  . w 

d 3 , d 2 

mo ve  . w 

d 5 , d 3 

mo ve  . w 

d 2 , d 5 

swap 

d 3 

move.  1 

d 5 , d 2 

l s r . 1 

# 2 , d 2 

eor.  1 

d 3 , d 2 

a nd  i . 1 

#0x33333333, d2 

e o r . 1 

d 2 , d 3 

l s l . 1 

# 2 , d 2 

e o r . 1 

d 2 , d 5 

move  . 1 

d 5 , d 2 

l s r . 1 

# 8 , d 2 

e o r . 1 

d 3 , d 2 

a nd  i . 1 

#0x00f  f OOf  f ,d2 

e o r . 1 

d 2 , d 3 

l s l . 1 

# 8 , d 2 

eor.  1 

d 2 , d 5 

rol  . 1 

#1  ,d5 

move  . 1 

d 3 , d 2 

e o r . 1 

d 5 , d 2 

a n d i . 1 

#0xaaaaaaaa,d2 

eor  . 1 

d 2 , d 5 

eor.  1 

d 2 , d 3 

r o l . 1 

#1  ,d3 

l e a 

3SP0,a0 

l e a 

aspi ,a1 

m o v e a . 1 

k s a , a 2 

move  . 1 

#0x03f003f0,d2 

moveq 

# 2 , d 7 

bra 

ad  e s 0 

DC  . W 

0x0123  / * a 

/*  EXSHMSK(R,0x0000ffff,L,16,tmp)  */ 


/*  EXSHMSKCL, 0x33333333, R, 2, tmp)  */ 


/*  EXSHMSKCL, OxOOf fOOf f ,R,8,tmp)  */ 


/*  EXSHMSKCR, 0x55555555, L, 1 , tmp)  */ 


/ * On 
aSPO  : 


a 68030  it  helps  _a_lot_  if 


slop  * / 

SPO  (&  S P 1 ) 


are  long  alligned! 


DC.L  0x01010400,0x00000208,0x00000100,0x00200000 
DC.L  0x00000000,0x08020200,0x02080100,0x04200002 
DC.L  0x00010000,0x00000000,0x02080000,0x04000802 
DC.L  0x01010404,0x08020008,0x42000100,0x00000000 
DC.L  0x01010004,0x08000200,0x00080000,0x00000800 
DC.L  0x00010404,0x00000000,0x00000100,0x04000802 
DC.L  0x00000004,0x00020208,0x40000000,0x00200802 
DC.L  0x00010000,0x08000200,0x02080000,0x04200800 
DC.L  0x00000400,0x00020008,0x40080100,0x04200802 
DC.L  0x01010400,0x08000008,0x00080000,0x00200000 
DC.L  0x01010404,0x08000008,0x02000100,0x00000000 
DC.L  0x00000400,0x00020000,0x40080100,0x04000002 
DC.L  0x01000404,0x08020208,0x42000100,0x00000002 
DC.L  0x01010004,0x00020008,0x42080000,0x04000000 
DC.L  0x01000000,0x08020000,0x00080100,0x04200002 
DC.L  0x00000004,0x00000208,0x40000000,0x00000802 
DC.L  0x00000404,0x08000000,0x02000000,0x04000800 
DC.L  0x01000400,0x00000008,0x40080000,0x00200802 


*/ 
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DC.L  0x01000400,0x08020200,0x40080000,0x00200002 

DC.L  0x00010400,0x00000200,0x00000000,0x04000800 

DC.L  0x00010400,0x00020200,0x40000100,0x04000002 

DC.L  0x01010000,0x08020000,0x42080100,0x04200000 

DC.L  0x01010000,0x08020008,0x42080100,0x04200800 

DC.L  0x01000404,0x00020208,0x02000100,0x00200002 

DC.L  0x00010004,0x08000208,0x42080000,0x04200000 

DC.L  0x01000004,0x00020200,0x40000100,0x00000800 

DC.L  0x01000004,0x00020000,0x00000000,0x00000802 

DC.L  0x00010004,0x08000208,0x42000000,0x04200802 

DC.L  0x00000000,0x00000008,0x02080100,0x00200800 

DC.L  0x00000404,0x08020208,0x02000000,0x00000002 

DC.L  0x00010404,0x00000200,0x42000000,0x04000000 

DC.L  0x01000000,0x08000000,0x00080100,0x00200800 

DC.L  0x00010000,0x08020200,0x00080000,0x04000000 

DC.L  0x01010404,0x08000000,0x42000100,0x00200800 

DC.L  0x00000004,0x00020008,0x00000100,0x00200000 

DC.L  0x01010000,0x00000208,0x02000000,0x04000802 

DC.L  0x01010400,0x00020000,0x40000000,0x04000802 

DC.L  0x01000000,0x08020200,0x02080000,0x04200002 

DC.L  0x01000000,0x08000200,0x42000100,0x04200002 

DC.L  0x00000400,0x00000000,0x40080100,0x00000002 

DC.L  0x01010004,0x00000200,0x02000100,0x00200002 

DC.L  0x00010000,0x00020008,0x40000000,0x04000000 

DC.L  0x00010400,0x08020208,0x42080000,0x04000800 

DC.L  0x01000004,0x08000200,0x02080100,0x00200000 

DC.L  0x00000400,0x08000008,0x40080100,0x04200800 

DC.L  0x00000004,0x00000200,0x00000100,0x00000802 

DC.L  0x01000404,0x00000000,0x02000000,0x00200802 

DC.L  0x00010404,0x08020008,0x42080000,0x04200800 

DC.L  0x01010404,0x08000208,0x42080100,0x00000802 

DC.L  0x00010004,0x00020000,0x00080100,0x04000002 

DC.L  0x01010000,0x08000000,0x42000000,0x04200802 

DC.L  0x01000404,0x08020208,0x42080100,0x04200000 

DC.L  0x01000004,0x00000008,0x02080000,0x00200800 

DC.L  0x00000404,0x00020208,0x00000000,0x00000000 

DC.L  0x00010404,0x00020200,0x40080000,0x00000002 

DC.L  0x01010400,0x08000008,0x42000000,0x04200802 

DC.L  0x00000404,0x08020000,0x00080100,0x00000000 

DC.L  0x01000400,0x08000208,0x02000100,0x00200802 

DC.L  0x01000400,0x00000208,0x40000100,0x04200000 

DC.L  0x00000000,0x08020000,0x00080000,0x00000800 

DC.L  0x00010004,0x00020208,0x00000000,0x04000002 

DC.L  0x00010400,0x00000008,0x40080000,0x04000800 

DC.L  0x00000000,0x08020008,0x02080100,0x00000800 

DC.L  0x01010004,0x00020200,0x40000100,0x00200002 

aspi  : 

DC.L  0x80108020,0x00802001,0x20000010,0x10001040 

DC.L  0x80008000,0x00002081,0x20400000,0x00001000 

DC.L  0x00008000,0x00002081,0x00004000,0x00040000 

DC.L  0x00108020,0x00000080,0x20404010,0x10041040 

DC.L  0x00100000,0x00802080,0x20400000,0x10000000 

DC.L  0x00000020,0x00800081,0x00000010,0x10001040 

DC.L  0x80100020,0x00800001,0x20404010,0x00000040 

DC.L  0x80008020,0x00002001,0x00400000,0x10000000 

DC.L  0x80000020,0x00000000,0x20004000,0x00040040 

DC.L  0x80108020,0x00802000,0x00404010,0x10040000 

DC.L  0x80108000,0x00802000,0x00400000,0x10041040 

DC.L  0x80000000,0x00802081,0x20000010,0x00041000 
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DC.L  0x80008000,0x00000081,0x00400010,0x10041000 

DC.L  0x00100000,0x00000000,0x20004000,0x00041040 

DC.L  0x00000020,0x00800080,0x20000000,0x00001000 

DC.L  0x80100020,0x00800001,0x00004010,0x00000040 

DC.L  0x00108000,0x00000001,0x00000000,0x10040000 

DC.L  0x00100020,0x00002000,0x00400010,0x10000040 

DC.L  0x80008020,0x00800000,0x20004010,0x10001000 

DC.L  0x00000000,0x00802001,0x00004000,0x00001040 

DC.L  0x80000000,0x00000080,0x00404000,0x00041000 

DC.L  0x00008000,0x00800000,0x20004010,0x00040040 

DC.L  0x00108020,0x00002001,0x00000010,0x10040040 

DC.L  0x80100000,0x00002080,0x20400010,0x10041000 

DC.L  0x00100020,0x00800081,0x20400010,0x00001040 

DC.L  0x80000020,0x00000001,0x00000000,0x00000000 

DC.L  0x00000000,0x00002080,0x00404010,0x00000000 

DC.L  0x00108000,0x00800080,0x20404000,0x10040040 

DC.L  0x00008020,0x00002000,0x00004010,0x10000040 

DC.L  0x80108000,0x00802080,0x00404000,0x10001000 

DC.L  0x80100000,0x00802081,0x20404000,0x00041040 

DC.L  0x00008020,0x00000081,0x20000000,0x00040000 

DC.L  0x00000000,0x00800080,0x20004000,0x00041040 

DC.L  0x00108020,0x00800001,0x00000010,0x00040000 

DC.L  0x80100020,0x00802000,0x20400010,0x10041000 

DC.L  0x00100000,0x00802081,0x00404000,0x00001000 

DC.L  0x80008020,0x00000081,0x20404010,0x00000040 

DC.L  0x80100000,0x00000000,0x00400000,0x10040040 

DC.L  0x80108000,0x00000000,0x00004010,0x00001000 

DC.L  0x00008000,0x00802000,0x20000010,0x00041040 

DC.L  0x80100000,0x00002080,0x00400000,0x10001000 

DC.L  0x80008000,0x00800080,0x20004000,0x00000040 

DC.L  0x00000020,0x00800081,0x20000000,0x10000040 

DC.L  0x80108020,0x00000001,0x00004010,0x10040000 

DC.L  0x00108020,0x00802001,0x20000010,0x10040040 

DC.L  0x00000020,0x00002081,0x20404010,0x10000000 

DC.L  0x00008000,0x00002081,0x00404000,0x00040000 

DC.L  0x80000000,0x00000080,0x20400000,0x10001040 

DC.L  0x00008020,0x00802081,0x00404010,0x00000000 

DC.L  0x80108000,0x00000081,0x20404000,0x10041040 

DC.L  0x00100000,0x00000001,0x00000000,0x00040040 

DC.L  0x80000020,0x00002000,0x20400010,0x10000040 

DC.L  0x00100020,0x00800001,0x00000010,0x10040000 

DC.L  0x80008020,0x00002001,0x00004000,0x10001000 

DC.L  0x80000020,0x00802080,0x20400000,0x10001040 

DC.L  0x00100020,0x00800081,0x00404010,0x00000000 

DC.L  0x00108000,0x00002001,0x00004000,0x10041040 

DC.L  0x00000000,0x00002080,0x00400010,0x00041000 

DC.L  0x80008000,0x00800000,0x20004010,0x00041000 

DC.L  0x00008020,0x00802001,0x00000000,0x00001040 

DC.L  0x80000000,0x00000080,0x20404000,0x00001040 

DC.L  0x80100020,0x00800000,0x20000000,0x00040040 

DC.L  0x80108020,0x00002000,0x00400010,0x10000000 

DC.L  0x00108000,0x00802080,0x20004010,0x10041000 

adeslter: 

exg  d 5 , d 3 

adesO  : 

moveq  #7,d1 

adesLoop: 

move.L  (a2)+,dO 

eor.l  d5,dO 
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move  . 1 

d0,d6 

a nd  . L 

d2,d0 

move  . L 

12(a0,d0.w),d4 

/ * 

swap 

dO 

or  . L 

4(a0,d0.w),d4 

/ * 

ror  . L 

# 8 , d 6 

a nd  . 1 

d 2 , d 6 

or  . L 

8(a0,d6.w),d4 

/* 

swap 

d6 

or  . 1 

0(a0,d6.w),d4 

/* 

move  . 1 

( a 2 ) + , d 0 

eor  . 1 

d 5 , dO 

move.  L 

d 0 , d 6 

Is  L . 1 

#4  , dO 

a n d . L 

d2,d0 

or  . 1 

1 2 ( al ,d0 . w ) ,d4 

/* 

swap 

dO 

or.  1 

4(a1,d0.w),d4 

/* 

l s r . 1 

# 4 , d6 

a n d . L 

d 2 , d 6 

or.  1 

8(a1,d6.w),d4 

/ * 

swap 

d6 

or.  L 

0(a1,d6.w),d4 

/ * 

eor  . 1 

d 4 , d 3 

move.  1 

(a2)+,d0 

eor  . 1 

d 3 , dO 

move  . L 

d0,d6 

a n d . L 

d2,d0 

move  . L 

12(a0,d0.w),d4 

/ * 

swap 

dO 

or  . L 

4(a0,d0.w),d4 

/* 

ror  . L 

# 8 , d 6 

a n d . L 

d2,d6 

or  . 1 

8(a0,d6.w),d4 

/* 

swap 

d 6 

or  . 1 

0(a0,d6.w),d4 

/ * 

move.  L 

(a2 )+,d0 

eor  . 1 

d 3 , d 0 

move  . L 

d 0 , d 6 

L s L . L 

# 4 , d 0 

a n d . L 

d 2 , d 0 

or.  1 

1 2 ( a 1 ,d0.w),d4 

/* 

swap 

dO 

or  . 1 

4 ( a 1 ,d0.w),d4 

/* 

L s r . L 

# 4 , d 6 

a nd  . L 

d 2 , d 6 

or  . 1 

8(a1,d6.w),d4 

/* 

swap 

d 6 

or  . 1 

0(a1,d6.w),d4 

/* 

eor  . 1 

d 4 , d 5 

dbf 

dl  ,adesLoop 

/ * 

dbf 

d7,3deslter 

ror  . 1 

#1  ,d5 

/* 

move.  1 

d 5 , d 2 

eor  . 1 

d 3 , d 2 

a nd  i . 1 

#0xaaaaaaaa,d2 

eor  . L 

d 2 , d 3 

eor  . 1 

d 2 , d 5 

ror  . 1 

#1  ,d3 

S 6 * / 

S 2 */ 

S 4 * / 

50  */ 

S 7 */ 

S3  */ 

S 5 */ 

51  */ 

S 6 * / 

S 2 */ 

S 4 * / 

50  * / 

S 7 */ 

S3  */ 

S 5 */ 

51  */ 

53  */ 

EXSHMSK(R, 0x55555555, L,1,tmp) 
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move  . 1 

d 3 , d 2 

l s r . 1 

# 8 , d 2 

eor  . 1 

d 5 , d 2 

a nd  i . 1 

#0x00ff00ff,d2 

eor  . 1 

d 2 , d 5 

l s l . 1 

# 8 , d 2 

eor  . 1 

d 2 , d 3 

move  . 1 

d 3 , d 2 

l s r . 1 

tt  2,d2 

eor.  1 

d 5 , d 2 

a nd  i . 1 

#0x33333333, d2 

eor.  1 

d 2 , d 5 

l s l . 1 

# 2 , d 2 

eor.  1 

d 2 , d 3 

swap 

d 5 

m o v e . w 

d 5 , d 2 

mo  v e . w 

d 3 , d 5 

mo  v e . w 

d 2 , d 3 

swap 

d 5 

mo ve  . 1 

d 5 , d 2 

l s r . 1 

# 4 , d 2 

eor  . 1 

d 3 , d 2 

a n d i . 1 

#0x0f Of  Of  Of ,d2 

eor.  1 

d 2 , d 3 

l s l . 1 

# 4 , d 2 

eor.  1 

d 2 , d 5 

m o v e a . 

ou  t , a 0 

mo ve  . 1 

d5,(a0)+ 

move.  1 

d3,(a0) 

movem.l  ( a 7 ) + , a 2 / d 3- d 7 

f rf  ree 

rts 

> 

/ * Va l i da  t 

on  triples  - 

TV 

* Doub  l e- l eng t h key,  sing 

* Key 

01  23  4567  89a  b 

* Plain 

01  23  4567  8 9 a b 

* Cipher 

7f1d  0a 77  826b 

TV 

* T r i p l e- l eng t h key,  sing 

* Key 

01  23  4567  89a b 

* Plain 

01  23  4567  89a b 

* Ci pher 

deOb  7c06  ae5e 

/*  EXSHMSK(L,OxOOf fOOf f ,R,8,tmp)  */ 


/*  EXSHMSKCL, 0x33333333, R, 2, tmp)  */ 


/*  EXSHMSKC R,OxOOOOf f f f ,L,16,tmp)  */ 


/*  EXSHMSKC R,OxOf OfOfOf ,L,4,tmp)  */ 


c d e f 
c d e 7 
8a  f f 


c d e f 
c d e 7 
0 e d 5 


igth  plaintext  - 
fedc  ba98  7654  3210 


igth  plaintext  - 
fedc  ba 98  7654  321  0 


89a b cdef  01  23  4567 


* / 
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idea.c 

/ * 

* idea.c  - C source  code  for  IDEA  block  cipher. 

* Algorithm  developed  by  Xuejia  Lai  and  James  L.  Massey,  of  ETH  Zurich. 

* 

* $ I d : idea  . c,v  1.1  4 1 996/1  1 /1  2 02:1  7:27  mhw  Exp  $ 

★ 

* There  are  two  adjustments  that  can  be  made  to  this  code  to  speed  it 

* up.  Defaults  may  be  used  for  PCs.  Only  the  -DIDEA32  pays  off 

* significantly  if  selectively  set  or  not  set.  Experiment  to  see  what 

* works  best  for  your  machine. 

* 

* Multiplication:  default  is  inline,  - D A V 0 I D_J U M P S uses  a different 

* version  that  does  not  do  any  conditional  jumps  (a  few  percent 

* worse  on  a SPARC,  better  on  other  machines),  while 

* - D S M A L L_C A C H E takes  it  out  of  line  to  stay  within  a small 

* on-chip  code  cache.  (Not  really  applicable  with  current  LI 

* cache  sizes.) 

* Variables:  normally,  16-bit  variables  are  used,  but  some  machines  do 

* not  have  16-bit  registers,  so  they  do  a great  deal  of  masking. 

* -DUSE_IDEA32  uses  "int"  register  variables  and  masks  explicitly 

* only  where  necessary.  On  a SPARC,  for  example,  this  boosts 

* performance  by  30%. 

* 

* The  IDEA(tm)  block  cipher  is  covered  by  a patent  held  by  ETH  and  a 

* Swiss  company  called  Ascom-Tech  AG.  The  Swiss  patent  number  is 

* PCT/ CH91 /001 1 7 . International  patents  are  pending.  IDEA(tm)  is  a 

* trademark  of  Ascom-Tech  AG.  There  is  no  license  fee  required  for 

* noncommercial  use.  Commercial  users  may  obtain  licensing  details  from 

* Dieter  Profos,  Ascom  Tech  AG,  Solothurn  Lab,  Postfach  151,  4502 

* Solothurn,  Switzerland,  Tel  +41  65  242885,  Fax  +41  65  235761. 

* 

* The  IDEA  block  cipher  uses  a 64-bit  block  size,  and  a 128-bit  key 

* size.  It  breaks  the  64-bit  cipher  block  into  four  16-bit  words 

* because  all  of  the  primitive  inner  operations  are  done  with  16-bit 

* arithmetic.  It  likewise  breaks  the  128-bit  cipher  key  into  eight 

* 16-bit  words. 

k 

* For  further  information  on  the  IDEA  cipher,  see  these  papers: 

* 1)  Xuejia  Lai,  "Detailed  Description  and  a Software  Implementation  of 

* the  IPES  Cipher",  Institute  for  Signal  and  Information 

* Processing,  ETH-Zentrum,  Zurich,  Switzerland,  1991 

* 2)  Xuejia  Lai,  James  L.  Massey,  Sean  Murphy,  "Markov  Ciphers  and 

* Differential  Cryptanalysis",  Advances  in  Cryptology  - EUROCRYPT'91 

* 

* This  code  runs  on  arrays  of  bytes  by  taking  pairs  in  big-endian  order 

* to  make  the  16-bit  words  that  IDEA  uses  internally.  This  produces  the 

* same  result  regardless  of  the  byte  order  of  the  native  CPU. 

*/ 

//ifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 

//end  i f 

//include  "cipher. h" 

^include  " i dea . h " 

//include  " pgp/pgpmem  . h " 

//include  " pg  p / u s u a l s . h " 
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/*  If  IDEA32  isn't  predefined  as  1 or  0,  make  a guess.  */ 

# i f n d e f USE_IDEA32 
// i f U I N T_M  A X > Oxffff 
//define  USE_IDEA32  1 
//end  i f 
//end  i f 

#if  USE_IDEA32  /*  Use  > 1 6 — b i t temporaries  */ 

//define  low16(x)  ((x)  S OxFFFF) 

typedef  unsigned  int  u i n 1 1 6 ; / * at  LEAST  16  bits,  maybe  more  * / 

//else 

//define  Low16(x)  (uint16)(x) 
typedef  w o r d 1 6 u i n 1 1 6 ; 

//  e nd  i f 

/*  A few  handy  definitions  */ 

//define  IDEA_R0UNDS  8 

//define  IDE  A_K  E Y L E N ( 6 * I D E A_R  0 U N D S + 4 ) 

//define  I DE  A_KE  YBYTES  ( s i z e o f ( w o r d 1 6 ) * IDE  A_K  E Y L E N ) 

/*  Private  functions  */ 

/*  Expand  a 128-bit  user  key  to  a working  encryption  key  EK  */ 
static  void 

i d e a E x pa nd Key ( by t e const  *userkey,  word16  *EK) 

{ 

int  i , j ; 

for  (j=0;  j<8;  j + + ) { 

EKCj]  = (userkeyC0]<<8)  + userkeyCI]; 
userkey  +=  2; 

> 

for  ( i = 0 ; j < IDE  A_K  E Y L E N ; j++)  { 
i + + ; 

E KC i +7  T = EKCi  & 7]  <<  9 | E K C ( i + 1 ) 8 7T  >>  7; 

EK  +=  i 8 8; 
i 8-  7; 

> 

> /*  i d e a E x pa nd Ke y */ 

/ * 

* MUL(x,y)  computes  x *=  y,  modulo  0x10001.  Requires  two  temps, 

* t 1 6 and  t32.  x is  modified,  and  must  be  a s i d e-e f f e c t - f r e e lvalue. 

* y may  be  anything,  and  is  guaranteed  to  be  evaluated  exactly  once, 

* but  unlike  x,  must  be  strictly  16  bits  even  if  low16()  is  //defined. 

* All  of  these  are  equivalent  - see  which  is  faster  on  your  machine. 

* / 

//if  S M A L L_C  ACHE 

//define  MUL(x,y)  (x  = mu  l ( l ow  1 6 ( x ) , y ) ) 
static  u i n 1 1 6 

mulCregister  uint16  a,  register  uint16  b) 

register  word32  p; 

p = (word32)a  * b; 
if  ( p ) { 

b = low16(p); 
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> else  -C 


a = p>>16; 

return  (b  - a)  + (b  < a); 
return  1-a-b; 


> / * mu  L * / 


//  e l i f AVOID  JUMPS 


//define  MUL(x,y)  ( x = low16(x-1),  1 1 6 = L ow  1 6 ( ( y ) - 1 ) , \ 

t32  = ( wo rd32  ) x* 1 1 6 + x + 1 1 6 , \ 
x = Low16(t32),  t 1 6 = t32>>16,  \ 


= ( x - 1 1 6 ) + ( x < 1 1 6 ) + 1 ) 


//else  / * default  * / 


//define  MUL(x,y)  (x  = \ 

( ( 1 3 2 = (word32)(x  = low16(x))*(t16=(y))  ) ' 

x = low16(t32),  \ 

1 1 6 = ( u i n 1 1 6 ) ( t 32>>1 6 ) , \ 
(x-t16)+(x<t16)  \ 

: \ 

(uint16)(1-x-t16)  \ 

) 


!=  0 ) ? \ 


//end i f 
/ * 

* IDEA  enc  rypt i on/decrypt i on  algorithm.  In  and  out  may  be  the  same  buffer. 

* key  is  a pointer  to  IDEAKEYLEN  words.  (Borland  C 3.1  gives  an  error  if 

* you  declare  it  as  a "word16  const  key C I D E A KE Y L E N D " array.) 

*/ 

static  void 

i d e a C i p h e r ( by t e const  inbufCSd,  byte  outbufC8],  word16  const  *key) 

{ 

register  u i n 1 1 6 xl,  x 2 , x 3 , x4,  s2,  s 3 ; 

//if  ! S M A L L_C  ACHE 

register  uint16  t 1 6 ; /*  Temporaries  needed  by  MUL  macro  */ 

register  word32  t32; 

# e n d i f 

int  r = IDE  A_R  0 U N D S ; 


xl  = 

( u i nt 1 6 ) i nbuf  CO] 

<< 

8 1 

inbufCI]; 

x 2 = 

(uint16)inbufC2d 

<< 

8 1 

inbuf[33; 

x 3 - 

(uint16)inbufC4] 

<< 

8 1 

inbufC5]; 

x 4 = 

(uint16)inbufC6D 

<< 

8 1 

inbufC7]; 

do  ( 

MUL(x1/.*key  + +); 
x2  +=  *key++; 
x3  +=  *key++; 
MUL(x4,  *key++); 

s 3 = x 3 ; 
x 3 A = x 1 ; 

MUL(x3,  *key++); 
s 2 = x 2 ; 
x 2 A = x 4 ; 
x 2 + = x 3 ; 
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M U L ( x 2 , *key++); 
x 3 + = x 2 ; 

xl  A = x2;  x4  A = x 3 ; 

x 2 A=  s 3 ; x 3 A=  s 2 ; 

> while  ( - - r ) ; 

MULCxI,  * k e y + + ) ; 
x3  +=  *key++; 
x2  + = *key++; 

M U L ( x 4 , * k e y ) ; 


outbufCOD 
outbufUl  ] 
ou  t bu  f C 2 d 
outbufC3d 
outbufC4] 
outbufC5d 
outbufC6] 
outbufC7H 

> /*  ideaCipher  */ 


(byte)(x1>>8); 
(byte)xl; 
(byte) (x3>>8); 
(byte)x3; 
(byte)  (x2>>8); 
(byte)x2; 
(byte)(x4>>8); 
(byte)x4; 


/* 

* Exported  functions 

* / 


static  void 

i d e a Key ( v o i d *priv,  byte  const  *key) 

ideaExpandKey(key,  (word16  *)priv); 

> 

static  void 

i dea En c rypt ( vo i d *priv,  byte  const  *in,  byte  *out) 
i deaCi  pher ( i n,  out,  (word16  *)priv); 

> 

/* 

* Do  one  64-bit  step  of  a Tandem  Davies-Meyer  hash  computation. 

* The  hash  buffer  is  32  bytes  long  and  contains  H (0..7),  then  G (8.  .15), 

* then  16  bytes  of  scratch  space.  The  buf  is  8 bytes  long. 

* xkey  is  a temporary  key  schedule  buffer. 

* This  and  the  extra  data  in  the  hash  buffer  are  allocated  by  the 

* caller  to  reduce  the  amount  of  bu f f e r- w i p i n g we  have  to  do. 

* (It's  only  called  from  ideaWash,  so  the  interface  can  be  a bit 

* specialized.) 

* / 

static  void 

i d e a S t e pTa n d em DM ( by t e *hash,  byte  const  *buf,  word16  *xkey) 

C 

i n t i ; 

/*  keyl  = G <<  64  + M,  remembering  that  IDEA  is  big-endian  */ 
memcpy(hash+16,  buf,  8); 
ideaExpandKey(hash+8,  xkey); 

/*  W = E_key 1 ( H ) , key2  = M <<  64  + W */ 
ideaCipher(hash,  hash+24,  xkey); 
ideaExpandKey(hash+16,  xkey); 
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/ * V = E_k  e y 2 ( G ) * / 

ideaCipher(hash+8,  hash+16,  xkey); 

/*  H A=  W,  G A=  V */ 
for  (i  = 0;  i < 8;  i + + ) { 

hashCi]  A = hashCi+24]; 
hashCi+8]  A=  hashCi+163; 

> 

> 

/ * 

* Munge  the  key  of  the  C i p h e r C on t e x t based  on  the  supplied  bytes. 

* This  is  for  random-number  generation,  so  the  exact  technique  is 

* unimportant,  but  it  happens  to  use  the  current  key  as  the 

* IV  for  computing  a tandem  Davi es-Meyer  hash  of  the  bytes, 

* and  uses  the  output  as  the  new  key. 

*/ 

static  void 

i d e a Wa s h ( vo i d *priv,  byte  const  *buf,  unsigned  len) 

{ 

unsigned  i; 
byte  hashC32]; 

word16  * x k e y = (word16  * ) p r i v ; 

/*  Read  out  the  key  in  canonical  byte  order  for  the  IV  */ 
for  (i  = 0;  i < 8;  i++)  f 

hashC2*i]  = (byte)(xkeyCid>>8); 
hashC2*i+1d  = (byte)xkeyCid; 

} 

/*  Do  the  initial  blocks  of  the  hash  */ 
i = len; 

while  (i  >=  8)  f 

ideaStepTandemDMChash,  buf,  xkey); 
b u f + = 8 ; 
i -=  8; 

> 

/ * 

* At  the  end,  we  do  Damgard-Merkle  strengthening,  just  like 

* MD5  or  SHA.  Pad  with  0x80  then  0 bytes  to  6 mod  8,  then 

* add  the  length.  We  use  a 16-bit  length  in  bytes  instead 

* of  a 64-bit  length  in  bits,  but  that  is  cryptographically 

* irrelevant. 

* / 

/*  Do  the  first  partial  block  - i <=  7 */ 
mem c py ( h a s h +2 4 , buf,  i); 
hashC24  + i++]  = 0x80; 
if  ( i > 6 ) { 

memset(hash+24+i,  0,  8-i); 
ideaStepTandemDMChash,  hash+24,  xkey); 

i = 0; 

> 

memset(hash+24+i,  0,  6-i); 
hashE30]  = (byte) (len  >>  8); 
hashC31]  = (byte)len; 

ideaStepTandemDMChash,  hash+24,  xkey); 

/*  Re-schedule  the  key  */ 
ideaExpandKeyChash,  xkey); 
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memsetChash,  0,  sizeof(hash)); 

> 

/ * 

* Define  a struct  Cipher  for  the  generic  cipher.  This  is  the  only 

* real  exported  thing  --  everything  else  can  be  static,  since  everything 

* is  referenced  through  function  pointers! 

* / 

struct  PgpCipher  const  c 
"IDEA", 

P G P_C IPHER_IDEA, 

8, 

16, 

IDE  A_K  EYBYTES, 
alignof(word16), 
i deaKey , 
ideaEncrypt, 
i d e a Wa  s h 


#if  UNITTEST  / * Currently  unused;  left  in  in  case  of  future  need  * / 

/* 

* Compute  the  multiplicative  inverse  of  x,  modulo  65537,  using  Euclid's 

* algorithm.  It  is  unrolled  twice  to  avoid  swapping  the  registers  each 

* iteration,  and  some  subtracts  of  t have  been  changed  to  adds. 

*/ 

static  u i n 1 1 6 
mullnv(uint16  x) 

{ 

u i n 1 1 6 tO,  1 1 ; 
u i n 1 1 6 q,  y; 

if  ( x < = 1 ) 

return  x; 

t 1 = 0x10001 L / x; 
y = 0x1 0001 L % x ; 
if  (y  ==  1 ) 

return  low16(1 

tO  = 1 ; 
do  { 

q = x / y; 
x — x % y ; 
tO  +=  q * 1 1 ; 
if  (x  ==  1 ) 

return 
q = y / X ; 
y = y / x ; 

tl  + = q * 1 0 ; 

> while  (y  !=  1); 
return  Low16(1-t1); 

> / * mullnv  * / 

/* 

* Compute  IDEA  decryption  key  DK  from  an  expanded  IDEA  encryption  key  EK 

* Note  that  the  input  and  output  may  be  the  same.  Thus,  the  key  is 

* inverted  into  an  internal  buffer,  and  then  copied  to  the  output. 

*/ 

static  void 

i d e a I n v e r t Ke y ( w o r d 1 6 const  E K C I D E A_KE Y L E N ] , word16  D KC I D E A_KE Y L E N ] ) 


/*  0 and  1 are  self-inverse  */ 

/*  Since  x >=  2,  this  fits  into  16  bits  */ 


-tl  ); 


tO; 


ipherlDEA  = { 


/*  Blocksize  */ 
/*  Keysize  * / 


529 


lib/ pgp/ cipher/idea. c 


{ 


i n t i ; 

u i n 1 1 6 1 1 , t 2 , 1 3 ; 

w o r d 1 6 tempElDE  A_K  E Y L E N 3 ; 

w o r d 1 6 *p  = temp  + IDE  A_K  E Y L E N ; 


tl  = 

mulInv(*EK++) ; 

1 2 = 

-*EK++; 

1 3 = 

- * E K + + ; 

Q. 

1 

1 

* 

= mulInv(*EK++); 

*--p 

= t3; 

*--p 

= t2; 

*--p 

= tl; 

for  ( 

i = 0 ; i 

< IDE  A_R  0 U N D S - 1 ; 

1 1 = 

*EK++; 

* — p 

= * E K + + ; 

* — p 

= tl; 

1 1 = 

mu  l Inv(*EK  + +) ; 

1 2 = 

- * E K + + ; 

1 3 = 

- * E K + + } 

*--P 

- mulInv(*EK++); 

* — p 

= 1 2 ; 

* — p 

= t 3 ; 

* — p 

= tl; 

> 

tl  = 

* E K + + ; 

*-~P 

= * E K + + ; 

* — p 

= tl; 

tl  = mulInv(*EK++); 
t 2 = - * E K + + ; 
t 3 = - * E K + + ; 

* - - p = mulInv(*EK++); 

* - - p = t 3 ; 

*--p  = 1 2 ; 

* - - p = 1 1 ; 

/*  Copy  and  destroy  temp  copy  */ 

memcpyCDK,  temp,  s i zeof ( temp)  ) ; 
memsetCtemp,  0,  sizeof (temp)); 

> /*  idealnvertKey  */ 


/*  Test  driver  proper  starts  here  */ 

//include  <stdio.h> 

//include  <time.h> 

/ * 

* This  is  the  number  of  Kbytes  of  test  data  to  encrypt. 

* It  defaults  to  1 MByte. 

* / 


# i f nde  f 

BLOCKS 

ft  i f nd  e f 

KBYTES 

//define 
ft  e nd  i f 

KBYTES 

1024 

//define 
//end  i f 

BLOCKS 

(64*KBYTES) 

i n t 

ma i n ( v o i 

d) 
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{ 


/ * Test  driver  for  IDEA  cipher  * / 
i n t i , j , k ; 
byte  userkey[16]; 

word16  E K E I D E A_K  E Y L E N d , D K E I D E A_K E Y L E N d ; 
byte  XXE8d,  Y Y E 8 d , ZZE8d; 
clock_t  start,  end; 

Long  L ; 


/*  Make  a sample  user  key  for  testing...  */ 
f o r ( i = 0 ; i < 1 6 ; i + + ) 

userkeyEid  = i+1; 


/*  Compute  encryption  subkeys  from  user  key...  */ 
ideaExpandKey (userkey,  E K ) ; 
printf ("XnEncryption  key  subblocks:  "); 
for  ( j = 0 ; j < I D E A_R  0 U N D S + 1 ; j++)  { 

printf ("  \ nround  %d:  ",  j + 1); 

if  (j  < IDE  A_R  0 U N D S ) 

f o r ( i = 0 ; i<6;  i++) 

printfC"  % 6 u " , EKEj*6+id) 


else 


> 


f o r ( i = 0 ; i<4;  i + + ) 

printfC"  %6u". 


E K E j * 6 + i 3 ) ; 


/*  Compute  decryption  subkeys  from  encryption  subkeys... 
idealnvertKeyCEK,  D K ) ; 

printf ("XnDecryption  key  subblocks:  "); 
for  ( j =0 ; j <IDEA_R0UNDS+1 ; j++)  { 

printf  ("\nround  %d:  ",  j + 1); 

if  (j  < IDE  A_R  0 U N D S ) 

f o r ( i = 0 ; i<6;  i + + ) 

printfC"  % 6 u " , DKEj*6+id); 


else 


> 


forCi=0;  i<4;  i++) 

printfC"  %6u" , 


DKE  j *6  + i 1 ) ; 


*/ 


/*  Make  a sample  plaintext  pattern  for  testing...  */ 
for  Ck=0;  k<8;  k++) 

X X [ k d = k; 

printfC  "\n  Encrypting  %d  -bytes  C % l d blocks)...",  BL0CKS  + 16, 

fflushCstdout); 

start  = clockC); 

memcpyCYY,  XX,  8); 

for  Cl  = 0;  l < BLOCKS;  1++) 

ideaCipherCYY,  YY,  EK);  /*  repeated  encryption  */ 
memcpyCZZ,  YY,  8); 
for  Cl  = 0;  l < BLOCKS;  1++) 

ideaCipherCZZ,  ZZ,  DK);  /*  repeated  decryption  */ 
end  = clockC)  - start; 
l = end  * 1000  / C L 0 C KS_P E R_S E C + 1; 
i = 1/1000; 
j = l % 1 0 0 0; 

l = BLOCKS  * 16  * CL0CKS_PE  R_S  E C / end; 

p r i n t f C " %d  . %03d  seconds  = %ld  bytes  per  secondin'1,  i,  j,  l) 
printfC "\nX  %3u  %3u  %3u  %3u  %3u  %3u  %3u  \n". 


BLOCKS); 
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X X C 0 3 , XXC13, 

X X C 2 3 

, X X C 3 3 , 

X X C 4 3 , X X E 5 3 , 

X X H 6 3 , 

X X C 7 3 ) ; 

printf("\nY  % 3 u 

% 3 u 

%3u 

% 3u 

%3u  %3u  % 3 u 

\ n " , 

Y Y [ 0 3 , Y Y [ 1 3 , 

Y Y [ 2 3 

, Y Y [ 3 3 , 

YYC43,  YYC53, 

Y Y C 6 3 , 

Y Y C 7 3 ) ; 

printf("\nZ  %3u 

% 3 u 

% 3 u 

%3u 

%3u  %3u  %3u 

\n". 

ZZC03,  Z Z C 1 3 , 

Z Z C 2 3 

, Z Z C 3 3 , 

Z Z C 4 3 , ZZC53, 

ZZC63, 

Z Z C 7 3 ) ; 

/*  Now  decrypted  ZZ  should  be  same  as  original  XX  */ 
for  (k=0;  k<8;  k++) 

if  ( X X C k 3 ! = ZZCk3)  { 

printf("\n\07Error!  Noninvertable  encryption.  \n"); 
exit(-l);  / * error  exit  * / 

> 

printf ("\nNormal  exit. \n"); 
return  0;  / * normal  exit  * / 

> / * main  * / 

#endif  / * 0 * / 
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idea.h 


/* 

* idea.h  - header  file  for  idea.c 

* 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  functions  in  an  application. 

* 

* $Id:  i d e a . h , v 1.5  1 996/1  1 /1  2 02:1  7 : 28  mhw  Exp  $ 

*/ 

# i f nd  e f IDE  A_H 
^define  IDEA  H 


include  "cipher. h"  /*  for  struct  Cipher  */ 

/* 

* This  is  the  definition  of  the  IDEA  cipher,  for  use  with  the 

* PGP  Generic  Cipher  code. 

* / 

extern  struct  PgpCipher  const  cipherlDEA; 

#endif  /*  ! I D E A H */ 
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.cvsignore 

Makefile  DONE 


lib/ pgp/ compress/. cvsignore 


lib  / pgp/ compress/ Makefile,  in 


Makefile.in 

n 

ft  Lib/compress 
# 

U $ I d : Makefile. i n , v 1.11  1996/11/12  02:17:28  mhw  Exp  $ 
# 

0BJS=  zinflate.o 
PUBHDRS=  compress. h 
PRIVHDRS=  zi nf late  . h 

all::  DONE 
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makefile. msc 

PGPLIB=  . .\. .\pgplib. Lib 

CFLAGS=-I..\..\..\ include  -I..\..\include  \ 

- I . . \ \ . -DHAVE_C0NFIG_H=1  $(DEBUG) 


all::  Lib 

headers:  incl 

linclude  "makefile. in 


incl: 

if  not 

" $ ( P U B H D R S ) " == " " \ 

if  not 

for  %f  in  ( $(PUBHDRS) 
"$(PRIVHDRS)"==""  \ 

) do  copy  %f  . 

.\. .\. .\include\pgp 

for  %f  in  ( $(PRIVHDRS) 

) do  copy  %f 

. .\. .\include 

D0S0BJSX= 

$ ( OB J S : . o=  . obj ) 

DOSOB J S = 

$(D0S0BJSX:unix=win32) 

lib:  $(D0S0BJS) 

. c . o b j : 

$ ( C C ) $(CFLAGS)  -17  -c  $< 

# Lib  /out  : $ ( PGPLIB  ) $(PGPLIB)  $*.obj 

clean: 

del  * . o b j 

DONE  : 

if  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(PGPLIB)  $(D0S0BJS) 
if  not  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(D0S0BJS) 
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compress. h 

/ * 

* compress. h --  this  defines  the  compression  and  decompression 

* functions  for  PGP..  It  provides  a generalized  interface  to  the 


* compression  modules, 

* knowledge  of  all  the 

* supported. 

* 

and  keeps  applications  from  requiring 
different  types  of  compression  that  may  be 

* This  is  a Public  API 

Function  Header. 

* 

* $ I d : compress. h,v  1 . 3 1 996/  1 1 /1  2 02:1  7:28  mhw  Exp  $ 

* / 

# i f nde  f PG P_C 0M P R E S S_H 
//define  P G P_C 0 M P R E S S_H 

/ * Defintions  for  known  compression  algorithms  * / 
//define  PG  P_C  OM  P R E S S A LG_Z  I P 1 
Me ndif  /*  PGP  COMPRESS  H */ 
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zinflate.c 

/* 

* inflate. c --  Not  copyrighted  1992,1993  by  Mark  Adler 

* Latest  hacking  on  this  version  by  Colin  Plumb 

* version  p3,  19  Oct  1995 

* 

* Sid : zinflate.c, v 1.16.2.2  1996/11/14  04:09:25  cbertsch  Exp  $ 
*/ 


/* 

★ 

★ 

* 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

* 

* 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

* 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 


You  can  do  whatever  you  like 
prefer  that  if  you  modify  it 
comments  to  that  effect  with 


History: 


vers 

date 

who 

a 

— 

Feb 

92 

M . 

Adler 

b 1 

21 

Mar 

92 

M . 

Adler 

b2 

21 

Mar 

92 

M . 

Adler 

b3 

22 

Mar 

92 

M . 

Adler 

b4 

25 

Mar 

92 

M . 

Adler 

b 5 
b6 

26 

27 

Mar 

Mar 

92 

92 

M . 

M . 

Adler 

Adler 

cl 

30 

Mar 

92 

M . 

Adler 

c 2 

4 

Apr 

92 

M . 

Adler 

c 3 

1 0 

Apr 

92 

M . 

Adler 

c 4 

1 5 

Apr 

92 

M . 

Adler 

c 5 

21 

Apr 

92 

M . 

Adler 

c 6 

31 

May 

92 

M . 

Adler 

c 7 

27 

J un 

92 

G . 

R o e l o f s 

c 8 

5 

Oct 

92 

J - 

l . G a i l l y 

c 9 

9 

Oct 

92 

M . 

Adler 

cl  0 

1 7 

Oct 

92 

G . 

R o e l o f s 

cl  1 

2 

Jan 

93 

M . 

Adler 

cl  2 

3 

Jan 

93 

M . Adler 

cl  3 

5 

Jan 

93 

M . Adler 

with  this  source  file,  though  I would 
and  redistribute  it  that  you  include 
your  name  and  the  date.  Thank  you. 


what 


used  full  (large,  one-step)  lookup  table 
first  version  with  partial  lookup  tables 
fixed  bug  in  fixed-code  blocks 
sped  up  match  copies,  cleaned  up  some 
added  prototypes;  removed  windowl]  (now 
is  the  responsibility  of  u n z i p . h --a l s o 
changed  name  to  slideCT),  so  needs  diffs 
for  unzip. c and  unzip. h (this  allows 
compiling  in  the  small  model  on  MSDOS); 
fixed  cast  of  q in  h u f t_bu i l d ( ) ; 
got  rid  of  unintended  macro  recursion, 
got  rid  of  nextbyteO  routine.  fixed 
bug  in  i n f l a t e_f i x e d ( ) . 

removed  Ibits,  dbits  environment  variables, 
changed  BMAX  to  16  for  explode.  Removed 
OUTB  usage,  and  replaced  it  with  flushO  — 
this  was  a 20%  speed  improvement!  Added 
an  explode. c (to  replace  unimplode. c)  that 
uses  the  huft  routines  here.  Removed 
register  union. 

fixed  bug  for  file  sizes  a multiple  of  32k. 
reduced  memory  of  code  tables  made  by 
huft_build  significantly  (factor  of  two  to 
three)  . 

added  NOMEMCPY  do  kill  use  of  memcpyO. 
worked  around  a Turbo  C optimization  bug. 
added  the  WSIZE  #define  to  allow  reducing 
the  32K  window  size  for  specialized 
applications. 

added  some  typecasts  to  eliminate  warnings 
added  some  more  typecasts  (444:  MSC  bug), 
added  ifdef'd  code  to  deal  with  PKZIP  bug. 
removed  a memory  error  message  (“line  416). 
changed  U LONG / U WO R D / by t e to  ulg/ush/uch, 
removed  old  inflate,  renamed  i n f l a t e_e n t r y 
to  inflate,  added  Mark's  fix  to  a comment, 
fixed  bug  in  detection  of  incomplete 
tables,  and  removed  assumption  that  EOB  is 
the  longest  code  (bad  assumption), 
make  tables  for  fixed  blocks  only  once, 
allow  all  zero  length  codes  (pkzip  2.04c 
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★ 

★ 

★ 

k 

k 

* 

* 

* 

ic 

k 

* 

k 

* 

* 

* 

* 

* 

k 

k 

k 

k 

k 

*/ 


cl  4 

1 2 

Mar 

93 

M . 

Adler 

dO 

25 

Apr 

93 

M . 

Adler 

d 1 

4 

May 

93 

M . 

Adler 

d 2 

5 

May 

93 

M . 

Adler 

Pi 

Nov 

93 

C . 

Plumb 

P2 

1 8 

Oct 

95 

C . 

Plumb 

P 3 

1 9 

Oct 

95 

C . 

Plumb 

outputs  one  zero  length  code  for  an  empty 
distance  tree). 

made  inflate. c standalone  with  the 
introduction  of  inflate. h. 
several  speedups  in  i n f l a t e_c od e s of 
almost  20%  (suggested  by  Urban  Mueller)-- 
now  requires  the  use  of  ba c k f i l l . C c h ] 
deleted  extraneous  statement  in  cheap  loop, 
optimized  common  copy  a little  more, 
calculate  number  of  cheap  loops,  a few 
other  small  optimizations. 

Adpated  to  be  able  to  suspend  itself. 

Pretty  massive  reorganization. 

Many  comments  added. 

Improved  interface  some  more.  Now 
nicely  re-entrant.  Still  more  comments. 
Changed  inflnflate  core  function  so  that 
it  sucks  the  input  completely  dry  before 
returning.  This  gets  rid  of  the  old  ad-hoc 
technique  for  flushing  out  the  last  little 
bit  of  a compressed  file  by  padding  it 
with  some  dummy  data,  which  was  ugly. 


/ * 

k Inflate  deflated  (PKZIP's  method  8 compressed)  data.  The  compression 

* method  searches  for  as  much  of  the  current  string  of  bytes  (up  to  a 

* length  of  258)  in  the  previous  32K  bytes.  If  it  doesn't  find  any 

* matches  (of  at  least  length  3),  it  codes  the  next  byte.  Otherwise,  it 
k codes  the  length  of  the  matched  string  and  its  distance  backwards  from 

* the  current  position.  There  is  a single  Huffman  code  that  codes  both 

* single  bytes  (called  "literals")  and  match  lengths.  A second  Huffman 

k code  codes  the  distance  information,  which  follows  a length  code.  Each 

* length  or  distance  code  actually  represents  a base  value  and  a number 

* of  "extra"  (sometimes  zero)  bits  to  get  to  add  to  the  base  value.  At 

* the  end  of  each  deflated  block  is  a special  end-of-block  (EOB)  literal/ 

* length  code.  The  decoding  process  is  basically:  get  a l i t e r a l / l eng t h 

* code;  if  EOB  then  done;  if  a literal,  emit  the  decoded  byte;  if  a 

* length  then  get  the  distance  and  emit  the  ref erred-to  bytes  from  the 

* sliding  window  of  previously  emitted  data. 

* 

* There  are  (currently)  three  kinds  of  inflate  blocks:  stored,  fixed,  and 

* dynamic.  The  compressor  outputs  a chunk  of  data  at  a time  and  decides 

k which  method  to  use  on  a c h u n k-by- c h u n k basis.  A chunk  might  typically 
k be  32K  to  64K,  uncompressed.  If  the  chunk  is  u n c omp r e s s i b l e , then  the 
k "stored"  method  is  used.  In  this  case,  the  bytes  are  simply  stored  as 
k is,  eight  bits  per  byte,  with  none  of  the  above  coding.  The  bytes  are 

* preceded  by  a (16-bit)  count,  since  there  is  no  longer  an  EOB  code. 

* 

* If  the  data  is  compressible,  then  either  the  fixed  or  dynamic  methods 
k are  used.  In  the  dynamic  method,  the  compressed  data  is  preceded  by 

* an  encoding  of  the  l i t e r a l / l e ng t h and  distance  Huffman  codes  that  are 

* to  be  used  to  decode  this  block.  The  representation  is  itself  Huffman 
k coded,  and  so  is  preceded  by  a description  of  that  code.  These  code 

* descriptions  take  up  a little  space,  and  so  for  small  blocks,  there  is 

* a predefined  set  of  codes,  called  the  fixed  codes.  The  fixed  method  is 

* used  if  the  block  ends  up  smaller  that  way  (usually  for  quite  small 

* chunks);  otherwise  the  dynamic  method  is  used.  In  the  latter  case,  the 


540 


lib/ pgp/ compress/ zinflate.c 


* codes  are  customized  to  the  probabilities  in  the  current  block  and  so 

* can  code  it  much  better  than  the  pre-determi ned  fixed  codes  can 

* 

* The  Huffman  codes  themselves  are  decoded  using  a mutli-level  table 

* lookup,  in  order  to  maximize  the  speed  of  decoding  plus  the  speed  of 

* building  the  decoding  tables.  See  the  comments  below  that  precede  the 

* LBITS  and  DBITS  tuning  parameters 
*/ 


/* 

* Notes  beyond  the  1.93a  appnote.txt: 

* 

* 1.  Distance  pointers  never  point  before  the  beginning  of  the  output 

* stream. 

* 2.  Distance  pointers  can  point  back  across  blocks,  up  to  32k  away. 

* 3.  There  is  an  implied  maximum  of  7 bits  for  the  bit  length  table  and 

* 15  bits  for  the  actual  data. 

* 4.  If  only  one  code  exists,  then  it  is  encoded  using  one  bit.  (Zero 

would  be  more  efficient,  but  perhaps  a little  confusing.)  If  two 

* codes  exist,  they  are  coded  using  one  bit  each  (0  and  1). 

* 5.  There  is  no  way  of  sending  zero  distance  codes  — a dummy  must  be 

sent  if  there  are  none.  (History:  a pre  2.0  version  of  PKZIP  would 

* store  blocks  with  no  distance  codes,  but  this  was  discovered  to  be 

* too  harsh  a criterion.)  Valid  only  for  1.93a.  2.04c  does  allow 

zero  distance  codes,  which  is  sent  as  one  code  of  zero  bits  in 

* length. 

* 6.  There  are  up  to  286  l i t e r a l / l e n g t h codes.  Code  256  represents  the 

* end-of-b lock . Note  however  that  the  static  length  tree  defines 
288  codes  just  to  fill  out  the  Huffman  codes.  Codes  286  and  287 
cannot  be  used  though,  since  there  is  no  length  base  or  extra  bits 

* defined  for  them.  Similarity,  there  are  up  to  30  distance  codes. 

* However,  static  trees  define  32  codes  (all  5 bits)  to  fill  out  the 

* Huffman  codes,  but  the  last  two  had  better  not  show  up  in  the  data. 

* 7.  Unzip  can  check  dynamic  Huffman  blocks  for  complete  code  sets. 

The  exception  is  that  a single  code  would  not  be  complete  (see  #4). 

* 8.  The  five  bits  following  the  block  type  is  really  the  number  of 

* literal  codes  sent  minus  257. 

* 9.  Length  codes  8,16,16  are  interpreted  as  13  length  codes  of  8 bits 

* (1+6+6).  Therefore,  to  output  three  times  the  length,  you  output 

* three  codes  (1+1+1),  whereas  to  output  four  times  the  same  length, 

* you  only  need  two  codes  (1+3).  Hmm. 

* 10.  In  the  tree  reconstruction  algorithm.  Code  = Code  + Increment 

* only  if  BitLength(i)  is  not  zero.  (Pretty  obvious.) 

* 11.  Correction:  4 Bits:  ft  of  Bit  Length  codes  - 4 (4  - 19) 

* 12.  Note:  length  code  284  can  represent  227-258,  but  length  code  285 

* really  is  258.  The  last  length  deserves  its  own,  short  code 

* since  it  gets  used  a lot  in  very  redundant  files.  The  length 

* 258  is  special  since  258  - 3 (the  min  match  length)  is  255. 

* 13.  The  literal/length  and  distance  code  bit  lengths  are  read  as  a 

* single  stream  of  lengths.  It  is  possible  (and  advantageous)  for 

* a repeat  code  (16,  17,  or  18)  to  go  across  the  boundary  between 

* the  two  sets  of  lengths. 

*/ 

# i f d e f H A V E_C  0 N F I G_H 
^include  "config.h" 
ft  e nd  i f 
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//include  <assert  . h> 
//include  <string.h> 


/ * for  memsetO  * / 


# i n c L ud  e 
^include 
//include 


"pgp/pgpmem.h" 

"pgp/usuals.h" 

"zinflate.h1' 


/ * Increasing  these  only  wastes  space,  so  they  can  be  changed  if  necessary  * / 
typedef  word16  ush; 
typedef  word32  ulg; 


/*  Private  context  structure  for  use  by  all 
struct  I n f l a t e C o n t e x t { 

/*  Major  state  information  */ 
i n t 


u n s 
u n s 
u n s 
u n s 
u n s 


state 

f 

substate; 

lastblock; 

Output 

-related  informati 

on  * / 

i gned 

char  *slide; 

/ * 

Circular 

i gned 

char  *slideend; 

i gned 

s l i d e l e n ; 

/* 

s l i d e e nd 

i g n e d 

slidemask; 

/* 

s l i d e l e n 

i g n e d 

char  *outptr; 

/* 

Pointer 

i g n e d 

char  const  *readptr;  /* 

functions.  * / 


output  buffer  * / 

-slide  - MUST  BE  POWER  OF  2 */ 
-1  */ 

into  slide  * / 

Pointer  into  slide  for  reading 


★ / 


/*  I n pu t - r e l a t e d information  */ 

unsigned  char  const  *inptr;  /*  Input  pointer  */ 

int  inlen;  / * Input  length  * / 

ulg  bitbuffer; 
unsigned  bufbits; 


/*  The  l i t e r a l / l e ng t h tree  - also  used  for  the  bit-length  tree  */ 
struct  huft  *tree1; 
unsigned  bits'!  ; 


/*  The  distance  tree  */ 
struct  huft  * t r e e 2 ; 
unsigned  bits2; 

/*  Encoded  huffman  tree  */ 
unsigned  char  bitlenC286+30]; 

/*  For  dynamic  trees  */ 
unsigned  bitlengths; 
unsigned  litcodes; 
unsigned  distcodes; 


/*  Used  in  various  places  */ 
struct  huft  const  * t ; 
unsigned  copy  len; 
int  distbase; 

int  numbits;  /*  ft  of  bits  in  dyn.  tree  repeat  and  after  dist.  code*/ 

unsigned  index;  /*  Position  in  dynamic  tree  bit  lengths  we've  read  to*/ 


/*  Options  for  behaviour  */ 

//ifndef  SECURE 

//define  SECURE  1 /*  Wipe  memory  before  freeing 


it?  * / 
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tt  e nd  i f 

tt  i f nde  f 
ttd  e f i n e 
tt  e nd  i f 

WSIZE 

WSIZE  32768 

tt  i f nde  f 
tt  d e f i n e 
#end  i f 

STRICT 
STRICT  1 

/* 

/*  Window  size  - 32768  for  PKZIP  compatibility  */ 


/*  Require  unused  bits  to  be  zero?  */ 


★ 

★ 

★ 

★ 

★ 

★ 

★ 


Huffman  code  lookup  table  entry--this  entry 
that  have  16-bit  pointers  (e.g.  PC's  in  the 
Valid  extra  bits  are  0..13.  e ==  32  is  EOB 
means  that  v is  a literal,  e < 0 means  that 
table,  which  codes  -e  bits,  and  lastly  e == 
code.  If  a code  with  e = = —128  is  looked  up 
the  data . 


is  four  bytes  for  machines 
small  or  medium  model), 
(end  of  block),  e ==  16 
v is  a pointer  to  the  next 
-128  indicates  an  unused 
, this  implies  an  error  in 


*/ 


struct 


> ; 


h u f t C 
union  { 


> word; 
union  { 


} more; 


struct  C 

signed  char  exop;  / * tt  of  extra  bits  or  operation  * / 
char  bits;  /*  tt  of  bits  in  this  code/subcode  * / 

> what; 

char  * p a d ; /*  pad  structure  to  a power  of  2 (4  bytes  for*/ 

/*  16-bit,  8 bytes  for  32-bit  machines)  * / 


ush  base;  / * 

struct  huft  * n e x t ; 


literal,  length  base,  or  distance  base 
/*  pointer  to  next  level  of  table  */ 


*/ 


^define  base 
^define  next 
#define  exop 
^define  bits 


mo  r e . ba  s e 
more. next 
word. what. exop 
word  . what  .bits 


/*  Function  prototypes  */ 

# i f nde  f OF 

tt  if  definedC STDC ) ||  definedC cplusplus) 

tt  define  0F(a)  a 

tt  else 

tt  define  0F(a)  () 

tt  end  i f 
tt  e nd i f 

static  int  huft build  OF((unsigned  char  const  *,  unsigned,  unsigned, 

ush  const  *,  ush  const  *,  struct  huft  **, 
unsigned  *)); 

static  int  huft_free  0F( (struct  huft  *)); 

/ * 

* The  inflate  algorithm  uses  a sliding  32K  byte  window  on  the  uncompressed 

* stream  to  find  repeated  byte  strings.  This  is  implemented  here  as  a 

* circular  buffer.  The  index  is  updated  simply  by  incrementing  and  then 

* and'ing  with  0x7fff  (32K-1). 

* / 
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/*  Tables  for  deflate  from  PKZIP's  appnote.txt.  */ 

static  unsigned  const  borderCD  = C /*  Order  of  the  bit  length  code  lengths  */ 
16,  17,  18,  0,  8,  7,  9,  6,  10,  5,  11,  4 , 12,  3 , 13,  2,  14,  1,  1 5 > ; 

static  ush  const  cplensCD  = { /*  Copy  lengths  for  literal  codes  257. .285  */ 

1,  2,  3,  4,  5,  6,  7,  8,  9,  11,  13,  15,  17,  21,  25,  29, 

33,  41,  49,  57,  65,  81,  97,  113,  129,  161,  193,  225,  256,  0,  0>; 

/ * actually  lengths  - 2;  also  see  note  #13  above  about  258  * / 


static  ush  const 
0,  0,  0, 
3,  3,  3, 


cplextC]  = C /*  Extra  bits  for  literal  codes  2 57.  .285  */ 

0,  0,  0,  0,  0,  1,  1,  1,  1,  2,  2,  2,  2, 

3,  4,  4,  4,  4,  5,  5,  5,  5,  0,  128,  128>;  /*  128==invalid  */ 


static  ush  const  cpdistb]  = { /*  Copy  offsets  for  distance  codes  0..29  */ 
1,  2,  3,  4,  5,  7,  9,  13,  17,  25,  33,  49,  65,  97,  129,  193, 

257,  385,  513,  769,  1025,  1537,  2049,  3073,  4097,  6145, 

8193,  12289,  16385,  24577}; 


static  ush  const  cpdextH]  = { /*  Extra  bits  for  distance  codes  */ 
0,  0,  0,  0,  1,  1,  2,  2,  3,  3,  4,  4,  5,  5,  6,  6, 

7,  7,  8,  8,  9,  9,  10,  10,  11,  11, 

12,  12,  13,  1 3 > ; 


/*  And'ing  with  maskCn]  masks  the  lower  n bits  */ 
static  unsigned  const  maskM7]  = C 
0x0000  , 

0x0001,  0x0003,  0x0007,  OxOOOf,  OxOOIf,  0x003f,  0x007f,  OxOOff, 
0x01 f f , 0x03f  f , 0 x 0 7 f f , OxOfff,  Oxlfff,  0x3fff,  0x7fff,  Oxffff 

> ; 


/*  Macros  for  inflate!)  bit  peeking  and  grabbing. 

* The  usage  is: 

★ 

* NEEDBITS  ( j ) 

* x=b&maskCj]; 

* DUMPBITS  ( j ) 

* 

* where  NEEDBITS  makes  sure  that  b has  at  least  j bits  in  it,  and 

* DUMPBITS  removes  the  bits  from  b.  The  macros  use  the  variable  k 

* for  the  number  of  bits  in  b.  Normally,  b and  k are  register 

* variables  for  speed,  and  are  initialized  at  the  beginning  of  a 

* routine  that  uses  these  macros  from  a global  bit  buffer  and  count. 

* 

* It  is  allowed  for  more  bits  to  be  requested  than  actually  used. 

* The  remainder  stay  in  the  bit  buffer.  NOTE  that  a few  more 

* bytes  than  necessary  may  be  grabbed  at  the  end  of  input. 

* This  should  not  be  fatal  as  long  as  the  grabbed  bits  stay 

* in  the  bit  buffer.  The  wrapup  functions  should  check  for  this. 

* There  is  also  the  macro  GRABBITS  which  is  like  NEEDBITS,  but  uses 

* * g + + to  get  the  byte  without  checking  availability.  This  requires 

* using  AVAILBYTES  first  to  assure  that  the  needed  bytes  are  there 

* already.  g is  set  to  inptr  and  then  inptr  is  restored  to  g around 

* this  usage. 

*/ 

/ * 
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* Variable  usage: 

* b = bit  buffer,  k l e a s t - s i g n i f i c a n t bits  valid 

* k = # of  bits  in  bit  buffer 

* g = grab  bits  pointer  (pointer  to  next  byte  to  add:  b |=  *g  + + <<  k) 

* s = S of  bytes  available 

* ctx  = I n f l a t e C o n t e x t 
*/ 

/ * Functions  to  save  the  state  of  the  bit  buffer  before  returning  * / 

# d e f i n e LOADBITBUF  \ 

(b  = ctx->bi tbuf f er,  k = c t x-> bu f b i t s , g = c t x -> i np t r , s = c t x -> i n l e n ) 

# d e f i n e SAVEBITBUF  \ 

( ctx->bi tbuf f er  = b,  c t x -> b u f b i t s = k , c t x - > i n p t r = g , c t x -> i n l e n = s ) 

# d e f i n e S A V E B I T B U F E M P T Y \ 

( ctx->bi tbuf f er  = b,  c t x - > b u f b i t s = k , c t x - > i n p t r = g , c t x - > i n l e n = 0 ) 


/ * 

* A simple  macro  to  ensure  that  at  least  "x"  bits  are  in  the  bit  buffer. 

* Does  NOT  check  for  input  underflow  (s  < 0). 

*/ 

# d e f i n e GRABBITS(x)  \ 

while(k<x)(\ 

- - s ; \ 

b |=  ( u l g ) * g + + <<  k;  \ 
k +=  8;  \ 

> 


/* 

* Get  "x"  bits  in  the  input  buffer  or  execute  the  "whatif"  code. 

* NOTE  NOTE  NOTE  that  if  the  "whatif"  code  is  executed,  s is  set  to  -1! 

* (This  is  faster  on  a lot  of  machines.)  You  will  usually  have  to 

* reset  it  to  0 manually. 

* / 

^define  GETBITS0R(x,  whatif)  \ 

while  (k  < ( u n s i g n e d ) ( x ) ) ( \ 

i f (--s  < 0)  { \ 
whatif;  \ 

> \ 

b |=  ( u l g ) * g + + <<  k;  \ 
k +=  8;  \ 

> 

/ ★ 

* A macro  to  ensure  that  there  are  at  least  "x"  bits  available  in  the 

* bit  buffer.  If  there  are  not,  the  bit  buffer  is  saved  back  into  the 

* context,  and  any  code  in  "savestate"  is  run  to  save  any  additional 

* context  that  might  be  needed.  Then,  "return  1"  means  that  more  input  is 

* needed. 

* / 

#define  NEEDBITS(x,  savestate)  \ 

GETBITS0R(x,  savestate;  SAVEBITBUFEMPTY;  return  1) 

/ * 

* NEEDBITS2  uses  two  figures  for  the  number  of  bits  required.  The  first, 

* x,  is  cheap  to  compute  and  is  used  unless  we  run  out  of  input  data. 

* If  that  happens,  the  more  expensive  value,  x2,  is  used. 

* / 

#define  NEEDBITS2(x,  x2,  savestate)  \ 

NEEDBITS(x,  if  (k  >=  (unsigned) (x2) ) (s=0;  break;}  savestate) 
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//define  DUMPBITS(x)  (b  >>=  x,  k -=  x) 

/ * 

* Huffman  code  decoding  is  performed  using  a multi-level  table  lookup. 

* The  fastest  way  to  decode  is  to  simply  build  a lookup  table  whose 

* size  is  determined  by  the  longest  code.  However,  the  time  it  takes 

* to  build  this  table  can  also  be  a factor  if  the  data  being  decoded 

* is  not  very  long.  The  most  common  codes  are  necessarily  the 

* shortest  codes,  so  those  codes  dominate  the  decoding  time,  and  hence 

* the  speed.  The  idea  is  you  can  have  a shorter  table  that  decodes  the 

* shorter,  more  probable  codes,  and  then  point  to  subsidiary  tables  for 

* the  longer  codes.  The  time  it  costs  to  decode  the  longer  codes  is 

* then  traded  against  the  time  it  takes  to  make  longer  tables. 

* 

* This  results  of  this  trade  are  in  the  values  LBITS  and  DBITS 

* below.  LBITS  is  the  number  of  bits  the  first  level  table  for  literal/ 

* length  codes  can  decode  in  one  step,  and  DBITS  is  the  same  thing  for 

* the  distance  codes.  Subsequent  tables  are  also  less  than  or  equal  to 

* those  sizes.  These  values  may  be  adjusted  either  when  all  of  the 

* codes  are  shorter  than  that,  in  which  case  the  longest  code  length  in 

* bits  is  used,  or  when  the  shortest  code  is  *longer*  than  the  requested 

* table  size,  in  which  case  the  length  of  the  shortest  code  in  bits  is 

* used. 

* 

* There  are  two  different  values  for  the  two  tables,  since  they  code  a 

* different  number  of  possibilities  each.  The  l i t e r a l / l eng t h table 

* codes  286  possible  values,  or  in  a flat  code,  a little  over  eight 

* bits.  The  distance  table  codes  30  possible  values,  or  a little  less 

* than  five  bits,  flat.  The  optimum  values  for  speed  end  up  being 

* about  one  bit  more  than  those,  so  LBITS  is  8+1  and  DBITS  is  5+1. 

* The  optimum  values  may  differ  though  from  machine  to  machine,  and 

* possibly  even  between  compilers.  Your  mileage  may  vary. 

* / 

//define  LBITS  9 /*  bits  in  base  l i t e r a l / l e n g t h lookup  table  */ 

//define  DBITS  6 /*  bits  in  base  distance  lookup  table  */ 

/*  If  B M A X needs  to  be  larger  than  16,  then  h and  xC]  should  be  ulg.  */ 
//define  BMAX  15  /*  maximum  bit  length  of  any  code  (16  for  explode)  */ 

//define  N_M A X 288  /*  maximum  number  of  codes  in  any  set  */ 

//if  defined( STDC ) ||  definedC cplusplus) 

static  int 

h u f t_bu i l d ( u n s i g n e d char  const  *b,  unsigned  n,  unsigned  s,  ush  const  *d, 
ush  const  *e,  struct  huft  **t,  unsigned  *m) 

# e l s e 

static  int 
h u f t_bu i l d ( b , n,  s, 
unsigned  char  * b ; 
unsigned  n; 
unsigned  s; 
ush  const  *d ; 
ush  const  * e ; 
struct  huft  * * t ; 
unsigned  * m ; 
ft  e nd  i f 
/ * 

* Given  a list  of  code  lengths  and  a maximum  table  size,  make  a set  of 


d,  e,  t,  m) 

/*  code  lengths  in  bits  (all  assumed  <=  BMAX)  */ 
/*  number  of  codes  (assumed  <=  N_MAX)  */ 

/*  number  of  s i mp  l e-va  l ued  codes  (0..S-1)  */ 

/*  list  of  base  values  for  non-simple  codes  */ 

/*  list  of  extra  bits  for  non-simple  codes  */ 

/*  result:  starting  table  */ 

/*  suggested  lookup  bits,  returns  actual  */ 
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* tables  to  decode  that  set  of  codes.  Return  values: 

* 0 = success 

* 1 = the  given  code  set  is  incomplete 

* (the  tables  are  still  built  in  this  case) 

* 2 = the  input  is  invalid 

* (all  zero  length  codes  or  an  oversubscribed  set  of  lengths) 

* 3 = not  enough  memory. 

*/ 


unsigned 

a; 

/* 

unsigned 

c [ B M A X + 1 D ; 

/* 

unsigned 

f; 

/* 

i nt  g; 

/* 

i n t h ; 

/* 

r e g i ster 

unsigned  i; 

/ * 

register 

unsigned  j ; 

/* 

register 

i n t k ; 

/* 

i n t l ; 

/* 

register 

unsigned  char  const 

* bp 

register 

unsigned  *p; 

/* 

register 

struct  huft  *q; 

/* 

struct  huft  r; 

/* 

struct  huft  *u[BMAX3 ; 

/ * 

unsigned 

v C N_M  A X D ; 

/* 

r e g i ster 

i n t w ; 

/ * 

unsigned 

xCBMAX+1 3 ; 

/* 

unsigned 

* x p ; 

/* 

i n t y; 

/* 

unsigned 

z; 

/* 

counter  for  codes  of  length  k */ 

bit  length  count  table  */ 

i repeats  in  table  every  f entries  * / 

maximum  code  length  */ 

table  level  * / 

counter,  current  code  */ 

counter  * / 

number  of  bits  in  current  code  */ 
bits  per  table  (returned  in  m)  */ 

/*  pointer  into  b C II  */ 
pointer  into  cCD  or  vCI  * / 
points  to  current  table  */ 
table  entry  for  structure  assignment  */ 
table  stack  * / 

values  in  order  of  bit  length  */ 
bits  before  this  table  ==  (l  * h)  */ 
bit  offsets,  then  code  stack  */ 
pointer  into  x * / 
number  of  dummy  codes  added  */ 
number  of  entries  in  current  table  */ 


/*  Generate  counts  for  each 
memset(c,  0,  sizeof(c)); 
bp  = b ; i = n ; 
do  { 

cC*bp++]++; 

> while  ( - - i ) ; 
if  (cCOD  ==  n) 

C 

* t = (struct  huft  * ) N 1)  L L ; 

* m = 0 ; 
return  0; 

> 


bit  length  * / 

/*  assume  all  entries  <=  BM AX  */ 

/*  null  input  — all  zero  length  codes  */ 


/*  Find  minimum  and  maximum  length,  bound  *m  by  those  */ 
l = * m ; 

for  (j  = 1;  j <=  B M A X ; j++) 
if  ( c C j ] ) 
break; 

k = j ; /*  minimum  code  length  */ 

if  ( ( unsigned  ) l < j) 

( = j; 

for  (i  = BMAX;  i;  i - - ) 
if  ( c C i ] ) 
break; 

9 = i ; /*  maximum  code  length  */ 

if  ((unsigned ) l > i) 
l = i ; 
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*m  = l ; 


/*  Adjust  Last  Length  count  to  f i L L out  codes,  if  needed  */ 
for  (y  = 1 <<  j;  j < i;  j++,  y <<=  1) 

if  C ( y -=  cCjl)  < 0) 

return  2 ; / * bad  input:  more  codes  than  bits  * / 

if  ( (y  -=  cCi  ])  < 0) 
return  2; 
c C i ] +=  y ; 


/*  Generate  starting  offsets  into  the  vaLue  tabLe  for  each  Length  */ 
x [ 1 ] = j = 0 ; 
p = c + 1 ; x p = x + 2 ; 

whiLe  (--i)  { /*  note  that  i ==  g from  above  */ 

* x p + + = (j  +=  *p++); 

> 


/*  Make  a tabLe  of  va  Lues  in  order  of  bit  Lengths  */ 
bp=b;  i = 0 ; 
do  { 

if  ((j  = * b p + + ) ! = 0) 

v[xCj]++D  = i; 

> whiLe  (++i  < n); 


/*  Generate  the  Huffman  codes  and  for  each,  make  the  tabLe  entries  */ 


xC0D=i=0;  / * 

p = v ; / * 

h = - 1 ; / * 

w = - L ; / * 

u [ 0 ] = (struct  huft  *)NULL;  / * 
q = (struct  huft  * ) N U L L ; / * 

z = 0 ; / * 


first  Huffman  code  is  zero  */ 
grab  vaLues  in  bit  order  */ 
no  tabLes  yet--LeveL  -1  */ 

bits  decoded  ==  (L  * h)  */ 
just  to  keep  compi Lers  happy  */ 
ditto  * / 
ditto  * / 


/*  go  through  the  bit  Lengths  (k  a L ready  is  bits  in  shortest  code)  */ 
for  ( ; k <=  g;  k++)  f 
a = c L k D ; 
whiLe  (a--)  { 

/*  here  i is  the  Huffman  code  of  Length  k bits  for  vaLue  *p  */ 

/*  make  tabLes  up  to  required  LeveL  */ 
whiLe  (k  > w + L)  •( 
h + + ; 

w+=  L;  /*  previous  tabLe  aLways  L bits*/ 


/*  compute  minimum 
z=(z=g-w)> 
if  ( ( f = 1 <<  (j  = 

f -=  a + 1 ; 
x p = c + k ; 
whiLe  ( ++ j < z) 
if  ( (f  <<=  1 ) 
break; 
f -=  *x p ; 


size  tabLe  Less  than  or  equal  to  L bits  */ 
(unsigned)L  ? L : z;  /*  upper  Limit  on  tabLe 
k - w))  > a + 1)  /*  try  a k-w  bit  table 

/*  too  few  codes  for  k-w  bit  table  */ 

/*  deduct  codes  from  patterns  Left  */ 

{ /*  try  smaller  tabLes  up  to  z bits  */ 

<=  * + + x p ) 

/*  enough  codes  to  use  up  j bits  */ 

/*  else  deduct  codes  from  patterns  */ 


*/ 


> 


> 


i z e * / 
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z = 1 <<  j; 


/*  table  entries  for  j-bit  table  */ 


/*  allocate  and  link  in  new  table  */ 

if  ((q  = (struct  huft  * ) pgpMemA  l l oc ( ( z + 1 ) * s i z e o f ( s t r u c t huft)))  = = 
(struct  huft  *)NULL) 

if  ( h ) 

h u f t_f ree(ulO]); 

return  3 ; / * not  enough  memory  * / 

U i f SECURE 

q->bits  = (char)j;  / * Track  size  for  free  * / 

ft  e nd  i f 

* t = q + 1 ; /*  link  to  list  for  huft_free()  */ 

*(t  = S (q->next  ) ) = (struct  huft  *)NULL; 

uEh]  = ++q;  / * table  starts  after  link  * / 


> 


/*  connect  to  last  tabl 
if  (h)  { 
x C h □ = i ; 
r.bits  = (char)  l; 
r.exop  = -(char)j; 
r.next  = q ; 
j = i >>  (w  - l ) ; 
u C h - 1 1 L j 3 = r ; 


e,  if  there  is  one  * / 

/ * save  pattern  for  backing 
/*  bits  to  dump  before  this 
/*  bits  in  this  table  */ 

/*  pointer  to  this  table  */ 
/*  (get  around  Turbo  C bug) 
/*  connect  to  last  table  */ 


up  * / 
table 


*/ 


★ / 


/*  set  up  table  entry  in  r */ 
r.bits  = (charMk  - w); 
if  (p  >=  v + n)  { 

r.exop  = -128;  /*  out  of  values  — invalid  code  */ 

} else  if  (*p  < s)  ( 

r.exop  = (char) (*p  < 256  ? 16  : 32);  /*  256  is  end-of-block  code  */ 

r.base  = *p++;  /*  simple  code  is  just  the  value  */ 

> else  f 

r.exop  = (char )eC*p  - s ] ; /*  non-simple — look  up  in  lists  */ 

r.base  = dC*p++  - s ] ; 


/*  fill  code-like  entries  with  r */ 
f = 1 <<  (k  - w); 

for  (j  = i >>  w;  j < z;  j +=  f) 
q C j D = r ; 

/*  backwards  increment  the  k-bit  code  i */ 
for  ( j = 1 < < ( k - 1 ) ; i & j ; j > > = 1 ) 


/ * back  up  over  finished  tables  */ 
while  ( ( i 8 ((1  <<  w)  - 1))  !=  x C h ] ) { 

h ; /*  don't  need  to  update  q */ 

w — = l; 

} 

> 

> 
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/*  Return  true  (1)  if  we  were  given  an  incomplete  table  */ 
return  y !=  0 &&  g !=  1; 


#if  definedl STDC ) 

static  i n t 

huf t_f reelstruct  huft 
//else 

static  i n t 
huf  t_f  ree(t) 
struct  huft  * t ; 
ff  e nd  i f 
/* 

* Free  the  malloc'ed 

* list  of  the  tables 

* each  table. 

*/ 


||  definedl cplusplus) 

* t ) 


/ * table  to  free  * / 


tables  built  by  huft_bu 
it  made,  with  the  links 


{ 

register  struct  huft  * p , * q ; 


ld(),  which  makes  a linked 
in  a dummy  -1st  entry  of 


/*  Go  through  linked  list,  freeing  from  the  malloced  (tC-ID)  address.  */ 

P-t; 

while  (p  !=  (struct  huft  *)NULL) 

{ 

q = l--p)->next; 
ft  i f SECURE 

memsetlp,  0,  (1+(1<<p->bits))  * sizeof(*p)); 

# e n d i f 

pgpMemFreelp) ; 

P = q; 

> 

return  0; 

> 


/* 

* Colin's  new  code. 

* / 


//define 
//define 
if  d e f i n e 
//define 
//define 
ft  d e f i n e 
//define 
# d e f i n e 
//define 


S T A T E_S  TART  0 
STATE_STOREDLEN  1 
S T A T E_S  T 0 R E D 2 
S T A T E_D  Y N_H  D R 3 
S T A T E_D  Y N_B ITS  4 
S T A T E_D  Y N_T  REE  5 
S T A T E_I N F L A T E 6 
S T A T E_D  ONE  7 
STATE  STOP  8 


/* 

* All  these  functions  return 

* 2 if  the  output  buffer  is  full 

* 1 if  the  input  buffer  is  empty 

* 0 if  things  should  continue  with  the  new  ctx->state,  and 

* <0  on  error. 

*/ 


static  i n t 
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i nf S t oredLen ( s t rue t Inf lateContext  *ctx) 
{ 

u L g b ; 
unsigned  k ; 
i n t s ; 

unsigned  char  const  *g; 
unsigned  t; 


LOADBITBUF; 
t = k & 7; 
ft  i f STRICT 

if  (b  S maskttD)  / * Require  unused  bits  are 

return  I N F E R R_B A D I N PU T ; 

Send i f 

DUMPBITS(t) ; 


zero  * / 


NEEDBITSC32,  (void)O); 

/*  At  this  point,  k is  exactly  32  */ 

ctx->copylen  = (unsigned)b  S Oxffff; 
t = "(unsigned) (b>>16)  & Oxffff; 
b = 0; 
k = 0; 


SAVEBITBUF; 

if  (t  \-  c t x -> c o py l e n ) 

return  I N F E R R_B A D I N PU T ; /*  Two  lengths  not  identical  */ 

ctx->state  = S T A T E_S  T 0 R E D ; 
ctx->substate  = 0; 

return  0; 

> 

/* 

* Process  the  data  in  a stored  block.  Copy  the  input  data  to 

* the  circular  buffer,  flushing  it  as  necessary. 

*/ 

static  i n t 

infStoredCstruct  I n f l a t e C o n t e x t *ctx) 

int  len;  /*  ft  of  bytes  to  copy  */ 

int  retval  = 1;  /*  Out  of  memory  */ 

a s s e r t ( c t x-> bu f b i t s ==  0); 

len  = ctx->i n len; 

if  ((unsigned)  len  >=  ctx->copylen)  { 

len  = ctx->copylen;  /*  Copy  done!  */ 

ctx->state  = S TAT E_S TART; 
retval  = 0; 

> 

if  (len  > ctx->slideend-ctx->outptr)  { 

len  = (int)(ctx->slideend-ctx->outptr); 
retval  = 2;  /*  Output  buffer  full  */ 

} 


memcpy(ctx->outptr,  ctx->inptr,  len); 
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> 


ctx->inptr  += 
ctx->inlen  -= 
ctx->outptr  += 
ctx->copylen  - 


len; 

len; 

Len; 

= (unsigned) Len; 


/*  Return  2 if  output  fuLL,  1 if  input  empty,  0 otherwise  (copy  done)*/ 
return  retvaL; 


static  i n t 

i n f Dy n Hd r ( s t r u c t I n f L a t e C o n t e x t *ctx) 

{ 

u L g b ; 
unsigned  k; 
i n t s ; 

unsigned  char  const  * g ; 

LOADBITBUF; 

NEEDBITS(14,  (void)O); 

ctx->Litcodes  = 257  + ((unsigned)b  & 0 x 1 f ) ; 
DUMPBITS(5); 

ctx->di stcodes  = 1 + ((unsigned)b  & 0 x 1 f ) ; 
DUMPBITSC5); 

c t x-> b i t L e n g t h s = 4 + ((unsigned)b  & Oxf); 
DUMPBITSC4); 


SAVEBITBUF; 


U i f n d e f 


U e nd i f 


> 


PKZ I P_BUG_WORKA ROUND 

if  ( c t x -> L i t c od e s > 286  ||  ctx->di stcodes  > 30) 

return  I N F E R R_B A D I N P UT ; /*  Bad  Lengths  */ 

ctx->state  = S T A T E_D  Y N_B ITS; 
return  0 ; 


/*  Load  up  the  ctx->bitLen  array  with  the  bit  Lengths  for  the  encoded 
* trees.  Unpermute  them  according  to  the  borderC]  array. 

*/ 

static  i n t 

i n f Dy n B i t s ( s t r u c t I n f L a t e C o n t e x t *ctx) 

{ 

u L g b ; 
unsigned  k; 
i n t s ; 

unsigned  char  const  *g; 
struct  huft  * t ; 
i n t i , L i m ; 


LOADBITBUF; 
i = ctx->substate; 

Lim  = c t x-> b i t L e ng t h s ; 

whiLe  (i  < Lim)  { 

NEEDBITSC3,  c t x - > s u b s t a t e = i ) 

ctx->bitLenCborderCi+  + OIl  = (unsigned)b  8 7; 
DUMPBITS (3)  ; 

> 
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SAVEBITBUF; 
white  ( i < 19) 

ctx->bitlenCborderLi++]]  = 0; 
k = 7;  / * Bits  in  tree  table  * / 

i = huf t_bui Ld(ctx->bi t ten,  19,  19,  NULL,  NULL,  St,  Sk)- 
i f ( i ) { ' 

if  ( i ==  1 ) 

huft_free(t);  / * Incomplete  code  set  * / 
return  i ==  3 ? INFER  R_N  0 M E M : I N F E R R_B A D I N PUT ; 

ctx->tree1  = t ; 
ctx->bits1  = k ; 

ctx->state  = S T A T E_D  Y N_T  REE; 
ctx->substate  = 0; 

return  0; 

> 

/*  The  static  tree  (built  on  demand)  */ 
static  struct  huft  *fixed_tl  = NULL; 
static  struct  huft  *fixed_td; 
static  unsigned  fixed_bl,  fixed_bd; 

static  i n t 
infFixedTree(void) 

{ 

i n t i ; 

unsigned  char  1 C 2 8 8 □ ; 


if  ( f i x ed_t l ) 

return  0; 


/*  All  okay  */ 


/ * literal  table  */ 
for  (i  = 0;  i < 144;  i++) 
l Hill  = 8; 

for  (;  i < 256;  i++) 
l C i □ = 9 ; 

for  ( ; i < 280;  i + + ) 
l [ i II  = 7 ; 

for  (;  i < 288;  i++)  /*  make  a complete,  but  wrong  code  set 

l Hi]  = 8; 
f i xed_b 1=7; 

i = huf t_bu i Id ( l , 288,  257,  cplens,  cplext,  Sfixed  tl,  Sfixed  bl) 
if  ( i ! = 0 ) f 


★ / 


f i xed_t l = NULL; 
return  I N F E R R_N 0 M E M ; 


/*  distance  table  */ 

for  (i  = 0;  i < 30;  i + + ) /*  make  an  incomplete  code  set  */ 

l Li]  = 5; 
fixed_bd  = 5; 

i = huf t_bui ld( l,  30,  0,  cpdist,  cpdext,  Sfixed_td,  Sfixed  bd); 
if  (i  > 1)  -C 

huft_free(fixed_tl); 
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fixe  d_t  L = NULL; 
return  I N F E R R_N OM E M ; 

> 

return  0; 

> 


static  int 

i n f Dy nT r e e ( s t r u c t I n f L a t e C o n t e x t *ctx) 
t 

u L g b ; 
unsigned  k; 
int  s ; 

unsigned  char  const  * g ; 
struct  huft  * t L , * t d ; 
unsigned  b l , bd; 
unsigned  i,  j , l , m , Lim; 

LOADBITBUF; 
i = ctx->i ndex; 

L = ctx->numbits;  / * Previous  U of  bits  for  repeat  code  use  * / 

Lim  = ctx->litcodes  + ctx->distcodes; 
tl  = c t x - > t r e e 1 ; 
bl  = ctx->bits1; 
m = maskCbld; 


s w i t c h ( c t x-> s u b s t a t e ) { 
case  0 : 

i - 0; 

L = 0; 

/*FALLTHR0UGH*/ 
case  1 : 


while 


case  2 : 


case  3 : 


( i < Lim)  { 

N E E D B I T S 2 ( b L , t L C ( u n s i g n e d ) b S m].bits, 

ctx->index=i;  ctx->numbits=l;  ctx->substate=1) 
td  = tL  + ((unsigned)b  S m); 
j = td->bits; 

DUMPBITS(j); 
j = td->base; 
if  ( j < 16)  { 

ctx->bitlen[i+  + ] = L = j ; 

> else  if  (j  ==  16)  f /*  3 to  6 repeats  */ 

/*FALLTHR0UGH*/ 


> else 


NEEDBITS(2,  ctx->index=i;  ctx->numbi ts=L; 

ctx->substate=2) 
j = 3 + ((unsigned)b  & 3); 

DUMPBITS ( 2 ) ; 
if  ( i + j > Lim) 

return  I N F E R R_B A D I N PUT ; 

do  f 


ctx->bitlenCi++]  = (unsigned  char)L; 
> while  (--j); 

if  (j  ==  17)  ( /*  3 to  10  zeros  */ 

/ *FALLTHROUGH*/ 


NEEDBITS(3,  ctx->index=i;  ctx->substate=3) 
j = 3 + ((unsigned)b  & 7); 

DUMPBITSC3)  ; 
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# i f d e f 

# e L s e 

# e n d i f 


case  4 : 


> 


> 


if  ( i + j > L i m ) 

return  I N F E R R_B A D I N PU T ; 

do  { 

ctx->bitlenCi++]  = 0; 

> while  ( - - j ) ; 

l = 0; 

/*  j = = 18  — 11  to  138  zeros  */ 
assert( j ==  18); 

/ *FALLTHR0UGH*/ 

NEEDBITSC7,  ctx->index=i;  ctx->substate=4) 
j = 11  + ((unsigned)b  8 127); 

DUMPBITS(7) ; 
if  ( i + j > l i m ) 

return  I N F E R R_B A D I N PU T ; 

do  { 

ctx->bitlenCi++]  = 0; 

> while  (--j); 

l = 0; 


/*  Input  finished  */ 
SAVEBITBUF; 
huft_free(tl); 
ctx->tree1  = 0; 


/*  Now  build  the  trees  - l i t e ra  l / l eng t h , then  distance  */ 
bl  = LB  ITS; 

i = huf t_bu i l d ( c t x->b i t l en,  c t x ->  l i t c od e s , 257, 

cplens,  cplext,  & t l , & b l ) ; 

if  (i  ! = 0)  { 

if  ( i = = 1 ) 

huf  t_f  ree(tl); 

return  i ==  3 ? INFER  R_N  0 M E M : INFERR  BADINPUT; 

> 

bd  = DBITS; 

i = huf t_bui l d ( c tx->bi t l en  + c tx-> l i t codes,  c t x->d i s t c od e s , 0, 

cpdist,  cpdext,  Std,  &bd); 

PKZ I P_BUG_W0RKAR0UND 
if  ( i > 1 ) { 

if  ( i ! = 0)  { 

if  ( i ==  1 ) 

huf  t_f ree(td); 

huf  t_f  ree(tl); 

return  i ==  3 ? INFER  R_N  0 M E M : I N F E R R_BA D I N PUT ; 

ctx->tree1  = tl; 
ctx->bits1  = bl; 
ctx->tree2  = td; 
ctx->bits2  = bd; 

ctx->state  = S T A T E_I N F L A T E ; 
ctx->substate  = 0; 
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> 


return  0; 


/ * 

* This  is  the  heart  of  ZIP  inflation.  The  code  is  heavily  optimized 

* for  speed,  including  for  many  brain-damaged  compilers  that  can  only 

* optimize  one  statement  at  a time.  To  generate  better  code  from 

* such  idiot  compilers  (which  are  distressingly  common  on  platforms 

* such  as  MS-DOS),  expressions  are  made  big  and  complex,  and  intermediate 

* results  are  ssigned  to  variables  in  the  expression  where  possible 

* so  the  compiler  won't  try  to  use  a disjoint  temporary  and  have  to 


★ 

spill.  This 

makes  the  code  a l 

i 1 1 l e 

hard  to 

follow 

at  times. 

★ 

"k 

Sorry. 

k 

Also,  due 

t 0 

the  deep  nesting  ( 

it's 

all  in  one  funct 

ion,  again. 

for 

k 

speed  even 

o n 

systems  that  can' 

t ini 

i n e ) , the 

indent 

amount  is 

only 

k 

two  spaces 

and  variable  names  a 

re  v e 

r y short. 

X 

★ 

This  does 

NOT 

currently  detect 

a ref 

erence  to 

before 

the  beginning  of 

★ 

the  file. 

1 1 

just  blindly  uses 

the 

circular 

buffer. 

*/ 


static  i n t 

inf  Inf lateCstruct  I n f l a t e C o n t e x t *ctx) 
{ 


u l g b ; 
unsigned  k; 
i n t s ; 

unsigned  char 


/*  Bit  buffer  info  - bit  buffer  itself  */ 
/*  Number  of  lowOorder  bits  of  b that  are 
/*  Bytes  of  valid  input  remaining  */ 
const  *g;  /*  Input  buffer  pointer  */ 


va 


id  * / 


unsigned  char  * w ; 
unsigned  r; 


/*  Window  output  write  pointer  */ 

/*  Space  available  after  w (always  >0)  */ 


struct  huft  *tl,  *td;  /* 
unsigned  bl,  bd; 
unsigned  ml,  md; 
struct  huft  const  * t ; / * 


Tree  info  (const  except  for  EOB  processing)  */ 


Temporary  tree  pointer  */ 


unsigned  char  const 

*p; 

/ * Copy  source  pointer 

*/ 

i n t i ; 
i n t e ; 
unsigned  n; 

/* 

Copy  length  * / 

unsigned  d; 

/* 

Copy  distance  */ 

LOADBITBUF; 

/* 

Load  b,  k,  s,  g */ 

w = ctx->outptr; 
r = c t x -> s l i d e e nd- w 
assert(r); 

r 

tl  = ctx->tree1; 

/* 

L i t e r a l / l e n g t h tree  */ 

bl  = ctx->bits1; 

/ * 

Numbe  r of  bits  in 

top-level 

table 

* / 

ml  = maskCblH; 

/ * 

Mask  of  that  many 

bits  * / 

td  = ctx->tree2; 

/* 

Distance  tree  */ 

bd  = ctx->bits2; 

/* 

Number  of  bits  in 

top-level 

table 

*/ 

md  = maskCbdH; 

/* 

Mask  of  that  many 

bits  * / 

/ * 

* We  don't  always 

need 

all  of  these,  but  i 

t ' s easier 

to  always 
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* load  them  than  to  do  it  conditionally 
*/ 

t = c t x - > t ; 
n = ctx->copy len; 
d = c t x - > d i s t b a s e ; 
e = ctx->numbits; 

switch  (ctx->substate)  { 
case  0 : 

for  (;;)  i /*  do  until  end  of  block  */ 

/ * 

* This  cheap  loop  does  no  input  or  output  checking. 

* At  most  258  bytes  of  output  are  produced  per  iteration, 

* so  we  must  do  no  more  than  r/258  iterations. 

* Also,  at  most  15+5+15+13  = 48  bits  = 6 bytes  are  consumed 

* every  iteration,  so  we  can  do  no  more  than  s/6  iterations. 

* Also,  to  allow  for  starting  with  an  empty  bit  buffer  and 

* ending  with  a full  one,  subtract  4 bytes,  so  it's  (s-4)/6 

* 

* These  are  approximated  by  r/ 256-1  and  (s-2)/8,  respectively. 

* Note:  for  a file  that  compresses  to  258  bytes  per  symbol  (e.g. 

* the  same  character),  that  approximation  would  break  down  if 

* 

* r/256-1  > r/258 

* thus,  258  * r - 256  * 258  > 256*r 

* thus,  2 * r > 256  * 258 

* thus,  r > 128  * 258  = 33024  > 32768 

* 

* Of  course,  the  window  is  <=  32768,  so  it's  not  a concern. 

★ 

* For  the  input  approximation  to  break  down,  you'd  have  to  have 

★ 

* ( s-2 ) / 8 > ( s-4  ) / 6 

* thus,  6*s  - 12  > 8*s  - 32 

* thus,  20  > 2*s 

* thus,  10  > s 

* 

* But  for  s < 1 0 , both  approximations  (since  this  is  integer  math) 

* return  0,  so  it's  not  a problem.  The  r/258  limit  is  usually 

* hit  first,  so  the  crudeness  of  this  approximation  is  acceptable 

* / 

while  ( r >=  512  &&  s > = 10)  { 

/*  Compute  number  of  iterations  we  can  do,  worst-case  */ 
if  ( ( e = (s  - 2)  >>  3)  < (i  = (r  >>  8)  - 1)) 
i = e; 

/ * 

* This  is  the  cheap  loop,  which  is  performed  i times  before 

* the  available  buffer  space  is  re-evaluated.  If  you  want  to 

* understand  how  the  inflation  process  works,  this  is  the  best 

* part  of  the  code  to  read,  since  it  isn't  cluttered  up  with 

* error  checking.  First  comes  a l i t e r a l / l e n g t h code,  which 

* can  be  either  a literal  (0-255),  an  end  of  block  code  (256) 

*/ 

do  { 

GRABBITS(20)  /*  max  bits  for  l i t e r a l / l e n g t h code  */ 

t = tl  + ((unsigned)b  & ml); 
if  ((e  = t->exop)  < 0)  { 

do  { 

if  ( e ==  -128) 


a l l 
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U i f WS I Z E 

#end  i f 


return  INFER  R_B A D I N P U T ; 

DUMPBITS(t->bi ts); 
e = - e ; 

t = t->next  + ((unsigned)b  & maskCeD); 

> while  ((e  = t->exop)  < 0 ) ; 

> 

DUMPBITS(t->bi ts); 

it  (e  & 16)  { /*  then  it's  a literal  */ 

* w + + = (unsigned  char)t->base; 
continue; 

> 

if  (e  S 32)  /*  EOB  */ 

goto  EOB;  / * At  end  of  function  * / 

/*  Else  length  code  */ 

/*  get  length  of  block  to  copy  */ 
n = t->base  + ((unsigned)b  S maskCeD); 

DUMPBITS(e); 

/*  decode  distance  of  block  to  copy  */ 

GRABBITSC15); 

t = td  + ((unsigned)b  & md); 
if  ((e  = t->exop)  < 0)  { 
do  { 

if  (e  ==  -128) 

return  INFER  R_B  ADINPUT; 

DUMPBITS ( t - > b i ts); 
e = - e ; 

t = t->next  + ((unsigned)b  & maskCeH); 

> while  ( ( e = t->exop)  < 0); 

> 

DUMPBITS ( t - > b i ts) ; 

G R ABB  I TS ( ( un s i gn ed ) e ) /*  get  up  to  13  extra  bits  */ 

d = t->base  + ((unsigned)b  8 maskCe]); 

DUMPBITSC(unsigned)e); 

< 32768 

if  (d  > c t x-> s l i d e l e n ) 
return  I N F E R R_B ADINPUT; 


/ * do  the  copy  */ 

if  ( ( u n s i g n e d ) ( w - ctx->slide)  >=  d)  { 

P = w - d; 

* w + + = *p  + + ; 

*w++  = *p++; 
do  { 

★w++  — *p++/ 

> while  ( - - n ) ; 

> else  { 
n +=  2 ; 

p = w - d + ctx->slidelen; 
do  t 

n -=  (e  = (unsigned)(e  = ctx->slideend  - (p>w?p:w))  > n ? n : e); 

do  { 

*w++  = *p++; 

> while  ( - - e ) ; 

if  (p  ==  c t x-> s l i d e e nd  ) 
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p = ctx->slide; 

> while  ( n ) ; 

> 

> while  ( - - i ) ; 

r = ctx->slideend  - w; 

> /*  while  (we  can  use  the  cheap  loop)  */ 

/* 

* Okay,  we've  fallen  through  from  the  cheap  loop  to  the 

* expensive  loop.  This  one  checks  each  time  it  gets  bits 

* from  the  input  or  writes  bytes  to  the  output  that  there 

* is  enough  room.  However,  there  are  two  versions  of 

* much  of  * t h i s * , too!  The  first  uses  worst-case  figures 

* for  the  amount  of  input  data  needed,  and  obtains  one  batch  of 

* input  bits  for  several  uses. 

* The  second  carefully  avoids  asking  for  any  more  bits  than  it  really 

* needs.  When  it  gives  up  and  returns,  it  is  really  not  possible 

* to  extract  any  more  symbols  from  the  input  data. 

* / 

/*  Pessimistic  estimate  of  bits  for  literal/length:  15+5  * / 

G E TB I T S 0 R ( 2 0 , goto  g e t L i t l e n g t h 2 ) 
t = tl  + ( (unsigned)b  S ml); 
if  ( ( e = t->exop)  < 0)  { 
do  { 

if  (e  ==  -128) 

return  INFER  R_B  ADINPUT; 

DUMPBITS(t->bi ts); 
e = -e; 

t = t - > n e x t + ((unsigned)b  & maskle]); 

> while  ( ( e = t->exop)  < 0 ) ; 

> 

DUMPBITS ( t — >b i ts); 

if  (e  & 16)  { /*  then  it's  a literal  */ 

*w++  = (unsigned  char)t->base; 
if  ( — r ==  0)  f 
SAVEBITBUF; 
ctx->outptr  = w; 

ctx->substate  = 0;  / * Restart  at  top  of  loop  */ 

return  2;  /*  Output  buffer  full  * / 

> 

continue; 

> 

if  (e  8 32 ) 

break;  /*  Leave  infinite  loop  */ 
goto  gotlength; 
getlitlength2: 

/*  Method  2:  We  don't  even  have  20  bits  available  - do  it  bit-by-bit.  */ 
t = tl  + ((unsigned)b  8 ml); 

/* 

* See  if  higher-order  bits  we're  missing  actually  matter. 

* We  don't  have  to  try  to  fill  the  bit  buffer,  because  we  only  get 

* here  if  s (number  of  following  input  bytes)  is  supposed  to  be  zero. 

* / 

if  (k  < ( u n s i g n ed  ) t -> b i t s ) { 
ctx->outptr  = w; 
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ctx->substate  = 0; 

SAVEBITBUFEMPTY; 
return  1 ; 

} 

/*  Actually,  s is  set  (see  GETBITSOR  comment)  to  -1,  so  reset  it  */ 
s = 0 ; 

if  ((e  = t->exop)  < 0)  f 
do  f 

if  (e  ==  -128) 

return  I N F E R R_B A D I N PU T ; 

DUMPBITS(t->bits); 
e = - e ; 
t = t->next; 

easel: 

NEEDBITS2(e,  t H ( u n s i g n e d ) b 8 ma s k C e ] H . b i t s , 

ctx->t=t;  ctx->outptr=w;  ctx->numbits=e;  ctx->substate=1) 
t +=  (unsigned)b  & maskteD; 

> while  ((e  = t->exop)  < 0); 

> 

DUMPBITS ( t - > b i ts); 

if  (e  8 16)  { /*  then  it's  a literal  */ 

* w + + = (unsigned  char)t->base; 
if  ( — r ==  0)  ( 

/*  We  just  filled  the  output  buffer  - return  */ 

SAVEBITBUF; 
ctx->outptr  = w ; 

ctx->substate  = 0;  / * Restart  at  top  of  loop  * / 

return  2;  / * Output  buffer  full  * / 

> 

continue; 

> 

if  (e  8 32)  / * E 0 B * / 

break;  / * Leave  infinite  loop  * / 

/ *FALLTHR0UGH*/ 
case  2 : 

NEEDBITS(e,  ctx->t  = t;  c t x - > o u t p t r = w ; c t x->numb i t s = e ; c t x-> s ubs t a t e = 2 ) 
gotlength: 

/*  All  data  is  available  - compute  total  length  of  block  to  copy  */ 
n = t->base  + ((unsigned)b  8 m a s k [ e ] ) ; 

DUMPBITS((unsigned)e); 

/*  FALLTHROUGH*/ 
case  3 : 

/*  Get  distance  code  - 15  is  maximum  code  size  */ 

GETBITS0R( 1 5,  goto  g e t d i s t a n c e 2 ) 
t = td  + ((unsigned)b  8 md); 

/*  Negative  t->exop  means  there's  a subtable  of  2A-e  entries  */ 
if  ((e  = t->exop)  < 0)  t 
do  { 

if  (e  ==  -128) 

return  I N F E R R_B A D I N PU T ; /*  Invalid  code  (static  table  case)  */ 

DUMPBITS(t->bi ts); 
e = - e ; 

t = t->next  + ((unsigned)b  8 masklel); 

> while  ((e  = t->exop)  < 0 ) ; 
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getdi stance2  : 

/*  We  don't  even  have  15  bits  available  - do  it  bit-by-bit.  */ 
t = td  + ((unsigned)b  8 m d ) ; 

/* 

* See  if  higher-order  bits  we're  missing  actually  matter. 

* We  don't  have  to  try  to  fill  the  bit  buffer,  because  we  only  get 

* here  if  s (number  of  following  input  bytes)  is  supposed  to  be  zero. 

* / 

if  (k  < ( u n s i g n ed ) t -> b i t s ) { 
ctx->outptr  = w; 
ctx->copylen  = n; 
ctx->substate  = 3 ; 

SAVEBITBUFEMPTY; 
return  1 ; 

> 

/*  Actually  (see  GETBITSOR  comment)  s is  set  to  -1,  so  reset  it  */ 
s = 0 ; 

/*  Negative  t->exop  means  there's  a subtable  of  2A-e  entries  * / 
if  ((e  = t->exop)  < 0)  { 
do  f 

if  (e  ==  -128) 

return  I N F E R R_B A D I N PU T ; /*  Invalid  code  (static  table  case)  */ 

DUMPBITS(t->bi ts); 
e = -e; 
t = t->next; 

case  4 : 

NEEDBITS2(e,  tC(unsigned)b  & maskCeHII.bits,  ctx->t=t;  ctx->outptr=w; 

ctx->copylen  = n;  ctx->numbits=e;  ctx->substate=4) 
t +=  (unsigned)b  8 maskleH; 

) while  ((e  = t->exop)  < 0); 


gotdistance: 

/ * All  data  is  available  - compute  the  base  distance  * / 
DUMPBITS(t->bits); 
d = t->base; 

/*FALLTHR0UGH*/ 
case  5 : 

/*  e is  number  of  bits  extra  following  distance  code  (0..13)  */ 
NEEDBITS(e,  ctx->outpt r=w;  ctx->copylen=n;  ctx->distbase=d; 

ctx->numbi ts=e;  ctx->substate=5) 
d + = ((unsigned)b  & maskCeH); 

DUMPBITS( (unsigned)e); 

# i f WSIZE  < 32768 

if  (d  > c t x -> s l i d e l e n ) 
return  INFER  R_B  ADINPUT; 

# e n d i f 

/*  do  the  copy,  with  handling  for  wrapping  around  end  of  buffer  */ 
if  ( ( uns i gned  ) ( w - ctx->slide)  >=  d 88  w + n < c tx->s  l i deend  - 2)  { 
/*  Simple  case  - neither  source  nor  dest  cross  end  of  buffer  */ 

P = w - d ; 
r - = n + 2 ; 

*w++  = *p++; 

★w++  = *p++/ 
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do  { 

* w + + = * p + + ; 

> while  ( - - n ) ; 

> else  { 

n +=  2;  /*  # of  bytes  to  copy  */ 

p = ctx->slide  + ((w  - ctx->slide  - d)  & ctx->slidemask);  / * src  * / 
do  T 

/*  Set  e to  number  of  bytes  we  can  copy  at  once  */ 

n -=  (e  = (unsigned)Ce  = ctx->slideend  - (p>w?p:w))  > n ? n : e ) ; 
r - = e ; 
do  -C 

* w + + — * p + + ^ 

> while  ( - - e ) ; 

if  (r  ==  0)  f /*  Did  we  just  write  everything  we  could?  */ 
SAVEBITBUF; 
ctx->outptr  = w; 
ctx->copylen  = n; 

ctx->di stbase  = d;  / * Save  copy  distance  to  recompute  p * / 
ctx->substate  = 6; 

return  2;  / * Need  more  output  space  * / 

case  6 : 

p = ctx->slide  + ((w  - ctx->slide  - d)  & ctx->slidemask); 

} 

if  (p  ==  c t x-> s l i d e e n d ) 
p = ctx->slide; 

> while  ( n ) ; 

> 

> / * f o r ( ; ; ) */ 

> /*  s w i t c h ( c t x-> s u b c a s e ) */ 

EOB  : 

/*  End  of  Block  * / 
ctx->outptr  = w; 

SAVEBITBUF  ; 

ctx->state  = STATE_START; 
c t x - > s u b s t a t e = 0; 

if  (tl  &&  tl  !=  fixed_tl) 
h u f t_f  ree(tl); 
if  (td  &&  td  !=  fixed_td) 
h u f t_f  ree(td); 
ctx->tree1  = 0; 
ctx->tree2  = 0; 

return  0; 

} 


/ * 

* Start  state  - read  3 bits,  which  are  last  block  flag  (set  to  1 on 

* last  block),  and  2 bits  of  block  type. 

*/ 

static  i n t 

i n f S t a r t ( s t r u c t I n f l a t e C o n t e x t *ctx) 

{ 

u l g b ; 
unsigned  k; 
i n t s ; 

unsigned  char  const  *g; 
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int  retval  = 0; 

if  (ctx->Lastblock)  { 

ctx->state  = S T A T E_D  0 N E ; 
return  0; 

> 


LOADBITBUF; 

NEEDBITSC3,  (void)0); 

ctx->lastblock  = (int)(b  & 1); 
DUMPBITS(I); 


s w i t c h ( b 
case  0 : 


case  1 


case  2 


case  3 


& 3)  { 

/ * Stored  * / 
ctx->state  = 
break; 

/*  Static  - build  fi xed 
retval  = infFixedTreeC) 


S T A T E_S  TOREDLEN; 


trees  and  start  decoding  * / 


ctx->tree1 
ctx->bi tsl 
ctx->tree2 
ctx->bi ts2 
ctx->state 
break; 

/*  Dynamic 
ctx->state 
break; 

/ * Illegal 
retval  = 
break; 


fixe  d_t l ; 
f i x ed_b l ; 
f i xed_td; 
f i x ed_bd ; 

S T A T E_I N F L A T E ; 


* / 

= STATE. 
*/ 


DYN  HDR 


INFER  R_B  ADINPUT; 


DUMPBITSC2); 

SAVEBITBUF; 

ctx->substate  = 0; 
return  retval; 

} 

/* 

* Get  a pointer  to  available  data  in  the  output  buffer 

* / 

unsigned  char  const  * 

infGetByteslstruct  InflateContext  *ctx,  unsigned  *len) 

{ 

*len  = ctx->outptr  - c t x-> r e a dp t r ; 
return  *len  ? ctx->readptr  : 0; 

> 

/* 

* Mark  data  in  the  output  buffer  as  already  read.  We  don't  start 

* accepting  new  data  until  the  entire  output  buffer  has  been  read, 

* at  which  point  the  outptr  is  set  back  to  the  beginning  of  the 

* buffer. 

*/ 

void 

i n f S k i pBy t e s ( s t ru c t InflateContext  *ctx,  unsigned  len) 

{ 
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asserttlen  <=  (unsigned)(ctx->outptr  - ctx->readptr)  ); 
ctx->readptr  +=  len; 

/*  If  at  end  of  buffer,  recirculate  */ 
if  (ctx->readptr  = = ctx->slideend)  C 

assert(ctx->outptr  ==  ctx->slideend); 
ctx->readptr  = ctx->outptr  = ctx->slide; 

> 

> 


/* 

* Returns  number  of  bytes  written. 

* *error  < 0 on  error,  ==  0 if  no  error  (done  with  input  or  output 
*/ 


s i z e_t 

infWriteCstruct  I n f l a t e C o n t e x t 
int  *error) 


i 


int  i ; 


* c t x , 


unsigned 


char  const  *buf,  size 


full) 

t len. 


if  (ctx->outptr  ==  c t x -> s l i d e e nd ) C 

★error  = (ctx->state  ==  STATE_STOP)  ? 0 : c t x - > s u b s t a t e ; 
return  0;  / * Out  of  output  space!  * / 

> 

ctx->inptr  = buf; 

/*  Decompression  code  can't  handle  more  than  INT_MAX  bytes  at  a time  */ 
ctx->inlen  = len  > I N T_M  A X ? I N T_M  A X : (int)len; 


do  l 

s w i t c h ( c t x-> s t a t e ) C 

case  S T A T E_S  TART: 

i = infStart(ctx); 
break; 

case  STATE_STOREDLEN : 

i = infStoredLen(ctx); 
break; 

case  S T A T E_S  T 0 R E D : 

i = infStored(ctx); 
break; 

case  S T A T E_D  Y N_H  D R : 

i = infDynHdr(ctx); 
break; 

case  STATE_DY  N_B ITS: 

i = infDynBits(ctx); 
break; 

case  STATE_DYN_TREE : 

i = infDynTree(ctx); 
break; 

case  S T A T E_I N F L A T E : 

i = inflnflate(ctx); 
break; 

case  S T A T E_D  0 N E : 

if  (ctx->inlen  ||  ctx->bufbits  > 7) 
i = INFER  R_L  0 N G ; 


# i f STRICT 


else  if 


( c t x-> b i t b u f f e r 8 ma s k C c t x- > bu f b i t s ] ) 
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U e nd  i f 


i - I N F E R R_B A D I N P U T ; /*  Unused  bits  !=  0 ★ / 


else 

i = 2 ; / * Read  output,  please  ★ / 

break; 

case  S T A T E_S  TOP : 

i = ctx->substate; 
break; 
default: 

^ assert ( i =0);  / * To  shut  up  compiler  warnings  * / 

> while  (i  ==  0); 


i f ( i < 0)  { 


> else 

> 


ctx->state  = STATE_ST0P; 
ctx->substate  = i ; 

★error  = i ; 

★error  = 0 ; 


assert((size_t)(ctx->inptr  - buf)  ==  len  - ctx->inlen); 
return  ( s i z e_t ) ( c t x-> i npt r - buf);  /*  Bytes  read  */ 


/* 

* Signal  EOF,  detecting  truncated  messages. 

* If  another  error  has  been  reported,  this  just  repeats  it. 

*/ 

/*  New  version,  hopefully  useful.  */ 
i nt 

i n f E 0 F ( s t r u c t I n f l a t e C o n t e x t *ctx) 

{ 

/*  If  processing  is  halted,  just  return  the  last  error  (if  any)  ★/ 
if  (ctx->state  ==  STATE_ST0P) 
return  ctx->substate; 

/*  If  expecting  still  more  input,  we're  short  */ 
if  ( c t x->  s t a t e !=  S T A T E_D  0 N E ) 
return  I N F E R R_S H 0 R T ; 


> 


/*  Otherwise,  all  is  well.  */ 
return  0; 


struct  Inf  lateContext  * 
infAlloc(void) 

{ 

struct  InflateContext  *ctx; 
unsigned  char  *slide; 

slide  = (unsigned  char  *)pgpMemAlloc(WSIZE); 
if  ( ! s l i d e ) 

return  0; 

ctx  = (struct  InflateContext  *)pgpMemAlloc(sizeof(*ctx)); 
if  ( ! c t x ) C 

pgpMemFree(slide); 
return  0; 

} 
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ctx->slide  = slide; 
ctx->slideend  = slide+WSIZE; 
ctx->slidelen  = WSIZE; 
ctx->s l i demask  = WSIZE-1; 

ctx->outptr  = slide; 
ctx->readptr  = slide; 

ctx->state  = STATE_START; 
ctx->substate  = 0; 
ctx->i nlen  = 0; 
ctx->bitbuffer  = 0 ; 
ctx->bufbits  = 0 ; 
ctx->lastblock  = 0; 

ctx->tree1  = 0 ; 
ctx->tree2  = 0; 

return  ctx; 

> 


void 

inf Free(struct  I n f l a t e C o n t e x t *ctx) 

{ 

if  (ctx->tree1  S&  ctx->tree1  ! 

huf t_f ree(ctx->tree1 ) ; 
if  (ctx->tree2  &&  ctx->tree2  ! 

huf t_f ree(ctx->tree2); 


i f 

# i f SECURE 
U e n d i f 


( c t x->  s l i d e ) C 

m e m s e t ( c t x -> s l i d e , 0 , 


pgpMemFree(ctx->slide) 


> 

# i f SECURE 

memsetlctx,  0,  sizeof(*ctx)); 

# e nd  i f 


> 


pgpMemFree(ctx); 


= f i x ed_t l ) 

= f i xed_td ) 

ctx->slidelen); 
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zinflate.h 


/* 

* zinflate.h  - inflate  a zip-compressed  stream  of  bytes. 

★ 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP 

* You  should  not  be  using  these  functions  in  an  application. 

* 

* $Id:  zinflate.h, v 1.4  1996/11/12  02:17:29  mhw  Exp  $ 

* / 


Library. 


//include  <stddef.h>  / * For  size  t */ 

/*  Private  context  structure  */ 
struct  InflateContext; 


struct  InflateContext  *infAlloc(void); 
void  inf Free(struct  InflateContext  *ctx); 


/*  Write  bytes.  Returns  bytes  written.  error  < 0 if  trouble  * / 
s^ze— t infWriteCstruct  InflateContext  *ctx,  unsigned  char  const  *buf, 
si ze_t  len,  int  *err or); 

/*  Get  pointer  S len  of  available  output  bytes  */ 

unsigned  char  const  * i n f G e t B y t e s ( s t r u c t InflateContext  *ctx,  unsigned  *len); 
/*  Tell  InflateContext  that  you've  read  "len"  of  available  bytes  */ 
void  infSkipByteslstruct  InflateContext  *ctx,  unsigned  len); 

/*  Returns  0 for  okay,  or  <0  for  error  */ 
int  infEOFCstruct  InflateContext  *ctx); 


/*  Error  codes  returned.  */ 


//define  INFER  R_N  ONE  0 

//define  INFER  R_N  0 M E M -1 
#define  I N F E R R_B A D I N PU T -2 
//define  INFER  R_S  H 0 R T -3 
//define  INFER  R_L 0 N G -4 


/* 

Unable 

to  allocate  as 

needed  */ 

/* 

Corrupt 

input  * / 

/* 

U n e x p e c 

ted  EOF  */ 

/ * 

Padding 

after  expected 

EOF  */ 

567 


■ 


■ 


■ 


568 


. 

.cvsignore 

Makefile  DONE 


lib/ pgp/hash/.  cvsignore 


lib/ pgp/hash/Makefile.in 

Makefile.in 

# 

ft  tib/hash 
ft 

ft  $ I d : Makef  i Le  . i n,v  1.1  1 1 996/1  1 /1  2 02:1  7:30  mhw  Exp  $ 

U 

0BJS=  hash.o  md5.o  sha.o 
PUBHDRS=  hash.h 
PRI VHDRS= 

all::  DONE 


570 


lib/ pgp/hash/ makefile. msc 


makefile.msc 

P G P L I B=  . .\.  .\pgplib.  Lib 

C FLAGS  = -I  . . \ \ \ i nc Lude  - 1 . . \ \ i n c L ud e \ 

- I . . \ \ . -DHAVE_C0NFIG_H=1  $(DEBUG) 

all::  Lib 

headers : i nc  L 


! include  "makefile. in 


i n c L : 

if  not 

"$ ( PUBHDRS  ) "=="  " \ 

for  % f in  ( $(PUBHDRS) 

if  not 

"$ ( PR IVHDRS  ) " = = " " \ 

for  %f  in  ( $(PRIVHDRS) 

DOSOBJ  SX  = 

$(0BJS:  . o = . o b j ) 

D0S0BJS= 

$(D0S0BJSX:unix=win32) 

Lib:  $(DOSOBJS) 


do  copy  %f  ..\..\..\include\pgp 
) do  copy  %f  . .\..\include 


. c . o b j : 

$(CC)  $(CFLAGS)  -Z7  -c  $< 

# Lib  /out : $(PGPLIB)  $(PGPLIB)  $*.obj 

c L e a n : 

d e L * . o b j 

DONE  : 

if  exist  $(PGPLIB)  L i b / o u t : $ ( PG P L I B ) $(PGPLIB)  $(D0S0BJS) 
if  not  exist  $(PGPLIB)  L i b / o u t : $ ( P G P L I B ) $(D0S0BJS) 
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hash.c 

/ * 

* $ I d : hash  . c,v  1.28  1 996/1  1 /1  2 02:1  7:30  mhw  Exp  $ 

* / 


# i f d e f HAVE  CONFIG  H 


^include 
# e n d i f 

" c o n f i g . h " 

U i n c l ud  e 

<assert  . h> 

# i n c l ud e 

<stddef  . h> 

U i n c l ud  e 

<string.h> 

U include 

" h a s h . h " 

U i nc  l ude 

" md  5 . h " 

//include 

" s h a . h " 

//include 

"pgp/pgpmem.  h" 

//include 

"pgp/pgperr  . h" 

//include 

"pgp/usuals.h" 

static  struct  PgpHashContext 

dohashlnit  (struct  PgpHash  const  * h , struct  Pg p H a s h C on t e x t *hc) 
{ 

hc->priv  = pgpMemAlloc  ( h -> c on t e x t_s i z e ) ; 
if  (hc->priv)  t 

hc->hash  = h; 
h - > i n i t (hc->priv); 
return  he; 

> 

return  NULL; 

> 


/*  Generic  Hash  creation  code  */ 
struct  Pg p H a s h C on t e x t * 

pg pH  a s h C r e a t e (struct  PgpHash  const  *h) 
C 

struct  PgpHashContext  * h c ; 


he  = (struct  PgpHashContext  *)pgpMemAlloc  (sizeof  ( * h c ) ) ; 
if  ( ! he  ) 

return  NULL; 

if  (Idohashlnit  (h,  he))  C 
pgpMemFree  (he); 
return  NULL; 

> 


return  he; 

> 

static  void 

hashWipe  (struct  PgpHashContext  *hc) 

{ 

if  (he  &&  hc->priv)  { 

memset  (hc->priv,  0,  h c -> h a s h -> c on t e x t_s i z e ) ; 
pgpMemFree(hc->priv); 

> 

> 
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void 

pgpHashDest roy  (struct  Pg p H a s h C o n t e x t *hc) 
{ 

if  ( ! h c ) 

return; 

hashWipe  (he); 

memset  (he,  0,  sizeof  ( * h c ) ) ; 
pgpMemFree  (he); 

> 


struct  PgpHashContext  * 

pg p H a s h C l o n e ( s t r u c t PgpHashContext  const  *hc) 

{ 

struct  PgpHashContext  * d e s t ; 

dest  = pgpHashCreate  (hc->hash); 
if  (dest) 

memepy  (dest->priv,  hc->priv,  h c -> h a s h -> c on t e x t_s i z e ) ; 
return  dest; 

> 

void 

pgpHashCopy(struct  PgpHashContext  *dest,  struct  PgpHashContext  const  *src) 
assert (dest->hash  ==  src->hash); 

memepy  (dest->priv,  src->priv,  s r c - > h a s h -> c o n t e x t_s i z e ) ; 


/*  Access  to  all  known  hashes  */ 

static  struct  PgpHash  const  * const  hashListE]  = { 
NULL, 

&HashMD5, 

&HashSHA 

>; 

struct  PgpHash  const  * 
pgpHashByNumber  (byte  type) 

T 

if  (type  < sizeof(hashList)/sizeof(*hashList)) 
return  hashListEtypeD; 
return  NULL; 

> 


/* 

* Given  a hash  name,  return  the  corresponding  hash. 

* / 

struct  PgpHash  const  * 

pgpHashByName  (char  const  *name,  size_t  namelen) 

{ 

unsigned  i; 

struct  PgpHash  const  *hash; 


for  ( i 


> 


= 0;  i < sizeof(hashList)/sizeof(hashListCO]);  i++)  { 
hash  = hashListCi]; 

if  (hash  SS  ! mememp  (name,  hash->name,  namelen)  && 
h a s h -> n a me C n a me  l e n 3 ==  ' \ 0 ' ) 

return  hash;  /*  That's  it.  */ 
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> 


return  NULL; 


/ * Not  found  * / 


/* 

★ 

Given  a 

list  of 

hash  identi 

tiers. 

create 

a list 

o f 

hash  contexts. 

* 

Ignores 

unknown 

algorithms. 

Returns  the 

number 

o f 

PgpHashContexts 

★ 

created 

and  stored  in  the  " 

hashes" 

buffer 

, or  an 

E 

rror  (and  none  created) 

★ 

*/ 
i n t 

on  error 

pgpHashLi  stCreate 


(byte  const  * bu  f , 
unsigned  ten) 


struct  Pg p H a s h C o n t e x t **hashes. 


i n t i ; 

struct  PgpHash  const  * h a s h ; 
struct  PgpHashContext  *hashlist; 


if  (!  hashes) 

return  PG P E R R_B A D P A R AM ; 
★hashes  = NULL; 


if  (lien) 

return  0; 

hashlist  = (struct  PgpHashContext  *)pgpMemAlloc(len*sizeof(*hashlist)); 
memset  (hashlist,  0,  len  ★ sizeof  (*hashlist)); 

i = 0; 

while  (len--)  f 

hash  = pgpHashESyNumber  (*buf++); 
if  (hash)  { 

if  (Sdohashlnit  (hash,  hashlist+i))  { 
while  ( i -- ) 

hashWipe  (hashlist+i); 
pgpMemFree  (hashlist); 
return  PG P E R R_N 0M E M ; 

> 

i + + ; 

> 

> 


★hashes  = hashlist; 
return  i ; 


void 

pg p H a s h L i s t D e s t r oy  (struct  PgpHashContext  *hashes,  unsigned  len) 
{ 

while  (l  en— ) 

hashWipe  (hashes+len); 
pgpMemFree  (hashes); 

} 


struct  PgpHashContext  * 
pg pH  a s h L i s t F i nd  (struct 

struct 


{ 


PgpHashContext  *hashes, 
PgpHash  const  *h) 


while  (len--)  { 

if  ( h a s h e s -> h a s h ==  h) 


unsigned 


len. 
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return  hashes; 
hashes++; 

^ return  NULL; 


' 

■ 


lib/ pgp/hash/hash.h 


hash.h 


/* 

★ 

hash. 

★ 

★ 

This 

★ 

★ 

$ I d : 

*/ 

//ifndef 

//define 

# i n c L ude 
//include 


h --  An  abstraction  to  various  hash  types 
is  a Public  API  Function  Header, 
h a s h . h , v 1.26  1 996/1  1 /1  2 02:1  7:30  mhw  Exp  $ 

P G P_H  A S H_H 
P G P_H  A S H_H 

<stddef.h> 

"pgp/usuals.h" 


/*  A static  description  of  a hash  */ 
struct  PgpHash  C 

char  const  *name; 
byte  type; 

byte  const  *DERprefix;  /*  DER-encoded  prefix  */ 
unsigned  D E R p r e f i x s i z e ; /*  DER-encoded  prefix  length  */ 

unsigned  hashsize;  / * Bytes  of  output  * / 

unsigned  c on t e x t_s i z e ; 
unsigned  c o n t e x t_a l i g n ; 
void  (*init)  (void  *pri v) ; 

void  (*update)  (void  *priv,  byte  const  *buf,  si ze_t  len); 
byte  const  * (*final)  (void  *priv); 


>; 

//ifndef  T Y P E_P  G P H A S H 
//define  T Y P E_P  G P H A S H 1 
typedef  struct  PgpHash  PgpHash; 
ft  e nd  i f 


/*  A way  to  keep  the  two  together  */ 
struct  Pg p H a s h C o n t e x t { 

struct  PgpHash  const  * h a s h ; 
void  * p r i v ; 

>; 

//ifndef  T Y P E_PG  P H A S H C 0 NT  E X T 
//define  T Y P E_PG  P H A S H C 0 N T E X T 1 

typedef  struct  P g p H a s h C o n t e x t P g p H a s h C o n t e x t ; 
//end  i f 


/*  Macros  to  invoke  on  a struct  HashContext  */ 

//define  pg  pH  a s h I n i t ( h c ) ( h c ) ->  h a s h - > i n i t ( ( h c ) ->  p r i v ) 

//define  pgpHa  s h Upda  t e ( h c , buf,  len)  ( h c ) ->  h a s h->  u pda  t e ( ( h c ) ->  p r i v , buf, 
//define  pg  p H a s h F i n a l ( h c ) ( h c ) ->  h a s h ->  f i n a l ( ( h c ) ->  p r i v ) 


/*  Allocate,  deallocate,  and  copy  a hash  context  */ 

struct  PgpHashContext  *pgpHashCreate  (struct  PgpHash  const  * h ) ; 

void  pgpHashDestroy  (struct  PgpHashContext  * h c ) ; 

struct  PgpHashContext  *pgpHashClone  (struct  PgpHashContext  const  * h c ) ; 
void  pgpHashCopy  (struct  PgpHashContext  *dest, 

struct  PgpHashContext  const  *src); 

/*  Return  a hash  struction  of  the  appropriate  number  */ 
struct  PgpHash  const  *pgpHashByNumber  (byte  type); 

struct  PgpHash  const  *pgpHashByName  (char  const  *name,  size_t  name  len); 


len) 
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/*  Create  and  Destroy  a big  bunch  of  hashes  at  once.  */ 

int  pgpHashLi  stCreate  (byte  const  *buf,  struct  Pg pH  a s h C o n t e x t **hashes, 

unsigned  len); 

void  pgpHashListDestroy  (struct  PgpHashContext  *hashes,  unsigned  len); 
/*  Find  the  context  of  a given  type  in  the  list  */ 

struct  PgpHashContext  * pg p H a s h L i s t F i n d (struct  PgpHashContext  *hashes, 

unsigned  len, 

struct  PgpHash  const  * h ) ; 

/ * Hash  prefixes  and  lengths  for  argument  lists  (preprocessor  evil)  */ 
#d  e f i n e PGP_HASH_MD5  1 
# d e f i n e PGP_HASH_SHA  2 

#endif  /*  PGP_HASH  H */ 
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md5. 


/* 

* 

★ 

★ 

★ 

★ 

* 

★ 

* 

k 

k 

k 

k 

k 

k 

k 

k 


This  code  implements  the  MD5  message-digest  algorithm. 

The  algorithm  is  due  to  Ron  Rivest.  This  code  was 
written  by  Colin  Plumb  in  1993,  no  copyright  is  claimed. 

This  code  is  in  the  public  domain;  do  with  it  what  you  wish. 

Equivalent  code  is  available  from  RSA  Data  Security,  Inc. 

This  code  has  been  tested  against  that,  and  is  equivalent, 
except  that  you  don't  need  to  include  two  pages  of  legalese 
with  every  copy. 

To  compute  the  message  digest  of  a chunk  of  bytes,  declare  an 
MD5Context  structure,  pass  it  to  MD5Init,  call  MD5Update  as 


needed  on  buffers  full  of  bytes,  and  then  call  MD5Final, 
will  fill  a supplied  16-byte  array  with  the  digest. 

$ I d : md  5 . c , v 1.1  2.2.1  1 996/1  1 /1  4 04:09:26  cbertsch  Exp  $ 


which 


*/ 

# i f d e f H A V E_C  0 N F I G_H 

# i n c l ud e 

" c o n f i g . h " 

# e n d i f 

^include 

<string.h> 

#include 

" h a s h . h " 

^include 

" md  5 . h" 

//include 

"pgp/usuals . h" 

//define 

M D 5_B  LOCKBYTES 

64 

//define 

MD5_BL0CKW0RDS 

1 6 

//define 

M D 5_H  ASHBYTES 

1 6 

# d e f i n e 

M D 5_H  ASHWORDS 

4 

struct  MD5Context  E 

/ * for  memcpyO  * / 


w o r d 3 2 k e y E M D 5_B  L0CKW0RDS] ; 
w o r d 3 2 i v E M D 5_H  ASHWORDS]; 


U i f HAVE64 

word64  bytes; 

//else 


word32  bytesLo,  bytesHi; 


//  e nd  i f 

>; 


/ * 

* Shuffle  the  bytes  into  little-endian  order  within  words,  as  per  the 

* MD5  spec. 

* / 

static  void 

M D 5 By t e S w a p ( w o r d 3 2 *dest,  byte  const  *src,  unsigned  words) 
f 

do  { 

*dest  + + = ( w o r d 3 2 ) ( ( u n s i g n e d ) s r c E 3 ] <<  8 | srcE2D)  <<  16 

( ( u n s i g n ed ) s r c E 1 ] <<  8 | srcEOO); 

s r c + = 4 ; 

) while  (--words); 

> 
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/* 

* Start  MD5  accumulation.  Set  bit  count  to  0 and  buffer  to  mysterious 

* initialization  constants. 

* / 

static  void 
MD5lnit(void  * p r i v ) 

{ 

struct  MD5Context  * c t x = (struct  MD5Context  *)priv; 


ctx->i vH03  = 
c t x-> i v C 1 3 = 
c t x-> i v H 2 3 = 
c t x-> i v C 3 3 = 


//if  HAVE64 

ctx->bytes  = 

//else 


ctx->bytesHi 

# e nd  i f 

> 


0x67452301 ; 
0xefcdab89; 
0x98badcfe; 
0x10325476; 


0; 


- ctx->bytesLo 


0; 


/*  The  four  core  functions  - FI  is  optimized  somewhat  */ 


/ * //define  F 1 ( x , 
#def i ne  FI (x,  y, 
//define  F 2 ( x , y , 
//define  F3 ( x , y, 
//define  F4  ( x , y. 


V , z ) ( x 8 y | ~ x & z ) * / 
z ) (z  A (x  8 (y  A z ) ) ) 
z)  F 1 ( z , x,  y) 
z ) ( x A y A z ) 

z)  (y  A (x  | ~z ) ) 


/*  This  is  the  central  step  in  the  M D 5 algorithm.  */ 
//define  M D 5 S T E P ( f , w , x , y , z , i n , s ) \ 

(w  +=  f(x,y,z)  + in,  w = (w<<s  | w»(32-s))  + x) 


/* 

* The  core  of  the  M D 5 algorithm,  this  alters  an  existing  M D 5 hash  to 

* reflect  the  addition  of  16  longwords  of  new  data.  MD5Update  blocks 

* the  data  and  converts  bytes  into  longwords  for  this  routine. 

* 

* NOTE  This  is  not  declared  as  static  because  randpool.c  references  it 

* (Sorry  for  that  modularity  violation.) 

*/ 

void  MD5Transform(word32  *block,  word32  const  *key); 
void 

MD5Transform(word32  *block,  word32  const  *key) 

{ 

register  word32  a,  b,  c,  d; 

a = blockCO]; 
b = blockCld; 
c = blockC23; 
d = blockC33; 

MD5STEP(F1,  a,  b,  c,  d,  key[03  + 0xd76aa478,  7); 

MD5STEP(F1,  d,  a,  b,  c,  keyCID  + 0xe8c7b756,  12); 

MD5STEP(F1,  c,  d,  a,  b,  keyC2]  + 0x242070db,  17); 

MD5STEP(F1,  b,  c,  d,  a,  keyC3]  + Oxclbdceee,  22); 

MD5STEP(F1,  a,  b,  c,  d,  keyC43  + 0xf57c0faf,  7); 

MD5STEP(F1,  d,  a,  b,  c,  keyC53  + 0x4787c62a,  12); 
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MD5STEPCF1,  c , d , a , b , k e y C 6 d + 0xa8304613,  17); 
MD5STEPCF1,  b , c , d,  a,  k e y [ 7 d + 0xfd469501,  2 2); 

MD5STEPCF1,  a,  b , c , d , k e y II  8 d + 0x698098d8,  7 ) ; 

MD5STEPCF1,  d , a,  b , c , k e y [ 9 d + 0x8b44f7af,  12); 
MD5STEPCF1,  c , d , a,  b , k e y C 1 0 d + Oxffff5bb1,  17); 

MD5STEPCF1,  b , c , d , a,  k e y H 1 1 d + 0x895cd7be,  22); 

MD5STEPCF1,  a,  b,  c,  d,  k e y C 1 2D  + 0x6b901122,  7); 

MD5STEP(F1,  d,  a,  b,  c,  keyC13d  + 0xfd987193,  12); 

MD5STEPCF1,  c,  d,  a,  b,  keyC14d  + 0xa679438e,  17); 

MD5STEPCF1,  b , c , d,  a,  k e y [ 1 5 d + 0x49b40821,  22); 

MD5STEPCF2,  a,  b,  c,  d,  keyMd  + 0xf61e2562,  5); 

MD5STEPCF2,  d , a,  b , c , k e y [ 6 d + 0xc040b340,  9); 

MD5STEPCF2,  c,  d , a,  b , k e y C 1 1 d + Ox265e5a51,  14); 

MD5STEPCF2,  b,  c,  d,  a,  keyCOd  + 0xe9b6c7aa,  20); 

MD5STEPCF2,  a,  b,  c,  d , keyH5d  + 0xd62f105d,  5 ) ; 

MD5STEPCF2,  d,  a,  b , c , keyMOd  + 0x02441453,  9); 

MD5STEPCF2,  c,  d,  a,  b,  k e y C 1 5 d + 0xd8a1e681,  14); 

MD5STEP(F2,  b,  c,  d,  a,  k e y L 4 d + 0xe7d3fbc8,  20); 

MD5STEPCF2,  a,  b,  c,  d,  keyC9d  + 0x21e1cde6,  5); 

MD5STEPCF2,  d,  a,  b,  c,  k e y C 1 4 d + 0xc33707d6,  9); 

MD5STEPCF2,  c,  d,  a,  b,  k e y L 3 d + 0xf4d50d87,  14); 

MD5STEPCF2,  b,  c,  d,  a,  keyE8d  + Ox455a14ed,  20); 

MD5STEPCF2,  a,  b,  c,  d,  key  Cl  3d  + 0xa9e3e905,  5); 

MD5STEPCF2,  d,  a,  b,  c,  k e y C 2 d + 0xfcefa3f8,  9); 

MD5STEPCF2,  c,  d,  a,  b,  k e y C 7 d + 0x676f02d9,  14); 

MD5STEPCF2,  b,  c,  d,  a,  keyC12d  + 0x8d2a4c8a,  20); 

MD5STEPCF3,  a,  b,  c,  d,  k e y C 5 d + 0xfffa3942,  4); 

MD5STEPCF3,  d,  a,  b,  c,  k e y C 8 d + 0x8771f681,  11); 

MD5STEPCF3,  c,  d,  a,  b,  keyClld  + 0x6d9d6122,  16); 

MD5STEPCF3,  b,  c,  d,  a,  keyC14d  + 0xfde5380c,  23); 

MD5STEPCF3,  a,  b,  c,  d,  keyCId  + 0xa4beea44,  4); 

MD5STEP(F3,  d,  a,  b,  c,  keyC4d  + 0x4bdecfa9,  11); 

MD5STEPCF3,  c,  d,  a,  b,  keyC7d  + 0xf6bb4b60,  16); 

MD5STEPCF3,  b,  c,  d,  a,  keyCIOd  + 0xbebfbc70,  23); 

MD5STEPCF3,  a,  b,  c,  d,  k e y C 1 3 d + 0x289b7ec6,  4); 

MD5STEPCF3,  d,  a,  b,  c,  keyCOd  + 0xeaa127fa,  11); 
MD5STEPCF3,  c,  d,  a,  b,  k e y C 3 d + 0xd4ef3085,  1 6); 

MD5STEPCF3,  b,  c,  d,  a,  keyC6d  + 0x04881d05,  23); 

MD5STEP(F3,  a,  b,  c,  d,  k e y C 9 d + 0xd9d4d039,  4); 

MD5STEPCF3,  d,  a,  b,  c,  k e y C 1 2d  + 0xe6db99e5,  11); 

MD5STEPCF3,  c,  d,  a,  b,  keyC15d  + 0x1fa27cf8,  16); 

MD5STEPCF3,  b,  c,  d,  a,  k e y C 2 d + Oxc4ac5665,  23); 

MD5STEPCF4,  a,  b,  c,  d,  keyCOd  + 0xf4292244,  6); 

MD5STEPCF4,  d,  a,  b,  c,  k e y C 7 d + 0x432aff97,  10); 

MD5STEPCF4,  c,  d,  a,  b,  k e y C 1 4 d + 0xab9423a7,  15); 

MD5STEPCF4,  b,  c,  d,  a,  k e y C 5 d + 0xfc93a039,  21); 

MD5STEPCF4,  a,  b,  c,  d,  k e y C 1 2 d + Ox655b59c3,  6); 

MD5STEPCF4,  d,  a,  b,  c,  keyC3d  + 0x8f0ccc92,  10); 

MD5STEP(F4,  c,  d,  a,  b,  keyCIOd  + 0xffeff47d,  15); 

MD5STEPCF4,  b,  c,  d,  a,  keyCId  + Ox85845dd1,  21); 

MD5STEPCF4,  a,  b,  c,  d,  k e y C 8 d + 0x6fa87e4f,  6); 

MD5STEP(F4,  d,  a,  b,  c,  k e y C 1 5 d + 0xfe2ce6e0,  10); 
MD5STEPCF4,  c,  d,  a,  b,  keyC6d  + 0xa3014314,  15); 
MD5STEPCF4,  b,  c,  d,  a,  key[13d  + 0x4e0811a1,  21); 
MD5STEPCF4,  a,  b,  c,  d,  key[4d  + 0xf7537e82,  6); 
MD5STEPCF4,  d,  a,  b,  c,  keyClld  + 0xbd3af235,  10); 
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¥ q s uo  o a q Xq  o ljeis 

/* 

( 1 s j l j.-asi  'passaoojd  sqqq  qo  lunoo  q.  l q — ^ 9 ) ¥0  q ¥ 
ujaqqsd  q.  l q aqq  q q l m XjBpunoq  aqXq-^9  oq  ped  - dndejM  ibulj  ¥ 

¥/ 


/* 


■ (USl 
• e q b p q o 


'qnq  ' X0  >)  <-x  q d ) Xd  o rnauj 

( u a 1 ) 

saqXq  6uiULBiuaj  Xue  aqpuBH 


A l 
*/ 


-yS3iAaXDCna-S0W  =-  uaq 
•ys3iAaxDcna~saw  =+  j-nq 

■ (X9>j<-xq3  'AL<-xq3)iiJJoqsuBJi5(]w 

■ ( s a y omx d 01  a- s a w yAnq  'X0>|<-xq3)dBMsaqXasow 

> ( S3iAaxDcna-saw  =<  uai)  aii-qM 

/ ¥ s>junL|3  eqXq-^q  ui  Bqsp  ssaaojj  ¥/ 


{ 


■ L-S31AaXD03a_SaW  =-  uai 

■ L-S31AaXD03a-SaW  = + Anq 

■ (X0>|<-xq3  /AL<-XJ3)IJJJOJ.SUBJ15a|A| 

■ (SadOMXOOna  SOW  'X0>|<-xq3(¥  a q X q ) 'X0>|<-xq3)dBMS0qXasaw 
■y  ( !•  - S31AaXDCna  SOW  ' A n q ' l + X0>|<-xqo(¥  0qXq))Xd3ui0U) 

/ ¥ 0ZLS  ppo  UB  SL  )|Unq3  1SJLJ  ¥ / > ( L ) qL 


u j n q a j 

•'  ( u 0 1 ''  A n q ' l + Xa>)<-xq3(¥  0qXq))Xd3ui0iu 

> (U31  < L-S31AaXD0ia-S0W)  A !• 

/ ¥ Xa>|<-xq3  UL  X p b 0 j 1 b s 0 q Xa  ¥/  i S 3 1 A ax  D 03  a~S  0 W / q(pau6i.sun)  = l 

/ ¥ l|6li|  oq  hoi  uiojq  Xj  jb]  ¥/  .'  + +LHS0qXq<-xqo 

(q  > (U0-|  + q = oqsaqXq<-xqo  ) ) q l 
./oqsaqXq<-xq3  = q £ £ p j 0 m 


A !-Pua# 


0S-|  0# 


.'uai  =+  saqXq<-xqo 
■ S 3 1 A ax  D 0 3 a~S  0 W % saqAq<-xqo(pau6LSun)  = l 

<793  AVH  AL  ft 


i l pauBLSun 

./ALjd(¥  qxaquoo^ow  qonjqs)  = xqo¥  qxaquoogqw  qonjqs 


> 

(uai  q azLs  'qnq¥  qsuoo  aqXq  /Aud¥  p l o a ) 0 q b pd  q S 0 W 

PLOA  0 l q b q s 


11  n A J3AAnq  JsqqouB  q°  u 0 l q b u 0 q b o u o 3 0 q q 


■ ( IZ  ' L6£P98CI9X0  + C6D'<9>I  ' e 
'(SI  'qqzpipezxo  + [ ? ] X 0 >|  ' q 


/ ¥ 

•saqXq  qo  ¥ 

q 3 a i q 0 j 

oq  qxaquoo  aqBpdq  ¥ 

¥/ 

{ 

' P 

= + C£3X30-|q 

i 3 

=+  [Zqx^oiq 

■'q 

= + CLDX^o-iq 

B 

= + C0]>|3O-|q 

' p '3  ' q 

' £ )d31SS0W 

' B ' p '3 

'*>£  ) d31SS0W 

3'9pm /qsDq/d6d /qi| 


lib/ pgp/hash/ md5.c 


M D 5 F i na l ( v o i d *priv) 
{ 


struct  MD5Context  *ctx  = (struct  MD5Context  * ) p r i v ; 
byte  * d i g e s t ; 

# i f HAVE64 


# e L s e 

# e n d i f 


unsigned  i = ( u n s i g n e d ) c t x -> by t e s % M D 5_B LO C KB Y T E S ; 

unsigned  i = (unsigned)ctx->bytesLo  % M D 5_B LO C KB Y T E S ; 

byte  *p  = (byte  *)ctx->key  + i;  /*  First  unused  byte  */ 
word32  t; 


/*  Set  the  first  char  of  padding  to  0x80.  There  is  always  room.  */ 
* p + + = 0x80; 

/*  Bytes  of  padding  needed  to  make  64  bytes  (0..63)  */ 
i = M D 5_B  LOCKBYTES  - 1 - i; 

if  (i  < 8)  { /*  Padding  forces  an  extra  block  */ 

memset(p,  0,  i ) ; 

MD5ByteSwap(ctx->key,  (byte  *)ctx->key,  16); 
MD5Transform(ctx->iv,  ctx->key); 
p = (byte  *)ctx->key; 
i = 64; 

> 

memsettp,  0,  i-8); 

MD5ByteSwap(ctx->key,  (byte  *)ctx->key,  14); 


/*  Append  length  in  bits  and  transform  */ 

# i f HAVE64 

ctx->keyC14]  = ( w o r d 3 2 ) c t x - > b y t e s <<  3; 
ctx->keyC15d  = (word32)(ctx->bytes  >>  29); 

# e l s e 

ctx->keyC14d  = ctx->bytesLo  <<  3; 

ctx->keyC15d  = ctx->bytesHi  <<  3 | ctx->bytesLo  >>  29; 

ft  e n d i f 

MD5Transform(ctx->iv,  ctx->key); 


/*  Convert  digest  to  the  correct  byte  order  */ 
digest  = (byte  *)ctx->iv; 
for  (i  = 0;  i < M D 5_H A S H WO R D S ; i++)  C 

t = ctx->ivCid; 
digestCOT  = (byte)t; 

digestCID  = (byte)(t  >>  8); 

digestC2T  = (byte)(t  >>  16); 

digestC3T  = (byte)(t  >>  24); 

digest  +=  4; 

> 

/*  In  case  it's  sensitive  */ 

/*  XXX  mem s e t ( c t x-> key  , 0,  s i z e o f ( c t x - > k e y ) ) ; */ 
return  (byte  const  *)ctx->iv; 

} 


/ * 

* The  Basic  Encoding  Rules  (of  which  the  Distinguished  Encoding  Rules 

* are  a simple  m i n i ma  l - s i z e d subset)  are  supposed  to  be  compact.  Humph. 

* / 

static  byte  const  M D 5 D E R p r e f i x C 1 - C 
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>; 


0x30, 

0x20, 


/*  Universal,  Constructed,  Sequence  */ 

/*  Length  32  (bytes  following)  */ 

0x30,  /*  Universal,  Constructed,  Sequence 
0x0c,  /*  Length  12  */ 


0x04 

0x10 


*/ 


0x06, 
0x08  , 


/*  Universal,  Primitive, 
/ * Length  8 * / 


o b j e c t - i d e n t i f i e r */ 


0x2a  , 

/*  42 

- IS0(1)*40  + Member  bodies(2) 

0x86  , 

0x48, 

/*  840  = US  (ANSI) 

* / 

0x86, 

Ox  F 7 , 

0x0  D , /*  1 1 3549 

= 

RSADSI  */ 

0x02, 

/*  2 

= Hash  functions 

*/ 

0x05, 

/*  5 

= M D 5 */ 

/ * Universal, 

Primitive,  NULL 

* / 

* / 


/* 


0x05, 

0x00,  /*  Length  0 */ 

/ * Universal,  Primitive, 
Length  16  * / 

/*  16  MD5  digest  bytes 


Octet  string 
go  here  * / 


*/ 


struct  PgpHash  const  H a s h M D 5 = { 

"MD5",  PGP_HASH_MD5, 

MD5DERprefix,  sizeof(MD5DERprefix), 

M D 5_H  ASHBYTES, 
sizeof (struct  MD5Context), 
sizeof (structlchar  _a;  struct  MD5Context 
sizeof (struct  MD5Context), 
MD5lnit,  MD5Update,  MD5Final 

>; 

# i f TESTMAIN 


_b  ; } ) - 


^include  <stdio.h> 

#include  <string.h> 

#include  <time.h> 

#de  f i ne  T E S T_B  Y T E S 1 0000000 

static  char  const  * const  md5TestResultsC0  = { 

"Occl 75b9c0f1 b6a831 c399e269772661 ", 

"900150983cd24fb0d6963f7d28e17f72", 

"7707d6ae4e027c70eea2a935c2296f21", 

"7707d6ae4e027c70eea2a935c2296f21", 

"7707d6ae4e027c70eea2a935c2296f21" 

>; 

static  i n t 

compa reM D 5 r e s u l t s ( by t e const  *hash,  int  level) 

C 

char  bufC333; 
unsigned  i; 

for  (i  = 0;  i < M D 5_H A S H S I Z E ; i++) 

sprintf(buf+2*i,  "%02x",  hashCiO); 
if  (strcmp(buf,  md 5 Te s t R e s u 1 1 s C l e ve  l - 1 0 ) ==  0)  { 

printf ("Test  %d  passed,  result  = %s\n",  level,  buf); 
return  0; 

} else  { 

printf(" Error  in  MD5  implementation;  test  %d  failed\n",  level); 
printf("  Result  = %s\nExpected  = %s\n",  buf, 
md5TestResultsClevel-1]); 
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> 


> 


return  -1 ; 


i n t 

main(void) 

{ 

c L o c k_t  ticks; 
struct  MD5Context  m d 5 ; 
byte  hash[MD5_HASHSIZEd; 
byte  dataC1999d; 
unsigned  i ; 


MD5lnit(Smd5); 

MD5Update(&md5,  "a",  1); 

M D 5 F i n a l ( &md 5 , hash); 
it  ( c ompa r e M D 5 r e s u L t s ( h a s h , 
return  - 1 ; 

MD5Init(&md5); 

MD5Update(&md5,  "a  be",  3); 
MD5Final(&md5,  hash); 
if  ( c ompa r eM D 5 r e s u 1 1 s ( h a s h , 
return  - 1 ; 

/*  1,000,000  bytes  of  ASCII 
MD5Init(&md5); 
for  (i  = 0;  i < 15625;  i + + ) { 

M D 5 U pd a t e ( &md 5 , (byte  *) 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" 
> 

MD5Final(&md5,  hash); 
if  ( c ompa r e M D 5 r e s u L t s ( h a s h , 3)  < 
return  - 1 ; 

/*  1,000,000  bytes  of  ASCII  'a', 

M D 5 I n i t ( &md  5 ) ; 

for  (i  = 0;  i < 40000;  i++) 

M D 5 U pd a t e ( &md 5 , (byte  *) 
MD5Final(Smd5,  hash); 
if  ( c ompa r eM D 5 r e s u 1 1 s ( h a s h , 4)  < 
return  -1; 


1 ) < 0) 

2)  < 0) 

by  64  s * / 

aaaaaaaaaaaaaaaaaaaaaaaaa\ 

64)  ; 

0) 

by  25s  * / 

aaaaaaaaaaaaaaaaaaaaaaaaa",  25); 
0) 


/*  1,000,000  bytes  of  ASCII  'a',  by  125s  */ 

MD5lnit(Smd5); 

for  (i  = 0;  i < 8000;  i + + ) 

M D 5 U pd a t e ( &md 5 , (byte  *)" a a a a a a a a a a a a a a a a a a a a a a a a a \ 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\ 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",  125); 

MD5Final(&md5,  hash); 
if  ( c o m p a r e M D 5 r e s u L t s ( h a s h , 5)  < 0) 
return  -1; 


memset (data,  0,  sizeof(data)); 


ticks  = clock(); 

MD5Init(8md5); 

for  (i  = 0;  i < T E S T_B Y T E S / s i z e o f ( d a t a ) ; i++) 
MD5Update(&md5,  data,  sizeof(data)); 
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> 

MD5Update(Smd5,  d a t a , T E S T_B YT E S % s i z e o f ( d a t a ) ) ; 

MD5Final(&md5,  hash); 

ticks  = clockO  - ticks; 

printf ("Elapsed  time  for  %lu  characters:  % l u ticks\n", 

(unsigned  L on g ) T E S T_B YT E S , (unsigned  long)ticks); 
return  0;  ' 

#end  i f 

/*  TESTMAIN  */ 
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md5.h 

/ * 

* md5.h  --  The  MD-5  Message  Digest. 

* 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  functions  in  an  application. 

* 

* $ I d : md  5 . h , v 1.6  1 996/1  1 /1  2 02:1  7:31  mhw  Exp  $ 

*/ 

ftifndef  MD  5_H 
^define  MD  5_H 

#include  "hash.h" 

extern  struct  PgpHash  const  HashMD5; 

#endif  / * ! M D 5 H */ 
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sha.c 


/* 

★ 

★ 

★ 

* 

★ 

★ 

★ 

★ 

★ 

* 

★ 

★ 

★ 

★ 

* 

* 

★ 

★ 

*/ 


sha.c  - NIST  Secure 
The  algorithm  is  by 


Hash  Algorithm,  FIPS  PUB  180  and  180.1 
spook(s)  unknown  at  the  U.S.  National 


Written  2 September 
This  implementation 


1992,  Peter  C.  Gutmann. 
placed  in  the  public  domain. 


Modified  1 J 
Modified  for 
18  July  1994 


une  1993,  Colin  Plumb. 

the  new  SHS  based  on  Peter  Gutmann 
, Colin  Plumb. 


s work. 


Renamed  to  SHA  and  comments  updated  a bit  1 Novembe 
These  modifications  placed  in  the  public  domain. 
Hacked  on  some  more  for  PGP  3,  December  1995,  Colin 
You  probably  don't  *want*  these  modifications. 


r 1995, 
Plumb. 


Comments  to  pgutl 3cs . aukuni  . ac  . nz 


$Id:  sha.c, v 1.1  3.2.1  1 996/1  1 /1  4 04  : 09:26  cbertsch  Exp  $ 


Securi 


Colin 


ty  Agency. 


Plumb. 


#ifdef  H A V E_C  0 N F I G__H 
# i n c l ude  " config.h" 
Send i f 


//include  <string.h> 

ft  i nc  lude  "hash  . h" 

#i nc  lude  "sha  . h" 
//include  " pg p / u s u a l s . h " 


/ * 

* Define  to  1 for  FIPS  180.1  version  (with  extra  rotate 

* 0 for  FIPS  180  version  (with  the  mysterious  "weakness" 

* isn't  talking  about). 

*/ 


ft  d e f i n e 

S H A_V  E R S I 0 N 1 

//define 

S H A_B  L0CKBYTES 

64 

ft  d e f i n e 

SHA_BL0CKW0RDS 

1 6 

//define 

S H A_H  ASHBYTES 

20 

//define 

S H A_H  ASHW0RDS 

5 

struct 

SHAContext  { 

word32  keyCSHA. 

_BLOCKWORDSO 

word32  i v C S H A_ 

HASHW0RDS]; 

ft  if  HAVE64 


word64  bytes; 

Seise 

word32  bytesHi,  bytesLo; 

ft  end  i f 

>; 


n prescheduling), 
that  the  N S A 


/* 

* Shuffle  the  bytes  into  big-endian  order  within  words,  as  per  the 

* SHA  spec. 

*/ 
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static  void 

s h a By t e S w a p ( w o rd 3 2 *dest, 
{ 

do  t 

*dest++  = 

src  + = 4 ; 
> while  (--words) 

> 


byte  const  *src,  unsigned  words) 

( wo r d 3 2 ) ( ( u n s i g n ed ) s r c C 0 D <<  8 | 

( ( u n s i g n ed  ) s r c [ 2 1 <<  8 | 


srcCId)  <<  16 
srcC3D); 


/*  Initialize  the  SHA  values  */ 


static  void 
shalnitlvoid  * p r i v ) 

{ 

struct  SHAContext  * c t x = (struct  SHAContext  * ) p r i v ; 


ft  i f d e f 
ft  e l s e 


ft  e n d i f 

> 


/ * Set  the 

h- 

vars  to  their 

ctx->ivC0] 

= 

0x67452301  ; 

c t x-> i v C 1 11 

= 

0xEFCDAB89; 

ctx->ivC2H 

= 

0x98BADCFE; 

ctx->ivC3] 

0x10325476; 

ctx->ivL4H 

= 

0xC3D2E1F0; 

/ * I n i t i a l i 
H A V E 6 4 

s e 

bit  count  * / 

ctx->bytes 

= 

0; 

initial 


ctx->bytesHi  = 0; 
ctx->bytesLo  = 0; 


values  * / 


/ * 

* The  SHA  f ( ) - f u n c t i o n s . The  f 1 and  f 3 functions  can  be  optimized  to 

* save  one  boolean  operation  each  - thanks  to  Rich  Schroeppel, 

* rcsScs.arizona.edu  for  discovering  this. 

* The  f3  function  can  be  modified  to  use  an  addition  to  combine  the 

* two  halves  rather  than  OR,  allowing  more  opportunity  for  using 

* associativity  in  optimization.  (Colin  Plumb) 


* 

* Note  that  it  may  be  necessary  to  add  parentheses  to  these  macros 

* if  they  are  to  be  called  with  expressions  as  arguments. 


*/ 


/*  f 1 i 

s a b i t - s e 

l e c t 

function.  If 

(x) 

/ * U d e f i 

ne  f1(x,y. 

z ) 

( 

(x 

& y)  | 

( ~x 

ft  define 

f 1 ( x , y , z ) 

( 

z 

A (x  & 

(y  A 

ft  d e f i n e 

f2(x,y,z) 

( 

X 

A y A z 

) 

/*  f 3 i 

s a ma  j o r i 

ty  function 

^ / 

/ * # d e f i 

ne  f3(x,y. 

z ) 

( 

(x 

8 y)  | 

(y 

/ * #d e f i 

ne  f3(x,y. 

z ) 

( 

(x 

s y)  1 

( z 

ft  d e f i n e 

f3(x,y,z) 

( 

(x 

8 y ) + 

(z 

ft  d e f i n e 

f 4 ( x , y , z ) 

( 

X 

A y A z 

) 

then 

y e 1 

. s e 

z 

*/ 

8 z ) 

) 

// 

Rounds 

0-19 

z ) ) 

) 

/* 

Rounds 

0-19 

/* 

Rounds 

20-39 

z ) 

1 <z 

8 

x) 

) // 

Rounds 

40-59 

(x 

1 y) 

) 

) 

// 

Rounds 

40-59 

(x 

A y) 

) 

) 

/* 

Rounds 

40-59 

/* 

Rounds 

60-79 

/*  The  SHA  Mysterious  Constants.  */ 
#define  K2  0x5A827999L  /* 

#define  K3  0x6ED9EBA1L  /* 

^define  K5  0x8FlBBCDCL  /* 

# d e f i n e K10  0xCA62C1D6L  /* 


Rounds 

0-19  - 

floor 

(sqrt(2)  * 

2 A 30 ) 

Rounds 

20-39  - 

floor 

(sqrt(3)  * 

2 A30  ) 

Rounds 

40-59  - 

floor 

( s q r t ( 5 ) * 

2 A 3 0 ) 

Rounds 

60-79  - 

floor 

(sqrt(10) 

* 2 A 30  ) 

* / 
*/ 
*/ 

* / 
*/ 
*/ 
*/ 


*/ 

*/ 

*/ 

*/ 
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/*  I wonder  why  not  use  K7=0x A9 5 3 F D 4 E , K1 1 =0x D443949 F or  K 1 3=0 x E 6 C 1 5 A2 3 */ 

/*  32-bit  rotate  Left  - kludged  with  shifts  */ 

//define  R0TL(n,X)  ( (X  <<  n)  | (X  >>  (32-n))  ) 

/ * 

* The  initial  expanding  function 

* 

* The  hash  function  is  defined  over  an  80-word  expanded  input  array  W , 

* where  the  first  16  are  copies  of  the  input  data,  and  the  remaining  64 

* are  defined  by  WCiO  = WHi-160  A W C i - 1 4 ] A W C i — 8 □ A WCi-30.  This 

* implementation  generates  these  values  on  the  fly  in  a circular  buffer. 

* 

* The  new  "corrected"  FIPS  180.1  added  a 1-bit  left  rotate  to  this 

* computation  of  W E i D . 

* 

* The  expandxC)  version  doesn't  write  the  result  back,  which  can  be 

* used  for  the  last  three  rounds  since  those  outputs  are  never  used. 

* / 

//if  S H A_V  E R S I 0 N /*  FIPS  180.1  */ 

//define  expandx(W,i)  (t  = W C i & 1 5 □ A WE(i-14)&15D  A W E ( i - 8 ) & 1 5 0 A WE(i-3)&15II,  \ 

R0TLC1  , t)  ) 

//define  expand(W,i)  ( W E i & 1 5 1 = expandx(W,i)) 

//else  /*  Old  FIPS  1 80  */ 

//define  expandx(W,i)  (WEi&15D  A W [ ( i - 1 4 ) & 1 5 1 A WE(i-8)&15H  A WC(i— 3)&15H) 
//define  expand(W,i)  (WCi&150  A=  W E ( i -1  4 ) & 1 5 H A WE(i-8)&15]  A WC(i-3)&15D) 

//end  i f 

/* 

* The  prototype  SHA  sub-round 

* 

* The  fundamental  sub-round  is 

* a'  = e + R0TL(5,a)  + f(b,  c,  d)  + k + data; 

* b ' = a ; 

* c'  = R0TL(30,b); 

* d ' = c ; 

* e ' = d ; 

* ...  but  this  is  implemented  by  unrolling  the  loop  5 times  and  renaming 

* the  variables  (e,a,b,c,d)  = ( a ' , b 1 , c ' , d ' , e ' ) each  iteration. 

* / 

//define  subRoundla,  b,  c,  d,  e,  f,  k,  data)  \ 

( e +=  R0TL(5,a)  + f(b,  c,  d)  + k + data,  b = R0TLC30,  b)  ) 

/ * 

* The  above  code  is  replicated  20  times  for  each  of  the  4 functions, 

* using  the  next  20  values  from  the  WED  array  for  "data"  each  time. 

*/ 

/ * 

* Perform  the  SHA  transformation.  Note  that  this  code,  like  MD5,  seems  to 

* break  some  optimizing  compilers  due  to  the  complexity  of  the  expressions 

* and  the  size  of  the  basic  block.  It  may  be  necessary  to  split  it  into 

* sections,  e.g.  based  on  the  four  subrounds 

* 

* Note  that  this  corrupts  the  sha->key  area. 

* / 

static  void 
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shaT  ransform(struct  SHAContext  *sha) 

{ 

register  word32  A,  B,  C,  D,  E; 
# i f S H A_V  E R S I 0 N 

register  word32  t; 

#end  i f 

/*  Set  up  first  buffer  */ 

A = sha->ivC03; 

B = sha->iv[13; 

C = sha->ivC23; 

D = sha->ivC33; 

E = sha->ivC43; 


/ * Heavy  mangling. 

i n 

4 sub-rounds  of  20  interations  each 

subRoundC 

A, 

B, 

c. 

D, 

E, 

f 1 , K2,  sha->keyC  0]  ); 

subRound( 

E, 

A, 

B, 

c. 

D, 

fl,  K2,  sha->keyC  13  ); 

subRoundC 

D, 

E, 

A, 

B, 

c. 

f 1 , K2,  sha->keyC  23  ); 

subRoundC 

c. 

D, 

E, 

A, 

B, 

fl,  K2,  sha->key[  33  ); 

subRoundC 

B, 

c. 

D, 

E, 

A, 

fl,  K2,  sha->keyC  43  ); 

subRoundC 

A, 

B, 

c. 

D, 

E, 

fl,  K2,  sha->key[  53  ); 

subRoundC 

E, 

A, 

B, 

c. 

D, 

fl,  K2,  sha->keyL  63  ); 

subRoundC 

D, 

E, 

A, 

B, 

c. 

f 1 , K2,  sha->keyC  73  ) ; 

subRoundC 

c. 

D, 

E, 

A, 

B, 

fl,  K2,  sha->keyE  83  ); 

subRoundC 

B, 

c. 

D, 

E, 

A, 

fl,  K2,  sha->keyC  93  ); 

subRoundC 

A, 

B, 

c. 

D, 

E, 

fl,  K2,  sha->keyC103  ); 

subRoundC 

E, 

A, 

B, 

c. 

D, 

fl,  K2,  sha->keyC113  ); 

subRoundC 

D, 

E r 

A, 

B, 

c. 

fl,  K2,  sha->keyC123  ); 

subRoundC 

c. 

D, 

E, 

A, 

B, 

fl,  K2,  sha->keyC133  ); 

subRoundC 

B, 

c. 

t>. 

E, 

A, 

fl,  K2,  sha->keyC143  ); 

subRoundC 

A, 

B, 

c. 

D, 

E, 

fl,  K2,  sha->keyC153  ); 

subRoundC 

E , 

A, 

B, 

c. 

D, 

fl,  K2,  e x pa n d C s h a -> key , 

16) 

); 

subRoundC 

D , 

E, 

A, 

B, 

c. 

fl,  K2,  e x pa nd C s h a -> k e y , 

17) 

) ; 

subRoundC 

c. 

D, 

E, 

A, 

B, 

fl,  K2,  e x pa nd C s h a - > k e y , 

1 8 ) 

) ; 

subRoundC 

B, 

c. 

D, 

E, 

A, 

fl,  K2,  e x pa nd C s h a -> key , 

19) 

); 

subRoundC 

A, 

B, 

c. 

D, 

E , 

f2,  K3,  e x pa nd C s h a -> key , 

20) 

) ; 

subRoundC 

E, 

A, 

B, 

c. 

D, 

f2,  K3,  ex  pa nd C s h a -> k ey , 

21  ) 

) ; 

subRoundC 

D, 

E, 

A, 

B, 

c. 

f2,  K3,  e x pa nd C s h a -> k e y , 

22  ) 

); 

subRoundC 

c. 

D, 

E, 

A, 

B, 

f2,  K3,  e x pa nd C s h a -> key , 

23) 

) ; 

subRoundC 

B, 

c. 

D, 

E, 

A, 

f2,  K3,  e x p a nd C s h a -> k e y , 

24) 

) ; 

subRoundC 

A, 

B, 

c. 

D, 

E, 

f2,  K3,  e x pa nd C s h a -> key , 

25  ) 

) ; 

subRoundC 

E, 

A, 

B, 

c. 

D, 

f2,  K3,  e x pa nd C s h a -> ke y , 

26) 

) ; 

subRoundC 

D, 

E, 

A, 

B, 

c. 

f2,  K3,  expand C sha->key. 

27) 

); 

subRoundC 

c. 

D, 

E, 

A, 

B, 

f2,  K3,  e x p a nd C s h a -> k e y , 

28) 

); 

subRoundC 

B, 

c. 

D, 

E, 

A, 

f2,  K3,  e x pa nd C s h a-> key , 

29) 

) ; 

subRound  C 

A, 

B, 

c. 

D, 

E, 

f2,  K3,  e x pa nd C s h a -> k e y , 

30) 

>; 

subRoundC 

E, 

A, 

B, 

c. 

D, 

f2,  K3,  e x pa nd C s h a -> key , 

31  ) 

) ; 

subRoundC 

D, 

E, 

A, 

B, 

c. 

f2,  K3,  e x pa nd C s h a -> k e y , 

32  ) 

) ; 

subRoundC 

c. 

D, 

E, 

A, 

B, 

f2,  K3,  e x pa nd C s h a-> k ey , 

33) 

) ; 

subRoundC 

B, 

c. 

D, 

E, 

A, 

f2,  K3,  e x pa nd C s h a -> k e y , 

34) 

); 

subRoundC 

A, 

B, 

c. 

D, 

E, 

f2,  K3,  e x pa nd C s h a -> key , 

35  ) 

) ; 

subRoundC 

E, 

A, 

B, 

c. 

D, 

f2,  K3,  e x pa nd C s h a-> k e y , 

36) 

); 

subRoundC 

D, 

E, 

A, 

B, 

c. 

f2,  K3,  e x pa n d C s h a -> k e y , 

37) 

); 

subRoundC 

c. 

D, 

E, 

A, 

B, 

f2,  K3,  e x pa nd C s h a -> key  , 

38) 

) ; 

subRoundC 

B, 

c. 

D, 

E, 

A, 

f2,  K3,  e x p a nd C s h a -> k e y , 

39) 

); 

subRoundC 

A, 

B, 

c. 

D, 

E, 

f3,  K5,  e x pa nd C s h a -> k e y , 

40) 

); 

subRoundC 

E, 

A, 

B, 

c. 

D, 

f3,  K5,  e x pa nd C s h a -> key , 

41  ) 

); 
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subRound ( 

D, 

E, 

A, 

B, 

c. 

f3. 

K5, 

subRound ( 

c. 

D, 

E, 

A, 

B, 

f 3 , 

K5, 

subRound ( 

B, 

c. 

D, 

E, 

A, 

f3. 

K5, 

subRound ( 

A, 

B, 

c. 

D, 

E, 

f3. 

K5, 

subRound  ( 

E, 

A f 

B, 

c. 

D, 

f 3 , 

K5, 

subRound ( 

D, 

E, 

A, 

B, 

c. 

f 3 , 

K5, 

subRound ( 

c. 

D, 

E, 

A, 

B, 

f 3 , 

K5, 

subRound( 

B, 

c. 

D, 

E, 

A, 

f 3 , 

K5, 

subRound  ( 

A, 

B, 

c. 

D, 

E, 

f3. 

K5, 

subRound ( 

E, 

A, 

B, 

c. 

D, 

f 3 , 

K5, 

subRound ( 

D, 

E, 

A, 

B, 

c. 

f3. 

K5, 

subRound ( 

c. 

D, 

E, 

A, 

B, 

f3. 

K5, 

subRound ( 

B, 

c. 

D, 

E, 

A, 

f 3 , 

K5, 

subRound ( 

A, 

B, 

c. 

D, 

E, 

f3. 

K5, 

subRound ( 

E, 

A, 

B , 

c. 

D, 

f3. 

K5, 

subRound  ( 

D, 

E, 

A, 

B, 

c. 

f 3 , 

K5, 

subRound ( 

c. 

D, 

E, 

A, 

B, 

f 3 , 

K5, 

subRound ( 

B, 

c. 

D, 

E, 

A r 

f3. 

K5, 

subRound( 

A, 

B, 

c. 

D, 

E, 

f4. 

K1  0, 

subRound ( 

E, 

A, 

B, 

c. 

D, 

f 4 , 

K1  0, 

subRound ( 

D/ 

E, 

A, 

B, 

c. 

f 4 , 

K1  0, 

subRound ( 

c. 

D, 

E, 

A, 

B, 

f4. 

K1  0, 

subRound ( 

B, 

c. 

D r 

E, 

A, 

f4. 

K1  0, 

subRound ( 

A, 

B, 

c. 

D, 

E, 

f4. 

K1  0, 

subRoundC 

E, 

A, 

B, 

c. 

D, 

f4. 

K10, 

subRoundC 

D, 

E, 

A, 

B, 

c. 

f4. 

K10, 

subRoundC 

c. 

D, 

E, 

A, 

B, 

f4. 

K1  0, 

subRoundC 

B, 

c. 

D, 

E, 

A, 

f4. 

K1  0, 

subRound ( 

A, 

B, 

c. 

D / 

E, 

■f  4 , 

K1  0, 

subRound ( 

E, 

A, 

B, 

c. 

D, 

"f  4 , 

K1  0, 

subRound ( 

D, 

E, 

A, 

B, 

c. 

f4. 

K1  0, 

subRound ( 

c. 

D, 

E, 

A, 

B, 

f4. 

K1  0, 

subRoundC 

B, 

c. 

D, 

E, 

A, 

f4. 

K1  0, 

subRoundC 

A, 

B, 

c. 

D, 

E, 

f4. 

K1  0, 

subRoundC 

E, 

A, 

B, 

c. 

D, 

f4. 

K1  0, 

subRoundC 

D, 

E, 

A, 

B, 

c. 

f 4 , 

K1  0, 

subRoundC 

c. 

D, 

E, 

A, 

B, 

f4. 

K1  0, 

subRound ( 

B, 

c. 

D, 

E, 

A, 

f4. 

K1  0, 

/*  Build  message  digest  */ 
sha->ivCO]  + = A; 
sha->ivC1]  + = B; 
sha->ivC23  +=  C; 
sha->ivC30  +=  D; 
sha->iv[4U  +=  E; 


/*  Update  SHA  for  a block  of  data.  */ 
static  void 

s h a U pd a t e ( v o i d *priv,  byte  const  *buf,  si 
{ 

struct  SHAContext  *ctx  = (struct 
unsigned  i; 

/*  Update  bitcount  */ 


expand(sha->key. 

42) 

); 

expand(sha->key. 

43) 

); 

expand(sha->key. 

44) 

); 

expand(sha->key. 

45  ) 

>; 

expand ( sha->key. 

46) 

); 

expand(sha->key. 

47) 

); 

ex  pa  nd ( s h a->  key , 

48) 

); 

expand ( sha->key. 

49) 

); 

expand ( sha->key. 

50) 

); 

expand(sha->key. 

51  ) 

); 

expand(sha->key. 

52) 

); 

expand(sha->key. 

53) 

); 

expand(sha->key. 

54) 

); 

expan d(sha->key. 

55  ) 

); 

expand(sha->key. 

56) 

); 

expand(sha->key. 

57) 

); 

expand(sha->key. 

58) 

); 

expand(sha->key. 

59) 

); 

expand(sha->key. 

60) 

>; 

expand(sha->key. 

61  ) 

); 

expand(sha->key. 

62  ) 

>; 

expand(sha->key. 

63) 

>; 

expand(sha->key. 

64) 

); 

expand(sha->key. 

65  ) 

); 

expand ( sha->  key. 

66) 

); 

expand(sha->key. 

67) 

); 

expand(sha->key. 

68) 

); 

expand(sha->key. 

69) 

); 

expand ( sha->key. 

70) 

); 

expand ( sha-> key. 

71  ) 

); 

expand (sha->key. 

72) 

); 

expand(sha->key. 

73) 

>; 

expand(sha->key. 

74) 

) ; 

expand(sha->key. 

75  ) 

); 

expand(sha->key. 

76) 

); 

expandx(sha->key. 

77) 

) 

expandx(sha->key. 

78) 

) 

expandx(sha->key. 

79) 

) 

z e_t  l e n ) 

SHAContext  * ) p r i v ; 
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i = (unsigned)ctx->bytes  % S H A_B LO C KB Y T E S ; 
ctx->bytes  +=  Len; 

# e L s e 

w o r d 3 2 t = ctx->bytesLo; 

if  ( ( ctx->bytesLo  = t + Len  ) < t ) 

ctx->bytesHi++;  / * Carry  from  Low  to  high  * / 


i = (unsigned)t  % S H A_B LO C KB Y T E S ; /*  Bytes  aLready  in  ctx->key  */ 

# e n d i f 

/*  i is  a Lways  Less  than  S H A_B LO C KB YT E S . */ 

if  ( S H A_B  LOCKBYTES-i  > Len)  { 

memcpy ( (byte  *)ctx->key  + i,  buf,  Len); 
return; 

> 

if  (i)  ( /*  First  chunk  is  an  odd  size  */ 

memcpy((byte  *)ctx->key  + i,  buf,  S H A_B LO C KB Y T E S - i); 
shaByteSwap(ctx->key,  (byte  *)ctx->key,  S H A_B LO C KWO R D S ) ; 
shaTransform(ctx)  ; 
buf  +=  S H A_B  LOCKBYTES-i ; 

Len  -=  S H A_B  LOCKBYTES-i ; 

> 

/*  Process  data  in  64-byte  chunks  */ 

white  (Len  >=  S H A_B LO C KB Y T E S ) C 

shaByteSwap(ctx->key,  buf,  S H A_B LO C KWO R D S ) ; 

shaTransform(ctx); 

buf  +=  S H A_B  LOCKBYTES; 

Len  - = S H A_B  LOCKBYTES; 

> 


> 


/*  HandLe  any  remaining  bytes  of  data.  */ 
if  (Len) 

memcpy (ctx->key,  buf,  Len); 


/ * 

* FinaL  wrapup  - pad  to  64-byte  boundary  with  the  bit  pattern 

* 1 0*  (64-bit  count  of  bits  processed,  MSB-first) 

* / 

static  byte  const  * 
s h a F i na L ( vo i d *priv) 

{ 


struct  SHAContext  *ctx  = (struct  SHAContext  *)priv; 
byte  *digest; 
if  i f HAVE64 


ttelse 
tie  n d i f 


unsigned  i = (unsigned)ctx->bytes  % S H A_B LO C KB Y T E S ; 

unsigned  i = (unsigned)ctx->bytesLo  % S H A_B LO C KB Y T E S ; 

byte  *p  = (byte  *)ctx->key  + i;  / * First  unused  byte  * / 
word32  t; 


/*  Set  the  first  char  of  padding  to  0x80.  There  is  a Lways  room.  */ 
*p++  = 0x80; 


/*  Bytes  of  padding  needed  to  make  64  bytes  (0..63)  */ 
i = S FI  A_B  LOCKBYTES  - 1 - i; 
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if  (i  < 8)  { /*  Padding  forces  an  extra  block  */ 

memset(p,  0,  i); 

shaByteSwap(ctx->key,  (byte  *)ctx->key,  16); 
shaT  ransform(ctx); 
p = (byte  *)ctx->key; 
i = 6 4; 

> 

memset(p,  0 , i - 8 ) ; 

shaByteSwap(ctx->key,  (byte  *)ctx->key,  14); 

/*  Append  length  in  bits  and  transform  */ 

# i f HAVE64 

ctx->keyC14H  = (word32)(ctx->bytes  >>  2 9); 
ctx->keyC15H  = (word32)ctx->bytes  <<  3; 


#else 


#end  i f 


ctx->keyC14]  = ctx->bytesHi  <<  3 | ctx->bytesLo  >>  29; 

c t x-> key C 1 5 3 = ctx->bytesLo  <<  3; 

shaTransform(ctx); 


digest  = (byte  *)ctx->iv; 
for  (i  = 0;  i < S H A_H A S H W 0 R D S ; i++)  { 
t = ctx->ivCiD; 
digestCOD  = (byte)(t  >>  24); 

digestCID  = (byte)(t  >>  16); 

digestE23  = (byteMt  >>  8); 

digestC33  = (byte)t; 

digest  + = 4; 

> 

/*  In  case  it's  sensitive  */ 

/ * XXX  memset(ctx,  0,  sizeof (ctx) );  */ 
return  (byte  const  *)ctx->iv; 


# if  0 
/ * 

* Nobody  knows  an  SHA  format,  so  we  make  one  up  out  of  the 

* context-dependent  tag  space. 

* / 

static  byte  const  S H A D E R p r e f i x C 1 = { 

0x82,  /*  c o n t e x t - s pe c i f i c C 2 □ , primitive  */ 

0x14  /*  Length  20  */ 

/*  20  SHA  digest  bytes  go  here  */ 

>; 

ft  e l s e 
/* 


* 

* 

* 

* 

* / 

static 


Actually,  there  is  one.  SHA.1  has  an  0ID  of  1.3.14 
(From  the  1994  Open  Systems  Environment  Implementor 


The  rest  of  the 
NULL  in  there? 


format  is  stolen  from  MD5 


3.2.26 

s Workshop  (0IW)) 
Do  we  need  the  3#$3$ 


byte  const  S H A D E R p r e f i x C ] = f 
0x30,  /*  Universal,  Constructed,  Sequence  */ 

0x21,  /*  Length  33  (bytes  following)  */ 

0x30,  /*  Universal,  Constructed,  Sequence  */ 

0x09,  /*  Length  9 */ 

0x06,  /*  Universal,  Primitive,  ob j e c t - i d e n t i f i e r 
0x05,  /*  Length  8 */ 


★ / 
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43,  /*  43  = I S 0 ( 1 ) * 4 0 + 3 */ 
14, 

3, 

2, 

26, 

0x05,  /*  Universal,  Primitive,  NULL  */ 
0x00,  / * Length  0 * / 

0x04,  /*  Universal,  Primitive,  Octet  string  */ 
0x14  / * Length  20  * / 

/*  20  SHA.1  digest  bytes  go  here  */ 

>; 

# e n d i f 

struct  PgpHash  const  HashSHA  = t 
" S H A 1 " , P G P_H  A S H_S  HA, 

SHADERprefix,  sizeof(SHADERprefix), 

S H A_H  ASHBYTES, 
s i z e o f ( s t r u c t SHAContext), 

si zeof ( structlchar  _a;  struct  SHAContext  _b;>)  - 
sizeof (struct  SHAContext), 
shalnit,  shaUpdate,  shaFinal 

>; 


//if  TESTMAIN 


/* 

# i n c l ude 
//include 
//include 


< s t d i o . h > 
<stdlib.h> 
< t i me  . h > 


SHA  Test  code 

/ * For  exit()  * / 


/*  Size  of  buffer  for  SHA  speed  test  data  */ 


//define  T E S T_B  L 0 C K_S  I Z E ( S H A_H  A S H B Y T E S * 100  ) 
/*  Number  of  bytes  of  test  data  to  process  */ 


//define  TEST_BYTES  1 0000000L 

//define  T E S T_B  LOCKS  ( T E S T_B  Y T E S / T E S T_B  L 0 C K_S  I Z E ) 


//if  S H A_V  E R S I 0 N 

static  char  const  *shaTestResults[]  = C 

"A9993E364706816ABA3E25717850C26C9CD0D89D", 
"84983E441 C3BD26EBAAE4AA1 F 9 5 1 29E5E54670F1  ", 
"34AA973CD4C4DAA4F61EEB2BDBAD2731  653401  6 F"  , 
"34AA973CD4C4DAA4F61EEB2BDBAD2731  653401  6F"  , 
"34AA973CD4C4DAA4F61EEB2BDBAD2731 653401 6F"  >; 


//else 

static  char  const  * s h a T e s t R e s u 1 1 s [ 1 = C 

"0164B8A914CD2A5E74C4F7FF082C4D97F1EDF880", 
"D2516EE1ACFA5BAF33DFC1C471E438449EF134C8", 
"3232AFFA48628A26653B5AAA44541FD90D690603", 
"3232AFFA48628A26653B5AAA44541FD90D690603", 
"3232AFFA48628A26653B5AAA44541FD90D690603"  >; 


U end  i f 


static  int 

compa reS H A re su 1 1 s ( by t e *hash,  int  level) 

{ 

char  bufC41H; 


*/ 
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> 


i n t i ; 


for  (i  = 0;  i < S H A_H A S H B Y T E S ; i++) 

sprintf(buf+2*i,  "%02X",  hashCill); 


if  (strcmpCbuf,  shaTestResultsClevel-13)  ==  0)  { 

printfC’Test  %d  passed,  result  = %s\n" , level,  buf); 
return  0 ; 

> else  { 


> 


printf ("Error  in 
pr i ntf  ( " Resu  l t 
printf(" Expected 
return  - 1 ; 


SHA  implementation:  Test  %d  failed\n", 
= %s\n",  buf); 

= %s\n",  shaTestResultsClevel-ID); 


i n t 

ma i n ( v o i d ) 

struct  SHAContext  sha; 
byte  dataHTEST_BLOCK_SIZE 0 ; 
byte  h a s h C S H A_H  ASHBYTES]; 
c l o c k_t  ticks; 
long  i ; 

/* 

* Test  output  data  (these  are  the  only  test  data  given  in  the 

* Secure  Hash  Standard  document,  but  chances  are  if  it  works 

* for  this  it'll  work  for  anything) 

* / 

shalnit(Ssha); 

shaUpdateCSsha,  (byte  *)"abc",  3); 
shaFinal(&sha,  hash); 
if  ( c ompa r e S H A r e s u 1 1 s ( h a s h , 1)  < 0) 
exit  ( - 1 ) ; 

shalnit(Ssha); 

s h a U pd a t e ( & s h a , (byte  * ) " a b c d b c d e c d e f d e f g e f g h f g h i g h i j h i j k i \ 
jkljklmklmnlmnomnopnopq",  56); 

shaFinal(8sha,  hash); 
if  ( c ompa r e S H A r e s u 1 1 s ( h a s h , 2)  < 0) 
exit  (-1); 

/*  1,000,000  bytes  of  ASCII  'a'  (0x61),  by  64's  */ 

shalnit(Ssha); 

for  (i  = 0;  i < 15625  ; i + + ) 

s h a U p d a t e ( & s h a , (byte  *)" a a a a a a a a a a a a a a a a a a a a a a a a a \ 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",  6 4); 
shaFinal(Ssha,  hash); 
if  ( c ompa r e S H A r e s u l t s ( h a s h , 3)  < 0) 
exit  ( - 1 ) ; 

/*  1,000,000  bytes  of  ASCII  'a'  (0x61),  by  25's  */ 

shalnit(&sha); 

for  (i  = 0;  i < 40000;  i + + ) 

s h a U pd a t e ( S s h a , (byte  *)" a a a a a a a a a a a a a a a a a a a a a a a a a " , 25) 
shaFinal(&sha,  hash); 
if  ( c ompa r e S H A r e s u l t s ( h a s h , 4)  < 0) 


level); 
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exit  (-1); 

/*  1 ,000,000  bytes  of  ASCII  'a'  (0x61),  by  1 2 5 ' s */ 

shalnit(&sha); 

for  (i  = 0;  i < 8000;  i + + ) 

s h a Upda t e ( &s h a , (byte  *)" a a a a a a a a a a a a a a a a a a a a a a a a a \ 

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaX 

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",  125); 
s h a F i n a L ( & s h a , hash); 
if  ( c om p a r e S H A r e s u 1 1 s ( h a s h , 5)  < 0) 
exit  ( - 1 ) ; 

/*  Now  perform  time  trial,  generating  MD  for  10MB  of  data.  First, 
initialize  the  test  data  */ 
memset(data,  0,  T E S T_B L0 C K_S I Z E ) ; 


/ * Get  start  time  * / 

printfC'SHA  time  trial.  Processing  %ld  characters  ...  \ n",  TEST_BYTES) 
ticks  = clockO; 

/*  Calculate  SHA  message  digest  in  T E ST_B L0 C K_S I Z E byte  blocks  */ 
shalnit(&sha); 

for  (i  = T E S T_B  LOCKS;  i > 0;  i — ) 

shaUpdate(8sha,  data,  T E S T_B L0 C K_S I Z E ) ; 
s h a F i n a l ( & s h a , hash); 

/*  Get  finish  time  and  print  difference  */ 
ticks  = clock()  - ticks; 

printf ("Ticks  to  process  test  input:  %lu\n",  (unsigned  long)ticks); 


> 

U e nd i f 


return  0; 

/ * Test  driver  */ 
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sha.h 

/* 

* sha.h  — NIST  Secure  Hhash  Algorithm 

★ 

* This  is  a PRIVATE  header  tile,  tor  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  tunctions  in  an  application. 

* 

* $ I d : sha.h, v 1.3  1 996/1  1 /1  2 02:1  7:31  mhw  Exp  $ 

*/ 

# i f nd e t SH  A_H 
tfdetine  SH  A_H 

^include  "hash.h" 

extern  struct  PgpHash  const  HashSHA; 

# e nd  i t / * !SHA  H */ 
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lib/ pgp/helper/.cvsignore 

. 

.cvsignore 


Makef i le  DONE 
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Makefile. in 

n 

it  lib/helper 

it 

it  $ I d : Makef  i Le  . i n,  v 1.25  1 996/1  1 /1  2 02  : 1 7:32  mhw  Exp  $ 

it 

0BJS=  annotate. o bytefifo.o  charmap.o  fifo.o  globals.o  passcach.o  \ 
pipefile.o  pgperr.o  pgpfile.o  memfile.o  pgpmsg.o  str2key.o  \ 
timedate.o  filefifo.o  flexfifo.o  pgpmem.o  pgpdebug.o  pgpleaks.o 

PUBHDRS=  tifo.h  passcach.h  pgpfite.h  str2key.h  timedate.h  pgpmem.h  \ 
pgpdebug.h  pgpleaks.h 

PRIVHDRS=  bytefifo.h  charmap.h 

all::  DONE 
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makefile.msc 

P G P L I B = . .\.  .\pgplib.  Lib 

CFLAGS=-I..\..\..\include  -I..\..\inctude  \ 

- D H A V E_C  0 N F I G H = 1 $(DEBUG) 


all:: 


L i b 


headers:  incl 

! include  "makefile. in 


incl: 

i f 

not 

" $ ( PUBHDRS  ) " 

ii  n ^ 

for  % f in  ( 

$ (PUBHDRS  ) 

) do 

copy  / f . 

.\. .\. .\include\pgp 

i f 

not 

"$(PRIVHDRS) 

li 1 1 1 1 ^ 

for  % f in  ( 

$(PRIVHDRS) 

) d o 

copy  % f 

. .\. .\include 

DOSOB J SX  = 

$ ( OB J S : . o= . 

o b j ) 

DOSOB J S = 

$(DOSOBJSX: 

u n i x = w i n 3 2 ) 

lib:  $(DOSOBJS) 

. c . o b j : 

$ ( C C ) SCCFLAGS)  -Z7  -c  $< 

# lib  /out : $ ( PGPLIB ) $(PGPLIB)  $*.obj 

clean: 

del  * . o b j 

DONE  : 

if  exist  $(PGPLIB)  lib/out:$(PGPLIB)  $(PGPLIB)  $(D0S0BJS) 
if  not  exist  $(PGPLIB)  l i b / o u t : $ ( PG P L I B ) $(D0S0BJS) 
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annotate.c 

/* 

* annotate.c  --  convert  an  annotation  type  to  a string. 

* 

* Written  by:  Derek  Atkins  <warlordaMIT.EDU> 

ic 

* $ I d : annotate. c,v  1.1  3 1 996/1  1 /1  2 02:1  7:32  mhw  Exp  $ 

* / 


#include  "pgp/annotate  . h" 

const  char  * 
pgpScopeName  (int  type) 


> 


if  ( ! PGP_IS_BEGIN_SCOPE  (type)) 

return  "Not  a Begin  Scope  type"; 


switch  (type)  f 

case  P G P A N N_U  N KN  0 W N_B  E G I N : 

return  "Unknown"; 
case  P G P A N N_L I T E R A L_B  E G I N : 

return  "Literal"; 
case  P G P A N N_C I P H E R_B  E G I N : 

return  "Encrypted"; 
case  PGPANN_COMPRESSE  D_B  E G I N : 

return  "Compressed"; 
case  P G P A N N_C  OM  M E N T_B  E G I N : 

return  "Comment"; 
case  P G P A N N_S I G N E D_B  E G I N : 

return  "Signed"; 
case  P G P A N N_N  0 N P A C K E T_B  E G I N : 

return  "Non"; 
case  P G P A N N_N  0 N P G P_B  E G I N : 

return  "Unprotected"; 
case  PGPANN_ARMO  R_B  E G I N : 

return  "Ascii  Armored"; 
case  P G P A N N_C  L E A R S I G_B  E G I N : 

return  "Clearsigned"; 
case  P G P A N N_P  GPKEY_BEGIN : 

return  "PGP  Key"; 
case  PGPANN_INPU  T_B  E G I N : 

return  "Input"; 
case  PGPANN_FILE_BEGIN : 

return  "File"; 

default  : 


> 


return  "HUH?  Weird  Packet"; 
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bytefifo.c 

/ * 

* Bytefifo.c  - an  i n f i n i t e L y- e x p a n d a b L e FIFO  struxture  for  bytes. 

* 

* $ I d : bytefifo.c, v 1.1  6 1 996/1  1 /1  2 02:1  7:32  mhw  Exp  $ 

*/ 

#ifdef  H A V E_C  0 N F I G H 

^include  "config.h" 

//end  i f 


//include  <assert  . h> 
^include  <stdio.h> 


/*  For  BUFSIZ  */ 


//include  "bytefifo.h" 
//include  " pg  p / pg  pmem  . h " 
//include  "pgp/usua  Is  . h" 


struct  ByteFifoPage  { 

struct  ByteFifoPage  *next; 

byte  bufCBUFSIZ-sizeofCstruct  ByteFifoPage  *)]; 

>/ 


struct  Pg p F i f o C on t e x t { 

struct  ByteFifoPage  * h e a d , * t a i l ; 
byte  * p u t p ; 
byte  const  * g e t p ; 
unsigned  pages; 

>; 


static  void 

byteFifoInitCstruct 

{ 

fi fo->head 
f i f o-> t a i l 
fi fo->putp 
fi fo->getp 
f i f o->pages 


Pg p F i f o C o n t e x t *fifo) 

0; 

0; 

0; 

0; 

= 0; 


void 

byteFifoFlushCstruct  PgpFifoContext  *fifo) 

struct  ByteFifoPage  * p a g e ; 

while  ((page  = fifo->head)  !=  0)  f 
fifo->head  = page->next; 
memset (page,  0,  s i zeof ( page  ) ) ; 
pgpMemFree(page); 

> 

fifo->tail  = 0; 
fifo->putp  = 0; 
fifo->getp  = 0; 
fifo->pages  = 0; 

> 

unsigned  long 

by t e F i f o S i z e ( s t r u c t PgpFifoContext  const  *fifo) 
unsigned  long  space; 
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.'((aBedoj-LjaiAg  jonjisj^oazLS 


./;(.nq<-aBed  = dqnd<-oqLq  ujnqaj 
( ^nq<-peai]<-o^  i j.)  J.09Z  ls  = u a q * 

' g = qxau<-a6Bd 
y a 6 b d = ] lbk-oj.lj. 

{ 

.yj.nq<-a6ed  = dqa6<-oqi.q 
y a 6 Bd  = pBaq<-oqLq 
.'  ( L,  ==  saBed<-o^  L|)  }jassB 

> 9 s 1 a C 

' a 6 b d = jxau<-i  lbj<-o|  l j. 
i ( i < sa6Bd<-o^i  j.)  jjassB 

> (pBaq<  — OJ.LJ.)  q l 
y++sa6Bd<-oq  l q 
{ 


•'0 

■'0 


/ * Ajoiuaui  q o q n o * / 
do  i q \/w3Wd6d  ( * aBedoj.  l d a q/g 


u j nj a j 
= u a i ^ 

> ( aBed 
j on j i s ) = 


) i-  !• 
aBed 


{ 


ydqnd<-oqLq 


( J-nq<-i 


{ 


.'dind<-o^L^  ujnqaj 
y q L BAB  = U 3 q * 

> ( 1 LBAB)  q L 

L Bl<-0  J.  L j.  ) j.oaz  L S + J.  nq  <- 1 L B 1 <-0  J.  L J.  = qLBAE 

/ (dind<-o^  l } jassB 

> (pBaq<-oqLq) 


J-  !■ 


{ 


.'aBad^  aBEdoj-Ldaq/g  jonjjs 
i ] L B A B pauBLSUn 

> 

(uaq*  pauBLSun  l q x a q uo 3 o q l d d 6d  q d n j q s ) a o Bd s q 9 0o q l d 9 q Aq 

* a q Aq 

{ 

.y(oqi.q)aaJdUJ9Wd6d 

'(oqLqqqsnqdoqidaqAq 

> 

(oqLq»  q x a q u o o o q l d d 6d  q d n j q s ) A o j q s a o o q l d a q A q 

P L O A 
{ 

o q l q ujnqaj 
.'(oqLqqqLUioqLdsqAq 

(oq  Lq>  q l 

./((oqLq¥)qoazLS)DO'|ivui9Wd6d(¥  qxaquo3oqi.dd6d  qonjqs)  = o q i q 

i o q l q * qxaquoooqLdd6d  qonjqs 

> 

(pLOA)aqB3J3oqLdaqAq 
* q x a q u o o o q l d d Bd  qonjqs 

{ 

./(qnq<-pBaiq<-oqi.q)qoazLS  - aoBds  ujnqaj 
y(qnq<-pBaq<-oqi.q)qoazLS  * (q-sa6Bd<-oqLq)  = + aoBds 
.y(dqa6<-oqLq  - (qnq<-pBaq<-oqLq)qoazLS  + qnq<-pBaq<-oqqq) 

+ ( q nq <- q l b q <-o q l q - dqnd<-oqiq>  = aoBds 

.'0  ujnqaj 
( sa6Bd<-oq l q j ) q l 


D'OjiqajAq/jad|aLj/d6d /qi| 
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void 

by t e F i f o S k i p S p a c e ( s t r u c t Pg p F i f o C o n t e x t *fifo,  unsigned  Len) 

{ 

if  ( ! L e n ) 

return; 

assert(fifo->head); 

assert(fifo->putp); 

assertC  Len  <=  ( un s i g n ed  ) ( f i f o-> t a i l -> bu f + s i z e o f ( f i f o-> t a i L -> bu f ) 

- fifo->putp)); 

fifo->putp  +=  Len; 

> 


byte  const  * 

by t e F i f o P e e k ( s t r u c t Pg p F i f o C o n t ex t *fifo,  unsigned  *Len) 
{ 


> 


if  (!fifo->head)  f 
* L e n = 0 ; 

return  0;  / * No  bytes  avaiLabLe  * / 

> 


assert(fifo->getp); 

/*  Head  and  taiL  on  same  page?  */ 
if  (fifo->taiL  ==  fifo->head) 

*Len  = fifo->putp  - fifo->getp; 


e L s e 

*Len  = f i f o-> h e a d-> b u f + s i z e o f ( f i f o-> h e a d-> bu f ) 
return  *Len  ? fifo->getp  : 0; 


fi fo->getp; 


void 

by t e F i f o S e e k ( s t r u c t P g p F i f o C o n t e x t *fifo,  unsigned  Len) 

{ 

struct  ByteFifoPage  *page; 

if  ( ! L e n ) 

return; 

assertCf i fo->head); 

assertC  Len  <=  ( u n s i g n e d ) ( f i f o - > h e a d-> b u f + s i z e o f ( f i f o-> h e a d - > b u f ) 

- fifo->getp)); 


if  (fifo->head  ==  fifo->taiL)  { 

assert(fifo->pages  ==  1); 
a s s e r t ( f i f o-> h e a d-> n e x t ==  0); 

assert ( Len  <=  (unsigned)(fifo->putp  - fifo->getp)); 
if  (Len  < ( u n s i g n e d ) ( f i f o - > p u t p - fifo->getp))  { 
fifo->getp  +=  Len; 

> e L s e { 

memset(fifo->head,  0,  sizeof(*fifo->head)); 
pgpMemFreeCfi fo->head); 
byteFifoInit(fifo); 

> 

return; 

> 


a s s e r t ( f i f o-> pa g e s > 1); 
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> 


if  ( L e n < 
{ 


(unsi  gned)  ( fi fo->head->buf 
- f i f o->  g e t p ) ) 


fifo->getp  + = len; 

> else  { 


+ s i z e o f ( f i f o-> h e a d-> bu f ) 


page  = fifo->head; 
fifo->head  = f i f o-> h e a d-> n e x t ; 
assert(fi fo->head); 
memset (page,  0,  sizeof (*page)); 
pgpMemFree(page)  ; 
fi fo->pages--; 
assertCfi fo->pages)  ; 
fifo->getp  = fifo->head->buf; 


s i z e_t 

by t e F i f oW r i t e ( s t r u c t Pg p F i f o C o n t e x t *fifo,  byte  const  *buf,  size_t  Len) 
{ 

unsigned  avail; 
byte  * p t r ; 
s i z e_t  L e nO  = Len; 

while  (Len)  { 

ptr  = byteFifoGetSpaceCfifo,  Savail); 
if  ( ! p t r ) 

return  LenO  - Len; 
if  (avail  > Len) 

avail  = Len; 

memcpy(ptr,  buf,  avail)  ; 
byteFifoSkipSpace(fifo,  avail); 
buf  + = avail; 

Len  -=  avail; 

} 

return  LenO; 

> 


s i z e_t 

by t e F i f o R ea d ( s t r u c t Pg p F i f o C o n t e x t *fifo,  byte  *buf,  si ze_t  len) 
{ 

unsigned  avail; 
byte  const  *ptr; 
s i z e_t  l e n 0 = len; 

while  (len)  { 

ptr  = byteFifoPeek  (fifo,  Savail); 
if  ( ! p t r ) 

return  LenO  - len; 
if  (avail  > len) 

avail  = len; 

memcpy  (buf,  ptr,  avail); 
buf  +=  avail; 
len  - = avail; 

byteFifoSeek  (fifo,  avail); 

> 

return  LenO; 

> 

ft  i f UNITTEST 
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/ * Test  driver  * / 

/^include  <stdio.h> 

static  void 

byteFifoDumpCstruct  P g p F i f o C o n t e x t * f i f o ) 

{ 

byte  const  * p t r ; 
unsigned  avail; 

while  ((ptr  = by t e F i f o P e e k ( f i f o , Savail))  !=  0)  T 
fwritelptr,  1,  avail,  stdout); 
byteFifoSeeklfifo,  avail); 

> 

} 

i n t 

mainlint  argc,  char  **argv) 

{ 

struct  P g p F i f o C o n t e x t fifo; 
byte  const  c = ' ' ; 

i n t i , j ; 

byteFifoInit(Sfifo); 


i; 

i < 

argc;  i + + ) 

C 

for 

( j 

= 1;  j <= 

i ; 

j++)  { 

by t e F i f oW r i t e ( S f i f o , argvCj] 

, St 

rlenCargvdj])); 

if  ( i ! = 

j ) 

by  t 

eFifoWritel&fifo, 

& c , 

1 >; 

j 

p r i n 

tf  ( 

" a r g v C 1 . . 

%d  ] 

= (%lu)  i. 

byte 

FifoSize(Sfifo)); 

byte 

FifoDump(&fi 

f o ) 

r 

puts 

("\ 

n n \ . 

' f 

> 

return  0 ; 

> 

U e n d i f 
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bytefifo.h 


/ * 

* bytefifo.h  --  A fi 

r s t - i 

n-f i rst-out  pipe 

o f 

bytes. 

* This 

is  a PRIVATE 

header  file,  for  use 

only 

within  the  PGP 

* You 

should  not  be 

using 

these  functions 

i n 

an  application. 

A 

* $ I d : 
*/ 

bytefifo.h, v 

1.10 

1 996/1  1 /I  2 02:1  7 

: 33 

m h w Exp  $ 

# i f nde  f 

BYTE  F I F 0_H 

# d e f i n e 

BYTEFIFO  H 

Library. 


^include  " p g p / u s u a l s . h " 
struct  PgpFifoContext; 


struct  PgpFifoContext  *byteFifoCreate  (void); 
void  byteFifoDestroy  (struct  PgpFifoContext  * f i f o ) ; 

byte  *byteFifoGetSpace  (struct  PgpFifoContext  * f i f o , unsigned  * L e n ) ; 
void  byteFifoSkipSpace  (struct  PgpFifoContext  * f i f o , unsigned  len); 

byte  const  *byteFifoPeek  (struct  PgpFifoContext  * f i f o , unsigned  * L e n ) ; 
void  byteFifoSeek  (struct  PgpFifoContext  *fifo,  unsigned  len); 

size_t  by t e F i f oW r i t e (struct  PgpFifoContext  *fifo,  byte  const  *buf, 

s i z e_t  len); 

si ze_t  byteFifoRead  (struct  PgpFifoContext  *fifo,  byte  *buf,  si ze_t  len); 


void  byteFifoFlush(struct  PgpFifoContext  * f i f o ) ; 

unsigned  long  byteFifoSize  (struct  PgpFifoContext  const  * f i f o ) ; 


# e nd  i f /*  BYTEFIFO  H */ 
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charmap.c 

/ * 

* Charmap.c 


* Mapping  tables  between  different  character  sets. 

* 

* Written  by  colin  Plumb. 

★ 

* $ I d : charmap.c, v 1.1  0 1 996/1  1 / 1 2 02:1  7:33  mhw  Exp  $ 
*/ 


# i f d e f H A V E_C  0 N F I G_H 
//include  "config.h" 
Me  nd  i f 


//include  <ctype.h> 


#i nc lude  "charmap. h" 

#i nc lude  " p g p / p g p e r r . h " 


/*  *INDENT-0FF*  */ 


unsigned  char  const  c h a r Ma p I d e n t i t y C 2 5 6 0 = { 


0, 

i. 

2, 

3, 

4, 

5, 

6, 

7, 

8, 

9 

/ 

10, 

11, 

12, 

13, 

14, 

1 5 

16, 

17, 

18, 

19, 

20, 

21, 

22, 

23, 

24, 

25 

/ 

26, 

27, 

28, 

29, 

30, 

31 

32, 

33, 

34, 

35, 

36, 

37, 

38, 

39, 

40, 

41 

f 

42, 

43, 

44, 

45, 

46, 

47 

V 

00 

49, 

50, 

51, 

52, 

53, 

54, 

55, 

56, 

57 

/ 

58, 

59, 

60, 

61, 

62, 

63 

64, 

65, 

66, 

67, 

68, 

69, 

70, 

71, 

72, 

73 

/ 

74, 

75, 

76, 

77, 

78, 

79 

V 

O 

00 

81, 

82, 

83, 

84, 

85, 

86, 

87, 

88, 

89 

/ 

90, 

91, 

92, 

93, 

94, 

95 

96, 

97, 

98, 

99, 

1 00, 

101  , 

1 02, 

1 03, 

1 04, 

105 

/ 

1 06, 

1 07, 

1 08, 

1 09, 

110, 

1 1 1 

112, 

113, 

1 14, 

115, 

1 16, 

1 17, 

118, 

1 19, 

120, 

121 

/ 

122, 

123, 

124, 

125, 

126, 

127 

128, 

129, 

1 30, 

131, 

132, 

133, 

134, 

135, 

1 36, 

137 

/ 

138, 

1 39, 

1 40, 

141, 

142, 

143 

1 44, 

145, 

146, 

147, 

1 48, 

1 49, 

150, 

151, 

152, 

153 

/ 

154, 

155, 

156, 

157, 

158, 

1 59 

1 60, 

161, 

162, 

1 63, 

164, 

165, 

166, 

167, 

168, 

1 69 

/ 

1 70, 

171  , 

172, 

173, 

174, 

175 

1 76, 

177, 

1 78, 

1 79, 

180, 

181, 

182, 

183, 

1 84, 

185 

f 

1 86, 

187, 

188, 

1 89, 

1 90, 

191 

1 92, 

1 93, 

1 94, 

195, 

1 96, 

1 97, 

198, 

1 99, 

200, 

201 

/ 

202, 

203, 

204, 

205, 

206, 

207 

208, 

209, 

210, 

211, 

212, 

123, 

214, 

215, 

216, 

217 

/ 

218, 

219, 

220, 

221  , 

222, 

223 

224, 

22  5 , 

226, 

227, 

228, 

229, 

230, 

231, 

232, 

233 

/ 

234, 

235  , 

236, 

237, 

238, 

239 

240, 

\ . 

241, 

242, 

243, 

244, 

245  , 

246, 

247, 

248, 

249 

/ 

250, 

251, 

252, 

2 53, 

254, 

255 

J f 

/*  * I N D E N T 

-ON* 

*/ 

/ * Convers 

ion  table 

from 

' l a t i 

n 1 ' 

charset  to 

'cp850'  charset 

* Generated  mechan 

i c a l l y 

by  GNU  recode 

3.4. 

Tv 

★ The  recoding 

j.  / 

should  be 

reve 

r s i b l e . 

A / 

s t a t i 

c u n s 

i g n e d 

c h a 

r const  lat 

i n 1 _ 

to_cp850E256] 

= 

o. 

1, 

2, 

3, 

4, 

5, 

6, 

7, 

/ * 

0 

7 

*/ 

8, 

9, 

10, 

11, 

12, 

13, 

14, 

15, 

/ * 

8 

- 1 5 

*/ 

16, 

17, 

18, 

19, 

20, 

21, 

22, 

23, 

/* 

1 6 

- 23 

*/ 

24, 

25, 

26, 

27, 

28, 

29, 

30, 

31, 

/* 

24 

- 31 

*/ 

32, 

33, 

34, 

35, 

36, 

37, 

38, 

39, 

/* 

32 

- 39 

*/ 

40, 

41, 

42, 

43, 

44, 

45, 

46, 

47, 

/* 

40 

- 47 

* / 

48, 

49, 

50, 

51, 

52, 

53, 

54, 

55, 

/* 

48 

- 55 

* / 

56, 

57, 

58, 

59, 

60, 

61, 

62, 

63, 

/* 

56 

- 63 

*/ 

64, 

65, 

66, 

67, 

68, 

69, 

70, 

71, 

/ * 

64 

- 71 

*/ 

72, 

73, 

74, 

75, 

76, 

77, 

78, 

79, 

/ * 

72 

- 79 

*/ 

610 


lib/ pgp/helper/ charmap.c 


80, 

81, 

82, 

83, 

84, 

85, 

86, 

87, 

/* 

80 

- 

87 

*/ 

88, 

89, 

90, 

91, 

92, 

93, 

94, 

95, 

/ * 

88 

- 

95 

*/ 

96, 

97, 

98, 

99, 

1 00, 

101  , 

102, 

103, 

/* 

96 

- 

1 03 

*/ 

104, 

105, 

1 06, 

1 07, 

108, 

1 09, 

110, 

111, 

/ * 

1 04 

- 

1 1 1 

*/ 

112, 

1 13, 

114, 

115, 

1 16, 

117, 

118, 

119, 

/ * 

1 1 2 

- 

1 1 9 

* / 

120, 

121, 

122, 

123, 

124, 

125, 

126, 

127, 

/* 

120 

- 

127 

* / 

195, 

179, 

218, 

200, 

1 86, 

203, 

213, 

204, 

/* 

128 

- 

135 

*/ 

219, 

217, 

2 54, 

1 80, 

238, 

178, 

1 96, 

1 97, 

/* 

1 36 

- 

1 43 

* / 

201  , 

230, 

202, 

1 94, 

247, 

242, 

185, 

191, 

/ * 

1 44 

- 

1 51 

*/ 

223, 

205  , 

220, 

176, 

2 50, 

177, 

206, 

159, 

/* 

152 

- 

1 59 

*/ 

2 5 5 , 

1 73, 

1 89, 

156, 

207, 

190, 

221  , 

245  , 

/* 

1 60 

- 

1 67 

*/ 

249, 

1 84, 

1 66, 

174, 

1 70, 

240, 

1 69, 

1 87, 

/ * 

168 

- 

175 

*/ 

248, 

241, 

253, 

2 5 2 , 

239, 

193, 

244, 

1 92, 

/* 

1 76 

- 

1 83 

*/ 

188, 

251  , 

167, 

175, 

172, 

171, 

243, 

168, 

/ * 

184 

- 

191 

*/ 

183, 

181, 

182, 

1 99, 

142, 

143, 

1 46, 

128, 

/* 

1 92 

- 

1 99 

*/ 

212, 

1 44, 

210, 

211, 

222  , 

214, 

215, 

216, 

/* 

200 

- 

207 

*/ 

209, 

165, 

227, 

224, 

226, 

229, 

153, 

158, 

/* 

208 

- 

215 

* / 

157, 

235  , 

233, 

234, 

154, 

237, 

231  , 

22  5 , 

/ * 

216 

- 

223 

*/ 

133, 

160, 

131  , 

1 98, 

132, 

134, 

145, 

135, 

/* 

224 

- 

231 

*/ 

138, 

1 30, 

1 36, 

137, 

141  , 

161  , 

140, 

1 39, 

/ * 

232 

- 

239 

*/ 

208, 

164, 

1 49, 

162, 

147, 

228, 

1 48, 

246, 

/* 

240 

- 

247 

*/ 

155, 

151, 

163, 

1 50, 

129, 

236, 

232  , 

152 

/* 

248 

- 

255 

* / 

>; 


Conversion 

table 

from 

' c p8  5 0 ' 

charset  to  'latinl 

' charset. 

Generated 

mechanically  by 

GNU 

recode 

3.4. 

The  recodi 

ng  should  be  reversible. 

tic  unsigned  char  const  cp850_ 

t o_l atin1C256] 

= 

o. 

1, 

2, 

3, 

4, 

5 , 

6, 

7, 

/* 

0 

- 

7 

*/ 

8, 

9, 

10, 

11, 

12, 

13, 

14, 

15, 

/ * 

8 

- 

1 5 

* / 

16, 

17, 

18, 

19, 

20, 

21  , 

22, 

23, 

/* 

1 6 

- 

23 

* / 

24, 

25, 

26, 

27, 

28, 

29, 

30, 

31  , 

/ * 

24 

- 

31 

* / 

32, 

33, 

34, 

35, 

36, 

37, 

38, 

39, 

/* 

32 

- 

39 

* / 

40, 

41, 

42, 

43, 

44, 

45, 

46, 

47, 

/* 

40 

- 

47 

*/ 

48, 

49, 

50, 

51, 

52, 

53, 

54, 

55, 

/ * 

48 

55 

*/ 

56, 

57, 

58, 

59, 

60, 

61, 

62, 

63, 

/ * 

56 

- 

63 

*/ 

64, 

65, 

66, 

67, 

68, 

69, 

70, 

71, 

/* 

64 

- 

71 

*/ 

V 

C\J 

h- 

73, 

74, 

75, 

76, 

77, 

78, 

79, 

/ * 

72 

- 

79 

* / 

V 

o 

OO 

81, 

82, 

83, 

84, 

85, 

86, 

87, 

/* 

80 

- 

87 

*/ 

88, 

89, 

90, 

91, 

92, 

93, 

94, 

95, 

/ * 

88 

- 

95 

*/ 

96, 

97, 

98, 

99, 

1 00, 

101, 

102, 

1 03, 

/* 

96 

- 

1 03 

*/ 

104, 

105, 

1 06, 

1 07, 

108, 

1 09, 

1 10, 

111, 

/* 

1 04 

- 

1 1 1 

*/ 

112, 

113, 

114, 

115, 

1 16, 

117, 

118, 

1 19, 

/* 

1 1 2 

- 

1 1 9 

* / 

120, 

121, 

122, 

123, 

124, 

125, 

126, 

127, 

/* 

120 

- 

127 

* / 

1 99, 

2 5 2 , 

233, 

226, 

228, 

224, 

229, 

231  , 

/ * 

128 

- 

135 

*/ 

234, 

235  , 

232  , 

239, 

238, 

236, 

1 96, 

1 97, 

/ * 

136 

- 

1 43 

*/ 

201  , 

230, 

1 98, 

244, 

246, 

242, 

251, 

249, 

/ * 

1 44 

- 

1 51 

*/ 

2 5 5 , 

214, 

220, 

248, 

163, 

216, 

215, 

1 59, 

/* 

152 

- 

159 

* / 

22  5 , 

237, 

243, 

250, 

241, 

209, 

170, 

186, 

/ * 

1 60 

- 

167 

*/ 

191, 

174, 

172, 

189, 

1 88, 

161, 

171, 

187, 

/ * 

168 

- 

175 

* / 

155, 

1 57, 

141, 

129, 

1 39, 

193, 

1 94, 

192, 

/* 

176 

- 

183 

*/ 

1 69, 

1 50, 

132, 

175, 

1 84, 

162, 

165, 

151, 

/* 

1 84 

- 

191 

*/ 

183, 

181, 

147, 

128, 

142, 

1 43, 

227, 

195, 

/ * 

1 92 

- 

1 99 

* / 

131  , 

1 44, 

1 46, 

133, 

135, 

153, 

158, 

164, 

/ * 

200 

- 

207 

* / 

240, 

208, 

202, 

203, 

200, 

134, 

205  , 

206, 

/* 

208 

- 

215 

*/ 

207, 

1 37, 

1 30, 

136, 

154, 

1 66, 

204, 

152, 

/ * 

216 

- 

223 

* / 

61 1 
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211  , 

223, 

212, 

210, 

245  , 

213, 

145, 

222, 

/ * 

224  - 

231 

*/ 

254, 

218, 

219, 

217, 

253, 

221  , 

140, 

1 80, 

/ * 

232  - 

239 

* / 

1 73, 

177, 

1 49, 

1 90, 

182, 

1 67, 

247, 

1 48, 

/ * 

240  - 

247 

*/ 

1 76, 

1 68, 

156, 

00 

\ 

1 79, 

178, 

1 38, 

1 60 

/* 

248  - 

255 

*/ 

>; 

/*  Conversion  table  from  ' L a t i n 1 ' charset  to  'ebcdic'  charset. 
Generated  mechanically  by  GNU  recode  3.4. 


The  recoding  should  be  reversible. 

*/ 


static  unsigned  char  const  latinl. 

r 

_t  o_e  bcdi c C 2 5 6 T 

= 

o. 

1, 

2, 

3, 

55, 

45, 

46, 

47, 

/* 

0 

— 

7 

* / 

22, 

5, 

37, 

11, 

12, 

13, 

14, 

15, 

/* 

8 

- 

1 5 

* / 

16, 

17, 

18, 

19, 

60, 

61, 

50, 

38, 

/* 

1 6 

- 

23 

*/ 

24, 

25, 

63, 

39, 

28, 

29, 

30, 

31, 

/* 

24 

- 

31 

*/ 

64, 

79, 

127, 

123, 

91, 

1 08, 

80, 

125, 

/ * 

32 

- 

39 

*/ 

77, 

93, 

92, 

78, 

1 07, 

96, 

75, 

97, 

/ * 

40 

- 

47 

*/ 

240, 

241, 

242  , 

243, 

244, 

245, 

246, 

247, 

/* 

48 

- 

55 

* / 

248, 

249, 

122, 

94, 

76, 

126, 

110, 

111, 

/* 

56 

- 

63 

*/ 

124, 

1 93, 

1 94, 

195, 

1 96, 

197, 

1 98, 

1 99, 

/* 

64 

- 

71 

*/ 

200, 

201  , 

209, 

210, 

211, 

212, 

213, 

214, 

/ * 

72 

- 

79 

* / 

215, 

216, 

217, 

226, 

227, 

228, 

229, 

230, 

/ * 

80 

- 

87 

*/ 

231  , 

232, 

233, 

74, 

224, 

90, 

95, 

1 09, 

/* 

88 

- 

95 

* / 

121, 

129, 

1 30, 

131, 

132, 

133, 

134, 

135, 

/ * 

96 

- 

103 

*/ 

136, 

137, 

145, 

1 46, 

147, 

1 48, 

1 49, 

150, 

/ * 

1 04 

- 

1 1 1 

*/ 

151, 

152, 

153, 

162, 

163, 

164, 

165, 

1 66, 

/ * 

1 1 2 

- 

1 1 9 

* / 

167, 

168, 

1 69, 

1 92, 

106, 

208, 

161, 

7, 

/ * 

120 

- 

127 

*/ 

32, 

33, 

34, 

35, 

36, 

21, 

6, 

23, 

/* 

128 

- 

135 

* / 

40, 

41  , 

42, 

43, 

44, 

9, 

10, 

27, 

/* 

136 

- 

1 43 

*/ 

V 

00 

'■t 

49, 

26, 

51, 

52, 

53, 

54, 

8, 

/* 

144 

- 

1 51 

*/ 

56, 

57, 

58, 

59, 

4, 

20, 

62, 

22  5 , 

/* 

152 

- 

159 

*/ 

65, 

66, 

67, 

68, 

69, 

70, 

71, 

72, 

/* 

1 60 

- 

1 67 

*/ 

73, 

81, 

82, 

83, 

84, 

85, 

86, 

87, 

/* 

1 68 

- 

175 

*/ 

00 

00 

\ 

89, 

98, 

99, 

100, 

101, 

102, 

103, 

/ * 

1 76 

- 

183 

*/ 

1 04, 

105, 

112, 

113, 

114, 

115, 

116, 

1 17, 

/* 

1 84 

- 

191 

* / 

118, 

119, 

120, 

128, 

138, 

139, 

1 40, 

141, 

/ * 

1 92 

- 

1 99 

* / 

142, 

143, 

1 44, 

154, 

155, 

156, 

157, 

158, 

/* 

200 

- 

207 

*/ 

159, 

1 60, 

170, 

171, 

172, 

173, 

174, 

175, 

/ * 

208 

- 

215 

*/ 

176, 

177, 

1 78, 

1 79, 

180, 

181, 

182, 

183, 

/* 

216 

- 

223 

*/ 

1 84, 

185, 

186, 

1 87, 

1 88, 

1 89, 

1 90, 

191, 

/* 

224 

- 

231 

*/ 

202  , 

203, 

204, 

205  , 

206, 

207, 

218, 

219, 

/* 

232 

- 

239 

*/ 

220, 

221  , 

222, 

223, 

234, 

235, 

236, 

237, 

/* 

240 

- 

247 

*/ 

238, 

239, 

250, 

251, 

252, 

253, 

254, 

2 5 5 , 

/ * 

248 

- 

255 

* / 

> ; 


/*  Conversion  table  from  'ebcdic'  charset  to  ’ l a t i n 1 ' charset. 
Generated  mechanically  by  GNU  recode  3.4. 

The  recoding  should  be  reversible. 

*/ 

static  unsigned  char  const  e b c d i c_t o_l a t i n 1 [ 2 5 6 D = 
i 


o. 

1, 

2, 

3, 

156, 

9, 

134, 

127, 

/ * 

0 - 

7 

*/ 

151, 

141, 

142, 

11, 

12, 

13, 

14, 

15, 

/ * 

8 - 

1 5 

*/ 

16, 

17, 

18, 

19, 

157, 

133, 

8, 

135, 

/* 

16  - 

23 

* / 

612 
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24, 

25, 

1 46, 

143, 

28, 

29, 

30, 

31, 

/* 

24 

- 

31 

*/ 

128, 

129, 

1 30, 

131  , 

132, 

10, 

23, 

27, 

/* 

32 

- 

39 

*/ 

136, 

137, 

1 38, 

1 39, 

1 40, 

5, 

6, 

7, 

/* 

40 

- 

47 

*/ 

1 44, 

145, 

22, 

147, 

1 48, 

1 49, 

1 50, 

4, 

/ * 

48 

- 

55 

*/ 

152, 

153, 

154, 

155, 

20, 

21, 

158, 

26, 

/* 

56 

- 

63 

*/ 

32, 

1 60, 

161, 

162, 

163, 

164, 

165, 

1 66, 

/ * 

64 

- 

71 

*/ 

167, 

1 68, 

91, 

46, 

60, 

40, 

43, 

33, 

/ * 

72 

- 

79 

*/ 

38, 

1 69, 

1 70, 

171, 

172, 

1 73, 

174, 

175, 

/ * 

80 

- 

87 

* / 

1 76, 

177, 

93, 

36, 

42, 

41, 

59, 

94, 

/* 

88 

- 

95 

*/ 

45, 

47, 

178, 

1 79, 

1 80, 

181, 

182, 

183, 

/ * 

96 

- 

1 03 

*/ 

1 84, 

185, 

124, 

44, 

37, 

95, 

62, 

63, 

/ * 

1 04 

- 

1 1 1 

* / 

1 86, 

187, 

188, 

1 89, 

1 90, 

191  , 

192, 

1 93, 

/* 

1 1 2 

- 

1 1 9 

* / 

1 94, 

96, 

58, 

35, 

64, 

39, 

61, 

34, 

/* 

120 

- 

127 

* / 

195, 

97, 

98, 

99, 

1 00, 

101  , 

1 02, 

1 03, 

/ * 

128 

- 

135 

*/ 

1 04, 

105, 

1 96, 

1 97, 

1 98, 

199, 

200, 

201  , 

/* 

1 36 

- 

143 

* / 

202, 

1 06, 

1 07, 

108, 

1 09, 

1 10, 

111, 

112, 

/ * 

1 44 

- 

1 51 

*/ 

1 13, 

114, 

203, 

204, 

205  , 

206, 

207, 

208, 

/* 

152 

- 

1 59 

*/ 

209, 

126, 

115, 

116, 

1 17, 

118, 

1 19, 

120, 

/ * 

1 60 

- 

167 

*/ 

121, 

122, 

210, 

211, 

212, 

213, 

214, 

215, 

/ * 

1 68 

- 

175 

*/ 

216, 

217, 

218, 

219, 

220, 

221  , 

222, 

223, 

/ * 

1 76 

- 

183 

*/ 

224, 

225  , 

226, 

227, 

228, 

229, 

230, 

231, 

/* 

1 84 

- 

191 

*/ 

123, 

65, 

66, 

67, 

V 

00 

sO 

69, 

70, 

71, 

/* 

1 92 

- 

1 99 

*/ 

72, 

73, 

232, 

233, 

234, 

235  , 

236, 

237, 

/* 

200 

- 

207 

*/ 

125, 

74, 

75, 

76, 

77, 

00 

\ 

79, 

00 

o 

\ 

/* 

208 

- 

215 

*/ 

81, 

82, 

238, 

239, 

240, 

241  , 

242, 

243, 

/* 

216 

- 

223 

* / 

92, 

1 59, 

83, 

84, 

85, 

86, 

87, 

88, 

/* 

224 

- 

231 

* / 

89, 

90, 

244, 

245, 

246, 

247, 

248, 

249, 

/* 

232 

- 

239 

* / 

48, 

49, 

50, 

51, 

52, 

53, 

54, 

55, 

/* 

240 

- 

247 

*/ 

> 

56, 

f 

57, 

250, 

251, 

252  , 

253, 

254, 

2 5 5 , 

/ * 

248 

— 

255 

* / 

/* 

Crude, 

non- 

i n v e r t i b l 

e accent-d 

ropping  mapping 

f 

rom  1 

La  t 

ini 

t 0 

static  unsigned  char  const  latinl. 
r 

_t  o_a  sci i C256D 

= 

o. 

1/ 

2, 

3, 

4, 

5, 

6, 

7, 

/* 

0 

— 

7 

* / 

8, 

9, 

10, 

11, 

12, 

13, 

14, 

15, 

/* 

8 

- 

1 5 

*/ 

16, 

17, 

18, 

19, 

20, 

21, 

22, 

23, 

/* 

1 6 

- 

23 

* / 

24, 

25, 

26, 

27, 

28, 

29, 

30, 

31  , 

/ * 

24 

- 

31 

*/ 

32, 

33, 

34, 

35, 

36, 

37, 

38, 

39, 

/ * 

32 

- 

39 

*/ 

40, 

41, 

42, 

43, 

44, 

45, 

46, 

47, 

/* 

40 

- 

47 

* / 

48, 

49, 

50, 

51  , 

52, 

53, 

54, 

55, 

/* 

48 

- 

55 

* / 

56, 

57, 

58, 

59, 

60, 

61, 

62, 

63, 

/ * 

56 

- 

63 

*/ 

64, 

65, 

66, 

67, 

68, 

69, 

70, 

71, 

/* 

64 

- 

71 

*/ 

72, 

73, 

74, 

75, 

76, 

77, 

78, 

79, 

/* 

72 

- 

79 

*/ 

80, 

81, 

82, 

83, 

84, 

85, 

86, 

87, 

/ * 

80 

- 

87 

* / 

88, 

89, 

90, 

91, 

92, 

93, 

94, 

95, 

/* 

88 

- 

95 

* / 

96, 

97, 

98, 

99, 

1 00, 

101  , 

102, 

103, 

/* 

96 

- 

103 

*/ 

1 04, 

105, 

1 06, 

1 07, 

1 08, 

1 09, 

110, 

111, 

/* 

1 04 

- 

1 1 1 

* / 

112, 

113, 

1 14, 

115, 

116, 

1 17, 

118, 

1 19, 

/ * 

1 1 2 

- 

1 1 9 

*/ 

/ ★ 

★ 

120, 

121, 

122, 

123, 

124, 

125, 

126, 

127, 

/* 

120 

- 

127 

*/ 

The  high  128  characters: 

★ 

*/ 

dec 

o c t 

hex 

c h 

I S0_8859 

-1 : 1 987 

0,  /* 

128 

200 

80 

PA 

padd i ng 

character 

(pad) 

*/ 

• ? 

' , /* 

129 

201 

81 

HO 

high  octet  preset 

(hop) 

*/ 

1 ? 

' , / * 

130 

202 

82 

BH 

break  permitted  here  (bph) 

* / 

' 9 

' , /* 

131 

203 

83 

NH 

no 

break 

here  (nbh) 

*/ 

1 ? 

',  /* 

132 

204 

84 

IN 

index  (ind)  * / 
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' ? 1 

i 

/ 

/ * 

1 33 

205 

85 

NL 

next  Line  (nel)  */ 

1 ? 1 

i 

/ 

/* 

1 34 

206 

86 

SA 

start  of  selected  area  (ssa)  */ 

i 9 i 

i 

/ 

/* 

135 

207 

87 

ES 

end  of  selected  area  (esa)  */ 

' ? ' 

I 

/ 

/* 

136 

210 

88 

HS 

character  tabulation  set  (hts)  */ 

i 9 i 

i 

/ 

/* 

137 

21  1 

89 

H J 

character  tabulation  with  justification  (htj) 

i 9 i 

i 

/ 

/* 

138 

212 

8a 

VS 

line  tabulation  set  (vts)  */ 

i 9 i 

i 

/ 

/ * 

1 39 

213 

8b 

PD 

partial  line  forward  (pld)  */ 

' ? ' 

i 

/ 

/* 

140 

214 

8c 

PU 

partial  line  backward  (plu)  */ 

' ? ' 

i 

/ 

/* 

141 

215 

8d 

R I 

reverse  line  feed  (ri)  */ 

i 9 i 

i 

/ 

/* 

1 42 

216 

8 e 

S 2 

single-shift  two  (ss2)  */ 

i 9 i 

i 

/ 

/* 

143 

217 

8 f 

S3 

single-shift  three  (ss3)  */ 

' ? 

i 

/ 

/* 

1 44 

220 

90 

DC 

device  control  string  (dcs)  */ 

i 9 i 

i 

f 

/* 

145 

221 

91 

PI 

private  use  one  (pul)  */ 

' ? 

i 

/ 

/* 

146 

222 

92 

P 2 

private  use  two  (pu2)  */ 

' ? ' 

i 

/ 

/* 

1 47 

223 

93 

TS 

set  transmit  state  (sts)  */ 

1 ? ' 

/ 

/ * 

1 48 

224 

94 

CC 

cancel  character  (cch)  */ 

i 9 

I 

/ 

/* 

1 49 

225 

95 

MW 

message  waiting  (mw)  */ 

i 9 

i 

/ 

/* 

150 

226 

96 

SG 

start  of  guarded  area  (spa)  */ 

' ? 

i 

/ 

/* 

1 51 

227 

97 

EG 

end  of  guarded  area  (epa)  */ 

« ? 

i 

/ 

/* 

152 

230 

98 

SS 

start  of  string  (sos)  */ 

i 9 i 

i 

/ 

/* 

153 

231 

99 

GC 

single  graphic  character  introducer  (sgci)  */ 

' ? 

i 

/ 

/* 

154 

232 

9a 

SC 

single  character  introducer  (sci)  */ 

' ? 

i 

/ 

/* 

155 

233 

9b 

C I 

control  sequence  introducer  (csi)  */ 

' ? 

i 

/ 

/* 

1 56 

234 

9c 

ST 

string  terminator  (st)  */ 

' 9 

I 

/ 

/* 

1 57 

235 

9d 

OC 

operating  system  command  (osc)  */ 

i 9 

i 

/ 

/* 

1 58 

236 

9 e 

PM 

privacy  message  (pm)  */ 

i 9 

i 

f 

/* 

1 59 

237 

9 f 

AC 

application  program  command  (ape)  */ 

i 

i 

/ 

/* 

160 

240 

aO 

NS 

no-break  space  */ 

' ! 

i 

/ 

/ * 

161 

241 

a 1 

! I 

inverted  exclamation  mark  */ 

1 c 

i 

/ 

/ * 

1 62 

242 

a 2 

Ct 

cent  sign  */ 

■ # 

i 

/ 

/* 

163 

243 

a 3 

Pd 

pound  sign  */ 

' $ 

i 

/ 

/ * 

164 

244 

a 4 

C u 

currency  sign  */ 

' Y 

/ 

/* 

165 

245 

a 5 

Ye 

yen  sign  */ 

' 1 

i 

f 

/* 

1 66 

246 

a 6 

BB 

broken  bar  */ 

' S 1 

i 

/ 

/* 

1 67 

247 

a 7 

SE 

section  sign  */ 

1111 

i 

/ 

/ * 

168 

250 

a 8 

■ . 

diaeresis  */ 

' C 1 

i 

/ 

/* 

1 69 

251 

a 9 

C o 

copyright  sign  */ 

' a 1 

i 

/ 

/ * 

1 70 

252 

a a 

-a 

feminine  ordinal  indicator  */ 

' < 1 

i 

/ 

/ * 

171 

253 

a b 

<< 

l e f t -po i n t i ng  double  angle  quotation  mark  */ 

1 ~ 1 

f 

/* 

172 

254 

a c 

NO 

not  sign  */ 

l _ l 

f 

/ * 

173 

255 

a d 

-- 

soft  hyphen  */ 

' R 1 

f 

/* 

1 74 

256 

a e 

Rg 

registered  sign  */ 

1 1 

f 

/* 

175 

257 

a f 

i _ 

overline  */ 

' o ' 

/ 

/* 

1 76 

260 

bO 

DG 

degree  sign  */ 

i o i 

/ 

/ * 

1 77 

261 

b 1 

+ - 

plus-minus  sign  */ 

' 2 ' 

/ 

/ * 

178 

262 

b2 

2 S 

superscript  two  */ 

1 3 ' 

/ 

/* 

1 79 

263 

b 3 

3 S 

superscript  three  */ 

\ ' ' 

/ 

/ * 

1 80 

264 

b4 

1 1 

acute  accent  */ 

' u 1 

/ 

/* 

181 

265 

b 5 

My 

micro  sign  */ 

' P ' 

/ 

/* 

182 

266 

b6 

PI 

pilcrow  sign  */ 

1 1 

/ 

/ * 

183 

267 

b 7 

. M 

middle  dot  */ 

1 1 
/ 

/ 

/* 

1 84 

270 

b8 

1 

f 

cedilla  * / 

' 1 ' 

f 

/ * 

185 

271 

b9 

1 S 

superscript  one  */ 

' 0 ' 

/ 

/* 

186 

272 

ba 

-o 

masculine  ordinal  indicator  */ 

' > ' 

/ 

/ * 

187 

273 

bb 

> > 

r i g h t -po i n t i n g double  angle  quotation  mark  */ 

1 ? ' 

f 

/ * 

188 

274 

b c 

1 4 

vulgar  fraction  one  quarter  */ 

i 9 i 

f 

/ * 

189 

275 

bd 

1 2 

vulgar  fraction  one  half  */ 

' ? ' 

/ 

/ * 

1 90 

276 

b e 

34 

vulgar  fraction  three  quarters  */ 

' ? ' 

/ 

/* 

191 

277 

bf 

? I 

inverted  question  mark  */ 
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' A 

/ 

/ * 

1 92 

300 

cO 

A ! 

L a t i 

n 

capital 

letter 

a with  grave  * / 

’ A 

/ 

/ * 

193 

301 

cl 

A ' 

l a t i 

n 

capital 

letter 

a with  acute  * / 

1 A 

/ 

/* 

1 94 

302 

c 2 

A > 

L a t i 

n 

capital 

letter 

a with  ci rcuml  lex  */ 

1 A 

/ 

/ * 

195 

303 

c 3 

A? 

L a t i 

n 

capital 

letter 

a with  tilde  * / 

' A 

/ 

/* 

1 96 

304 

c 4 

A : 

l a t i 

n 

capital 

letter 

a with  diaeresis  * / 

' A 

/ 

/* 

1 97 

305 

c 5 

AA 

L a t i 

n 

capital 

letter 

a with  ring  above  * / 

' E 

/ 

/* 

1 98 

306 

c 6 

AE 

L a t i 

n 

capital 

letter 

a e * / 

' C 

/ 

/* 

1 99 

307 

c 7 

c. 

L a t i 

n 

capital 

letter 

c w i 

th  cedilla  */ 

' E 

/ 

/ * 

200 

310 

c 8 

E ! 

l a t i 

n 

capital 

letter 

e with  grave  * / 

' E 

/ 

/ * 

201 

31  1 

c 9 

E ' 

l a t i 

n 

capital 

letter 

e w i 

th  acute  */ 

' E 

/ 

/* 

202 

312 

c a 

E > 

L a t i 

n 

capital 

letter 

e w i 

th  circumllex  * / 

' E 

/ 

/* 

203 

313 

c b 

E : 

L a t i 

n 

capital 

letter 

e w i 

th  diaeresis  */ 

' I 

/ 

/* 

204 

314 

c c 

I ! 

L a t i 

n 

capital 

letter 

i w i 

th  grave  * / 

' I 

/ 

/* 

205 

315 

c d 

I 1 

l a t i 

n 

capital 

letter 

i with  acute  * / 

' I 

f 

/ * 

206 

316 

c e 

I> 

l a t i 

n 

capital 

letter 

i with  circumllex  * / 

' I 

/ 

/ * 

207 

317 

c f 

I : 

l a t i 

n 

capital 

letter 

i with  diaeresis  * / 

' D 

/ 

/* 

208 

320 

dO 

D- 

l a t i 

n 

capital 

letter 

eth 

(icelandic)  */ 

' N 

/ 

/ * 

209 

321 

d 1 

N? 

L a t i 

n 

capital 

letter 

n with  tilde  * / 

' 0 

/ 

/ * 

210 

322 

d 2 

0 ! 

L a t i 

n 

capital 

letter 

o with  grave  * / 

' 0 

/ 

/* 

21  1 

323 

d 3 

0 ' 

L a t i 

n 

capital 

letter 

o w i 

th  acute  * / 

' 0 

/ 

/ * 

212 

324 

d4 

0> 

l a t i 

n 

capital 

letter 

o with  circumllex  * / 

1 0 

/ 

/ * 

213 

325 

d 5 

0? 

l a t i 

n 

capital 

letter 

o w i 

t h tilde  * / 

' 0 

/ 

/ * 

214 

326 

d 6 

0 : 

l a t i 

n 

capital 

letter 

o w i 

th  diaeresis  * / 

1 X 

f 

/* 

215 

327 

d7 

* X 

multiplication 

sign 

/ 

' 0 

/ 

/* 

216 

330 

d 8 

0/ 

l a t i 

n 

capital 

letter 

o w i 

th  stroke  * / 

' u 

/ 

/ * 

217 

331 

d9 

U ! 

l a t i 

n 

capital 

letter 

u with  grave  * / 

' u 

f 

/ * 

218 

332 

d a 

U ' 

l a t i 

n 

capital 

letter 

u w i 

th  acute  * / 

' u 

/ 

/* 

219 

333 

d b 

U> 

l a t i 

n 

capital 

letter 

u with  circumllex  * / 

■ u 

/ 

/* 

220 

334 

d c 

U : 

l a t i 

n 

capital 

letter 

u with  diaeresis  * / 

' Y 

f 

/* 

221 

335 

dd 

Y ' 

l a t i 

n 

capital 

letter 

y with  acute  * / 

' T 

/ 

/ * 

222 

336 

d e 

TH 

l a t i 

n 

capital 

letter 

thorn  (icelandic)  */ 

' s 

f 

/ * 

223 

337 

df 

s s 

l a t i 

n 

small 

letter  sharp 

s (german)  */ 

' a 

/ 

/ * 

224 

340 

eO 

a ! 

l a t i 

n 

small 

letter  a 

with 

grave  * / 

' a 

/ 

/* 

225 

341 

el 

a 1 

l a t i 

n 

small 

letter  a 

with 

acute  * / 

' a 

/ 

/ * 

226 

342 

e 2 

a > 

l a t i 

n 

small 

letter  a 

with 

circumllex  */ 

1 a 

/ 

/ * 

227 

343 

e 3 

a? 

l a t i 

n 

small 

letter  a 

with 

tilde  * / 

' a 

/ 

/* 

228 

344 

e 4 

a : 

l a t i 

n 

small 

letter  a 

with 

diaeresis  */ 

' a 

/ 

/* 

229 

345 

e 5 

a a 

l a t i 

n 

small 

letter  a 

with 

ring  above  * / 

' e 

/ 

/* 

230 

346 

e 6 

a e 

l a t i 

n 

small 

letter  a e 

*/ 

' e 

f 

/* 

231 

347 

e 7 

c, 

l a t i 

n 

small 

letter  c 

with 

cedilla  * / 

' e 

/ 

/* 

232 

350 

e 8 

e ! 

l a t i 

n 

small 

letter  e 

with 

grave  * / 

1 e 

f 

/* 

233 

351 

e 9 

e ' 

l a t i 

n 

small 

letter  e 

with 

acute  * / 

' e 

f 

/* 

234 

352 

e a 

e > 

l a t i 

n 

small 

letter  e 

with 

circumllex  */ 

' e 

f 

/* 

235 

353 

e b 

e : 

l a t i 

n 

small 

letter  e 

with 

diaeresis  */ 

' i 

f 

/* 

236 

354 

e c 

i ! 

1 a t i 

n 

small 

letter  i 

with 

grave  * / 

' i 

/ 

/* 

237 

355 

e d 

i ' 

l a t i 

n 

small 

letter  i 

with 

acute  * / 

1 i 

f 

/* 

238 

356 

e e 

i > 

l a t i 

n 

small 

letter  i 

with 

circumllex  * / 

1 i 

/ 

/* 

239 

357 

e 1 

i : 

l a t i 

n 

small 

tetter  i 

with 

diaeresis  */ 

' d 

f 

/* 

240 

360 

f 0 

d- 

l a t i 

n 

small 

letter  eth  (i 

celandic)  * / 

' n 

f 

/* 

241 

361 

f 1 

n? 

l a t i 

n 

small 

letter  n 

with 

tilde  * / 

1 0 

f 

/* 

242 

362 

f 2 

o ! 

l a t i 

n 

small 

letter  o 

with 

grave  * / 

1 0 

f 

/* 

243 

363 

f 3 

o 1 

l a t i 

n 

small 

letter  o 

with 

acute  * / 

' 0 

/ 

/* 

244 

364 

f 4 

o> 

Latin 

small 

letter  o 

with 

circumllex  */ 

1 o 

f 

/ * 

245 

365 

f 5 

0? 

l a t i 

n 

small 

letter  o 

with 

tilde  * / 

' 0 

/ 

/ * 

246 

366 

16 

o : 

l a t i 

n 

small 

letter  o 

with 

diaeresis  */ 

' / 

/ 

/* 

247 

367 

17 

- : 

d i v i 

s i 

on  sign 

*/ 

' 0 

f 

/ * 

248 

370 

18 

o / 

Latin 

small 

letter  o 

with 

stroke  * / 

' u 

/ 

/* 

249 

371 

19 

u ! 

l a t i 

n 

small 

letter  u 

with 

grave  * / 

' u 

f 

/* 

250 

372 

1 a 

u ' 

l a t i 

n 

small 

letter  u 

with 

acute  * / 
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>; 


u ' , / * 

251 

373 

f b 

u > 

Latin 

small 

letter 

u 

with 

circumflex  * / 

u ' , / * 

252 

374 

f c 

u : 

Latin 

small 

letter 

u 

with 

diaeresis  * / 

t ' , /* 

253 

375 

f d 

Y ' 

Latin 

small 

letter 

y 

with 

acute  * / 

t 1 , / * 

254 

376 

f e 

t h 

Latin 

small 

letter 

thorn 

(icelandic)  * / 

y ' / * 

255 

377 

f f 

y : 

Latin 

small 

letter 

y 

with 

diaeresis  */ 

C h a r a 

cters 

not 

recogni zed 

(mapped 

to  ' 

' ) : 

- Control  characters  129- 

1 59 

- Plus-minus  (Mapping 

t 0 

either  + 

or  - 

could  be 

*very*  misleading!) 

- Fractions 

1/4 

, 1/2, 

3/4 

D i f f erences 

from  PGP  2 

. x ' 

s e n c od i 

ng  : 

- 128 

(pad) 

i s 

mapped 

t 0 

0 (nul). 

the  usual  pad 

character 

- < < 

and  >> 

are 

mapped 

t 0 

' < ' and 

' > ' i 

n s t e a d 

0 f 

1 M | 

and  ' " ' 

- Pilcrow  (paragraph  symbol)  is  mapped 

to  ' P ' 

rather 

than  ' - 1 

- AE 

and  a e 

are 

mapped 

t 0 

' E ' and 

'e'  rather  than  'A' 

and  'a',  based 

/ * 

* 

* 

* 

* 

* 

* 

* 

* 

* 

* 

* 

* / 

/*  *INDENT-ON*  */ 


o n 


english  conventions  like  encyclopaedia  ->  encyclopedia 


/ * Charset  tables  * / 
static  struct  ConfMapping  ( 
char  const  * n a m e ; 


unsigned 

char 

const  *toLatin1,  *toLocal 

> 

confMappi ngsC] 

= ( 

{ 

"noconv". 

charMapIdenti ty. 

{ 

"ascii 

1 1 

/ 

charMapIdenti ty. 

< 

" cp850 

f 

c p8  5 0_t  o_l a t i n 1 , 

{ 

" e b c d i 

c". 

ebcdi c_to_latin1 , 

> ; 

{ 

(char 

const 

*)0,  0,  0 > 

charMapIdentity  > , 
l a t i n 1 _t  o_a  s c i i > , 
l a t i n 1 _t o_c p8 5 0 >, 
l a t i n 1 _t o_e b c d i c >, 


/*  C a s e- i n s e n s i t i v e memory  compare  */ 
static  int 

xmemicmp  (char  const  *in1,  char  const  *in2,  int  len) 
{ 

while  (len--)  { 

if  ( t o l owe r ( * i n 1 ) !=  t o l owe r ( * i n2 ) ) 

return  1 ; 

i n 1 + + ; 
i n 2 + + ; 

> 

return  0; 

> 


int 

pgpCharmaps 

{ 

i n t 


(char  const  *charset,  int  set  len, 
byte  const  **toLocalP,  byte  const  **toLatin1P) 

i ; 


if  (!  charset  ||  itoLocalP  ||  itoLatinIP) 
return  PGPERR_BADPARAM; 


for  ( i = 0 ; confMappingsCiD.name;  i + + ) { 

if  ( ( s i z e_t ) s e t l e n !=  strlen  (conf Mappi ngsli ] .name)  || 
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xmemicmp  (charset,  c o n f Ma pp i ng s C i ] . n a me , setlen)  !=  0) 
continue; 


*tol_ocalP  = confMappingsCiH.toLocal; 
*tol_atin1P  = confMappingsCiJ.toLatinl; 
return  PGPERR_0K; 

> 

return  PG P E R R_C H A RM A P_U N KN 0 WN ; 


void 

pgpCharmapConvert 


(byte 

byte 


> 


while  (inlen--) 
output  C 


const  *input,  si ze_t  inlen,  byte  *output, 
const  *charmap) 

nlenl  = charmapCinputCinlenUD; 
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charmap.h 

/ * 

* Charmap.h 

* 

* Mapping  tables  between  different  character  sets. 

* 

* $ I d : charmap.h,v  1.6  1 996/  1 1 /1  2 02:1  7:33  mhw  Exp  $ 

* / 

# i f n d e f P G P_C H A R M A P_H 
# d e f i n e PGP  CHARMAP  H 


^include  " p g p / u s u a l s . h " 
struct  PgpEnv; 

/ * The  identity  charmap;  maps  all  characters  onto  themselves  * / 
extern  unsigned  char  const  charMapIdentityE256H; 


/* 

★ 

F i 

l l s 

in  the 

* 

o r 

returns  a 

* 

i n v a l i 

d . 

*/ 

int  pgpCharmaps 


charmaps  associated  with  the  charset  and  returns  0 
PGP  error  if  the  set  isn't  found  or  a paramter  is 


(char  const  *charset,  int  set  len, 
byte  const  **toLocal,  byte  const  **tol_atin1); 


/ * 

* Converts  a string  from  one  charset  to  another  using  the  input 

* charmap.  The  input,  of  size  inlen,  is  converted  through  the  map 

* and  put  into  output. 

* / 

void  pgpCharmapConvert  (byte  const  *input,  si ze_t  inlen,  byte  *output, 

byte  const  *charmap) ; 


/*  Two  macros  to  convert  strings  between  the  local  and  latinl  charsets  */ 
# d e f i n e P G P_C 0 N V E R T_T 0_L 0 C A L ( i n , l e n , o u t , e n v ) \ 

pgpCharmapConvert  (in,  len,out,\ 

pgpenvGetPoi nter  (env,  P G P E N V_C H A R M A P T 0 LO C A L , N U L L ) ) 


#define  P G P_C 0 N V E R T_T 0_L A T I N 1 ( i n , l e n , o u t , e n v ) \ 
pgpCharmapConvert  ( in,  len,out,\ 

pgpenvGetPoi nter  (env,  PG P E N V_C H A RM A PTO L AT  I N 1 , N U L L ) ) 


#end  i f /*  PGP  C H A R M A P_H  */ 
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fifo.c 

/* 

* fifo.c  --  This  is  just  an  abstraction  on  top  of  the  bytefifo. 

* Yes,  I am  forcing  the  issue.  I don't  care,  since  the  bytefifo 

* is  going  to  be  there  anyways,  so  I might  as  well  put  this  code 

* here. 

* 

* $ I d : fifo.c, v 1.9  1 996/1  1 /1  2 02:1  7:33  mhw  Exp  $ 

* / 

flifdef  H A V E_C  0 N F I G_H 

# i nc  l ude  "config.h" 

# e nd i f 

^include  "bytefifo. h" 

#include  "fifo.h" 

struct  PgpFifoDesc  const  pg pB y t e F i f o D e s c = f 
"Byte  Fifo", 
byteFi foCreate, 
byteFi foRead, 
byteFifoWrite, 
byteFi foPeek, 
byteFi foSeek, 
byteFifoFLush, 
byteFi foDestroy, 
byteFi  foSize 

>; 
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fifo.h 


/ * 

* fifo.h  --  A general  interface  to  a First-In  First-Out  system  used 

* by  PGP.  There  can  be  many  FIFO  implementations,  and  this  is  the 

* interface  that  each  must  support. 

* 

* $ I d : fifo.h, v 1.9  1 996/1  1 /1  2 02:1  7:34  mhw  Exp  $ 

*/ 

//ifndef  PGP_FIF0_H 
//define  PGP  FIFO  H 


//include  " pg  p / u s u a l s . h " 
struct  PgpFifoContext; 

//ifndef  T Y P E_P  G P F I F 0 C 0 N T E X T 
//define  T Y P E_P  G P F I F 0 C 0 N T E X T 1 
typedef  struct  PgpFifoContext 
//  e n d i f 


PgpFi foContext; 


struct  PgpFifoDesc  C 

char  const  * n a m e ; 

struct  PgpFifoContext  * (*create)  (void); 

si ze_t  (*read)  (struct  PgpFifoContext  *fifo,  byte  *buf,  si ze_t  len); 
si ze_t  (*write)  (struct  PgpFifoContext  *fifo,  byte  const  *buf, 

s i z e_t  l e n ) ; 

byte  const  * ( * p e e k ) (struct  PgpFifoContext  * f i f o , unsigned  * l e n ) ; 

void  (*seek)  (struct  PgpFifoContext  * f i f o , unsigned  len); 

void  (*flush)  (struct  PgpFifoContext  * f i f o ) ; 
void  (*destroy)  (struct  PgpFifoContext  *fifo); 

unsigned  long  (*si ze)  (struct  PgpFifoContext  const  * f i f o ) ; 

>/ 

//ifndef  T Y P E_P  G P F I F 0 D E S C 

//define  T Y P E_P  G P F I F 0 D E S C 1 

typedef  struct  PgpFifoDesc  PgpFifoDesc; 

# e n d i f 


n e 

pgpFi 

n e 

pgpFi 

n e 

pgpFi 

n e 

pgpFi 

n e 

pgpFi 

n e 

pgpFi 

n e 

pgpFi 

n e 

pgpFi 

n s 

truct 

foCreate(fd)  ( f d ) -> c rea t e ( ) 
foRead(fd,f,b,l)  (fd)->read(f,b,l) 
foWrite(fd,f,b,l)  (fd)->write(f,b,l) 
f o Pe e k ( f d , f , l ) ( f d ) ->pee k ( f , l ) 

f o S e e k ( f d , f , l ) ( f d ) -> s e e k ( f , l ) 

foFlush(fd,f)  (fd)->flush(f) 
f oDes t roy ( f d,  f ) ( f d ) - > d e s t r o y ( f ) 

foSize(fd,f)  ( f d ) -> s i z e ( f ) 


PgpFifoDesc  const 
extern  struct  PgpFifoDesc  const 
extern  struct  PgpFifoDesc  const 


pgpByteFi foDesc; 
pgpFi LeFifoDesc; 
pgpFlexFifoDesc; 


#e ndif  /*  PGP  FIFO  H */ 
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filefifo.< 


/* 

* 

ie 

* 

* 

* 

ie 

* 

* 

ie 

* / 


fi lefifo.c 
Use  a disk  file 


as  a f i f o 


File  grows 
to  the  beginning. 
So  file  size  will 
the  previous  time 


indefinitely  until  fifo  empties,  at  which 
(File  never  shrinks  though.) 
be  the  maximum  of  the  number  of 
the  fifo  was  empty. 


pointers  reset 
bytes  written  since 


$ I d : fi  lefifo.c, v 1.7  1 996/1  1 /1  2 02:17:34  mhw  Exp  $ 


//  i f d e f H A V E_C  0 N F I G_H 
//include  "config.h" 
//end  i f 

//include  <assert  . h> 


# i nc l ude 

<stdio.h> 

/* 

For 

BUFSIZ  * 

# i f d e f H A V E_U  NIST  D_H 

//include 

<unistd.h> 

/* 

For 

u n l i n k ( ) 

tf  e nd  i f 

//include 

"pgp/cfb.h" 

ft  i n c l u d e 

"pgp/cipher.h" 

//include 

"pgp/f i f o . h" 

//include 

"pgp/pgpmem.h" 

# i nc lude 

"pgp/usua Is . h" 

//include 

"pgp/pgper r . h" 

# i n c l u d e 

" pgp/ random . h " 

/ * 

* putoff 

is  offset  in 

file 

where 

next 

* getoff 

is  offset  in 

file 

where 

next 

* pe e k o f f -g e t o f f is  U 

bytes  i 

n bu  f we 

★ / 

written  byte  will  go 
read  byte  will  come  from 
have  read  and  decrypted 


struct 


PgpFifoContext  C 
FILE  * f ; 
byte  * bu  f ; 

unsigned  long  putoff,  getoff,  peekoff; 
struct  PgpCfbContext  *,  r d c f b , * w r c f b ; 


> ; 


static  void 

f i l e F i f o F l u s h ( s t r u c t PgpFifoContext  *fifo) 

{ 

fifo->putoff  = 0; 
fifo->getoff  = 0; 
fifo->peekoff  = 0; 

} 

static  unsigned  long 

f i l e F i f o S i z e ( s t r u c t PgpFifoContext  const  *fifo) 

C 

return  (unsigned  long)(fifo->putoff  - fifo->getoff); 

> 


static  void 
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f i l e F i f o F r e e C f b s ( s t r u c t Pg p F i f o C on t e x t *fifo) 

{ 

pgpCfbDestroy(fifo->rdcfb); 

pgpCfbDestroy(fifo->wrcfb); 

> 

/*  Return  negative  on  error,  0 on  success  */ 
static  i n t 

f i L e F i f o I n i t C f b s ( s t r u c t P g p F i f o C o n t e x t * f i f o ) 

{ 

struct  PgpRandomContext  * r c ; 
struct  PgpCipher  const  * c i p h e r ; 
unsigned  cfbkeysize; 
byte  *cfbkey; 

byte  cf bi v C P G P_C F B_M A X B L 0 C K S I Z E ] ; 

/ * XXX  Interface  doesn't  provide  env  to  choose  dflt  cipher  * / 
cipher  = pgpCipherByNumber(l); 
if  (Icipher)  C 

return  P G P E R R_G E N E R I C ; 

> 

cfbkeysize  = cipher->keysize; 
cfbkey  = pgpMemAlloc(cfbkeysize); 
if  ( ! c f b key ) i 

return  P G P E R R_G E N E R I C ; 

> 

re  = pgpRandomCreateO; 
assert(rc); 

pgpRandomGetBytesfrc,  cfbkey,  cfbkeysize); 
pgpRandomGetBytesCrc,  cfbiv,  sizeof(cfbiv)); 
fifo->rdcfb  = pgpCfbCreate(cipher); 
pgpCfbInit(fifo->rdcfb,  cfbkey,  cfbiv); 
memsetCcfbkey,  0,  cfbkeysize); 
mem s e t ( c f b i v , 0,  s i z e o f ( c f b i v ) ) ; 
pgpMemFree(cfbkey); 

fifo->wrcfb  = pg p C f b C o py ( f i f o-> r d c f b ) ; 
if  (!fifo->wrcfb)  f 

fi LeFifoFreeCfbs(fifo); 
return  P G P E R R_G E N E R I C ; 

> 

return  0; 

> 

static  struct  Pg p F i f o C on t e x t * 
fi  LeFifoCreateC) 

{ 

struct  PgpFifoContext  * f i f o ; 

fifo  = (struct  PgpFifoContext  *)pgpMemALLoc(sizeof(*fifo)); 
if  ( ! f i f o ) 

return  NULL; 

fifo->buf  = (byte  *)pgpMemAlloc(BUFSIZ); 
if  ( ! f i f o->  bu  f ) C 

pgpMemFree(fi fo); 
return  NULL; 

> 

if  ( f i L e F i f o I n i t C f b s ( f i f o ) < 0)  C 
pgpMemFree(fi fo->buf); 
pgpMemFree(fi fo); 
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return  NULL; 

> 

f i f o - > f = tmpfileC); 
if  ( ! f i f o->f  ) t 

fi LeFifoFreeCfbsCfifo); 
pgpMemFreeCfi fo->buf); 
pgpMemFreeCfi fo); 
return  NULL; 

> 

fifo->putoff  = 0; 
fifo->getoff  = 0; 
fifo->peekoff  = 0 ; 

return  f i f o ; 

> 

static  void 

f i l e F i f o D e s t r oy ( s t r u c t Pg p F i f o C o n t e x t *fifo) 

{ 

f c L o s e ( f i f o-> f ) ; /*  tmpfileC)  automatically  deleted!  */ 

fi LeFifoFreeCfbsCfifo); 

memset ( f i f o->buf  , 0,  BUFSIZ); 

pgpMemFree(fifo->buf); 

pgpMemFreeCfi fo); 

> 


/*  This  could  definitely  use  some  optimizing  */ 
static  byte  const  * 

f i l e F i f o P e e k C s t r u c t P g p F i f o C o n t e x t *fifo,  unsigned  *len) 

{ 

unsigned  dsklen; 

if  C f i f o->pu t of f ==  f i f o-> g e t o f f ) C 

* l e n = 0 ; 
return  NULL; 

} 

if  C f i f o-> p e e ko f f > f i f o->g e t of f ) { 

/*  Have  peeked  data  in  buffer  already  */ 

*len  = fifo->peekoff  - fifo->getoff; 
return  fifo->buf; 

> 

if  C f i f o-> p u t o f f - fifo->getoff  > BUFSIZ) 
dsklen  = BUFSIZ; 

else 

dsklen  = Cunsigned)Cfifo->putoff  - fifo->getoff); 

if  CfseekCfifo->f,  fifo->getoff,  SEEK_SET)  \~  0)  { 

* l e n = 0 ; 
return  NULL; 

> 

if  C f r e a d C f i f o-> bu f , 1,  dsklen,  fifo->f)  !=  dsklen)  { 

* l e n = 0 ; 
return  NULL; 

> 
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pgpCfbDecrypt(fifo->rdcfb,  fifo->buf,  fifo->buf,  dsklen); 
fifo->peekoff  = fifo->getoff  + dsklen; 

* len  = dsklen; 
return  fifo->buf; 

> 

static  void 

f i l e F i f o S e e k ( s t r u c t P g p F i f o C o n t e x t *fifo,  unsigned  len) 

{ 

if  ( ! I e n ) 

return; 


assert(fifo->putoff  - fifo->getoff  >=  (long)  len); 
assert(fifo->peekoff  - fifo->getoff  >=  (long)  len)  ; 
assert(fifo->putoff  >=  fifo->peekoff); 


> 


fifo->getoff  +=  len; 

if  ( f i f o-> g e t o f f < f i f o - > p e e k o f f ) { 

/*  Move  data  in  fifo  down  */ 

memcpy(fifo->buf,  fifo->buf+len,  fifo->peekoff-fifo->getoff); 

> 

/*  If  fifo  becomes  empty,  reset  pointers  to  beginning  of  file  */ 
if  ( f i f o->putof f = = f i f o-> g e t o f f ) 

fifo->putoff  = fifo->getoff  = fifo->peekoff  = 0; 


static  s i z e_t 

f i l e F i f oW r i t e ( s t r u c t P g p F i f o C o n t e x t *fifo,  byte  const  *buf,  si ze_t  len) 


s i z e_t  lenleft; 
s i z e_t  b u f len; 


if  ( f s e e k ( f i f o -> f , f i f o-> p u t o f f , SEE  K_S  E T ) !=  0) 

return  P G P E R R_F I L E F I F 0_S E E K ; 
lenleft  = len; 
while  (lenleft)  { 

buflen  = (lenleft  < BUFSIZ)  ? lenleft  : BUFSIZ; 
pg p C f b E n c r y p t ( f i f o-> w r c f b , buf,  fifo->buf,  buflen); 
if  ( f wr i t e ( f i f o->buf , 1,  buflen,  fifo->f)  !=  buflen) 
return  P G P E R R_F I L E F I F 0_W R I T E ; 
buf  +=  buflen; 
lenleft  -=  buflen; 
fifo->putoff  +=  buflen; 

> 

return  len; 

> 

static  siz  e_t 

f i l e F i f o R e a d ( s t r u c t P g p F i f o C o n t e x t *fifo,  byte  *buf,  size_t  len) 

{ 

s i z e_t  a va i l ; 

/*  First  get  data  out  of  peekahead  buffer  if  any  */ 
if  ( f i f o-> p e e ko f f > f i f o-> g e t o f f ) { 

avail  = f i f o-> pe e ko f f - f i f o->ge t of f ; 
if  (avail  > len) 

avail  = len; 
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> 


> 


memcpyCbuf,  fifo->buf,  avail); 

ten  -=  avail; 

buf  + = avail; 

fifo->getoff  +=  avail; 

if  ( f i f o->peekof f > f i f o-> g e t o f f ) { 

/*  Move  data  in  fifo  down  */ 
memcpyCfi fo->buf,  fi fo->buf  + avai  l, 
fifo->peekoff-fifo->getoff); 

> 

if  (len  ==  0) 

return  avail; 


avail  = fifo->putoff  - fifo->getoff; 
if  (avail  > len) 

avail  = len; 


if  ( f seek ( f i f o->f , f i f o-> g e t o f f , SEE  K_S  E T ) ! = 0) 

return  PG P E R R_F I L E F I F 0_S E E K ; 
if  (freadCbuf,  1,  avail,  fifo->f)  avail) 
return  PGPERR_F I LE F I F0_RE AD; 


pgpCfbDecrypt(fifo->rdcfb,  buf,  buf,  avail); 

fifo->getoff  +=  avail; 

if  ( f i f o->pu t of f ==  f i f o-> g e t o f f ) 

fifo->putoff  = fifo->getoff  = 0; 


return  avail; 


struct  PgpFifoDesc  const  pg p F i l e F i f o D e s c = { 
"File  Fifo", 
fi LeFifoCreate, 
fi  leFifoRead, 
fi LeFifoWrite, 
fi  leFi foPeek, 
fi  LeFifoSeek, 
fi LeFifoFlush, 
fi  leFifoDestroy, 
fi LeFifoSize 
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flexfifo.c 


/ * 

* 

flexfifo.c 

★ 

Use  a memory  buffer 

a s 

a fifo  u n 

★ 

J, 

switch  to  a disk  fil 

e 

fifo. 

7f 

★ 

*/ 

$ I d : flexfifo.c, v 1. 

4 

1 996/1  1 / I 2 

Less  it  runs  out,  at  which  point  we 

02:17:34  mhw  Exp  $ 


//ifdef  H A V E_C  0 N F I G_H 
^include  "config.h1' 

U e n d i f 


//include  <assert.h> 
//include  <stdio.h> 


/*  For  BUFSIZ  */ 


//ifdef  HAVE  UNISTD  H 


//include 
//end  i f 

<unistd.h> 

/*  For  unlinkC) 

*/ 

// i nc  l ude 

"pgp/fifo.h" 

//include 

"pgp/pgper r . h" 

# i nc l ude 

"pgp/pgpmem.  h" 

//include 

"pgp/usuals.h" 

/* 

* Size 

at  which  we  will 

switch  from  byte  to 

disk  f i f o s . 

Will  also 

* do  so 

if  we  run  out  of  memory  so  set 

this 

very  large 

to  switch  only 

* in  that  case. 

*/ 

//define 

MAXBYTEFIFOSIZE 

(48*1 024L) 

/ * We 

might  want 

to  adjust  this 

*/ 


struct  PgpFifoDesc  const  * b f = SpgpByteFifoDesc; 
struct  PgpFifoDesc  const  * f f = &pgpFileFifoDesc; 


struct 


> ; 


PgpFifoContext  t 

struct  PgpFifoContext  *bytefifo; 

struct  PgpFifoContext  *fi  lefifo; 

byte  infile; 

si ze_t  bytefifosize; 

si ze_t  maxbytefifosize; 


static  void 
flexFifoInitlstruct 
C 

fi fo->bytefi fo 
f i f o-> f i lefifo 
f i f o-> i nf i l e = 0; 
fifo->bytefifosize  = 0 ; 
f i f o->ma x by t e f i f o s i z e = 

> 


PgpFifoContext  *fifo) 


N U L L ; 
NULL; 


MAXBYTE  F I FOS I ZE 


static  void 

f l e x F i f o F l u s h ( s t r u c t PgpFifoContext  *fifo) 

{ 

if  (fifo  — >infi  le) 

pgpFifoFlushCff,  fifo  — >fi  lefifo); 

else 
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> 


pgpFifoFLush(bf,  fifo->bytefifo); 
flexFifoInit(fifo); 


static  unsigned  Long 

f L ex F i f o S i z e ( s t r u c t PgpFifoContext  const 
{ 

if  ( f i f o-> i nf i l e ) 

return  pg p F i f o S i z e ( f f , f 

else 


> 


return  pg p F i f o S i z e ( b f , f 


* f i f o ) 


f o - > f i Lefifo); 
fo->bytefi f o ) ; 


static  struct  Pg p F i f o C on t e x t * 
flexFifoCreateC) 

struct  PgpFifoContext  * f i f o ; 

fifo  = (struct  PgpFifoContext  *)pgpMemALLoc(sizeof(*fifo)); 
if  (fifo)  { 

fifo->infile  = 0 ; 
f i f o-> f i L e f i f o = NULL; 
fifo->bytefifo  = pgpFi foCreate(bf); 
if  ( ! f i f o-> by t e f i f o ) { 

pgpMemFree(fifo); 
return  NULL; 

> 

fifo->bytefifosize  = 0 ; 

fifo->maxbytefifosize  = MAXBYTEFIFOSIZE; 

> 

return  fifo; 

> 


static  void 

f lexFi foDestroy (struct  PgpFifoContext  *fifo) 
{ 


> 


if  ( f i f o-> i n f i l e ) 

pgpFi foDestroy(ff, 

else 


pgpFi foDestroy(bf, 
pgpMemFree(fifo); 


fi  fo  — >fi Lefifo); 
fifo->bytefifo); 


static  byte  const  * 

f L e x F i f o P e e k ( s t r u c t PgpFifoContext  *fifo,  unsigned  * Len) 
{ 


> 


if  ( f i f o-> i n f i L e ) 

return  pg p F i f o Pe e k ( f f , 

e L s e 


return  pg p F i f o P e e k ( b f , 


fifo  — >fi  Lefifo, 
f i f o-> by  t e f i f o , 


Len); 

Len); 


static  void 

f L e x F i f o S e e k ( s t r u c t PgpFifoContext  *fifo,  unsigned  Len) 
{ 

if  ( f i f o-> i n f i L e ) 

pgpFifoSeek(ff,  fifo  — >fi Lefifo,  Len); 

e L s e { 
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pgpFifoSeek(bf,  fifo->bytefifo,  len); 
fifo->bytefifosize  -=  len; 

> 

> 


static  s i z e_t 

f L e x F i f o R e a d ( s t r u c t P g p F i f o C o n t e x t *fifo,  byte  *buf,  size_t  len) 
{ 


> 


if  (fifo  — >infi  Le) 

return  pgpFifoRead(ff,  fifo->filefifo,  buf,  Len); 

else  { 

si ze_t  nread  = pgpFifoReadlbf,  f i f o-> by t e f i f o , buf, 
if  (nread  > 0) 

fifo->bytefifosize  -=  nread; 
return  nread; 

> 


len); 


/ * 

* If  bytefifo  fails  to  take  the  requested  data,  assume  that  memory  is 

* full.  Switch  to  using  a file  fifo  and  transfer  a L L data  from  the 

* byte  fifo  to  the  file.  Hopefully  this  will  free  up  enough  memory 

* that  we  can  complete. 

* 

* We  can  also  be  configured  to  have  a maximum  size  for  the  byte  fifo 

* and  if  we  exceed  that  we  will  switch  over. 

*/ 

static  siz  e_t 

f l e x F i f o W r i t e ( s t r u c t P g p F i f o C o n t e x t *fifo,  byte  const  *buf,  si ze_t  len) 
{ 

siz  e_t  written; 
unsigned  long  n; 
long  err; 


if  ( f i f o-> i n f i l e ) 

return  pgpFifoWritelff,  fifo->filefifo,  buf,  len); 
written  = 0; 

if  ( f i f o-> by t e f i f o s i z e + len  <=  f i f o->ma x by t e f i f o s i z e ) 

written  = p g p F i f o W r i t e ( b f , f i f o- > b y t e f i f o , buf,  len); 
fifo->bytefifosize  +=  written; 
if  (written  < ten)  { 

/ * switch  to  file  fifo  * / 
byte  xbufCBUFSIZ*2]; 

/*  Try  to  free  up  some  memory  from  byte  fifo  */ 
n = pgpFifoReadlbf,  fifo->bytefifo,  xbuf,  si zeof ( xbuf  ) ) ; 
f i f o-> f i l e f i f o = pg p F i f o C r e a t e ( f f ) ; 
if  ( ! fifo  — >fi Lefifo)  { 

pgpFifoDestroy(bf,  fifo->bytefifo); 
return  PG P E R R_N0M E M ; 

> 

/*  Transfer  data  from  byte  to  file  fifo  */ 
do  { 

assert  (n  <=  sizeof(xbuf)); 

err  = (Long)pgpFifoWrite(ff,  fifo->fi  lefifo,  xbuf,  n); 
if  (err  < 0 ) 

return  ( s i z e_t ) e r r ; 

> while  ((n  = pgpFifoReadlbf,  f i f o-> by t e f i f o , xbuf, 

sizeof(xbuf)))  > 0); 
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pgpFifoDestroyCbf,  fifo->bytefifo); 
fifo->bytefifo  = NULL; 
f i f o-> by t e f i f o s i z e = 0; 
fifo->infile  = 1 ; 

written  +=  pg p F i f oW r i t e ( f f , i i f o-> f i l e f i f o , buf+written, 

len-wri tten); 

> 

return  written; 

} 

struct  PgpFifoDesc  const  pg p F L e x F i i o D e s c = { 

"Flex  Byte/File  Fifo", 

flexFifoCreate, 

flexFitoRead, 

flexFifoWrite, 

flexFifoPeek, 

flexFifoSeek, 

flexFifoFLush, 

flexFifoDestroy, 

flexFifoSize 

>; 
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globals.c 

/ * 

* globals.c  --  A file  containing  global,  constant 

* 

* Written  by:  Derek  Atkins  < w a r l o r d a M I T . E D U> 

* 

* $ I d : globals.c, v 1.8  1 996/1  1 /1  2 02:1  7:35  mhw  Exp 
*/ 

# i f d e f H A V E_C  0 N F I G_H 
//include  "config.h" 

//  e nd  i f 

//include  "pgp/usua  Is  . h" 

char  const  pgpLibVersionStringC]  = "3.0  alpha"; 


values. 


$ 
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memfile.c 

/* 

* memfile.c  — PgpFile  implementation  for  memory  files 

★ 

* Written  by:  Mark  H.  Weaver  <mhwSlnetris.org> 

* 

* $ I d : memfile.c, v 1.2  1 996/1  1 /07  08:07:21  mhw  Exp  $ 

* / 


# i f d e f H A V E_C  0 N F I G_H 
//include  "config.h" 
ft  e nd i f 


ft  i nc  l ude 
//include 
//include 


<assert  . h> 
<errno.h> 

< s t d i o . h > 


ft  i 
ft  i 
ft 
ft 
ft 


n c l u d e 
nc  l ude 
nc  l ude 
n c L ude 
n c l ude 


"pgpfi  le.h" 
"pgp/cfb.h" 
"pgp  / pgpmem.  h" 
"pgp/pgperr . h" 
"pgp/usuals.h" 


/*  This  is  the  private  data  for  memfiles  */ 
struct  MemFile  { 

char  * b a s e , * e n d , * c u r ; 
struct  PgpFileError  err; 
int  error; 

>; 


static  long  memFileTell  (struct  PgpFile  *file); 
static  void 

memSetError  (struct  PgpFile  *file,  int  code) 

{ 

struct  MemFile  * m f = (struct  MemFile  *)file->priv; 
mf->err  . f = file; 

mf->err . f pos  = memFileTell  (file); 
mf->error  = mf->err. error  = code; 
mf->err.syserrno  = 0; 

> 


static  siz  e_t 

memFileRead  (void  *ptr,  si ze_t  size,  struct  PgpFile  *file) 
{ 

struct  MemFile  *mf  = (struct  MemFile  *)file->priv; 


if  (size  > ( s i z e_t ) ( m f -> e nd  - mf->cur) ) 
size  = mf->end  - mf->cur; 

if  (size  <=  0)  { 

memSetError  (file,  PG P E R R_F I L E_0 P F A I L ) ; 
return  0; 

> else  { 

memcpy  (ptr,  mf->cur,  size); 
mf->cur  + = size; 
return  size; 

> 
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static  s i z e_t 

memFileWrite  (void  const  *ptr,  size_t  size,  struct  PgpFile  *file) 
{ 

(void)ptr;  / * Quiet  the  compiler  warnings  * / 

(void)size; 

memSetError  (file,  P G P E R R_F I L E_B A D 0 P ) ; 
return  0 ; 


static  i n t 

memFileFlush  (struct  PgpFile  *file) 

{ 

(void)file;  / * Quiet  compiler  warning  * / 


/ * Does  nothing  * / 
return  0; 


static  i n t 

memFi leClose  (struct  PgpFile  *file) 

struct  MemFile  * m f = (struct  MemFile  *)file->priv; 

memset  (mf,  0,  sizeof  ( * m f ) ) ; 
pgpMemFree  (mf); 

memset  (file,  0,  sizeof  (*file)); 
pgpMemFree  (file); 
return  0 ; 


static  long 

memFileTell  (struct  PgpFile  *file) 

{ 

struct  MemFile  *mf  = (struct  MemFile  *)file->priv; 
return  mf->cur  - mf->base; 


static  i n t 

memFi LeSeek  (struct  PgpFile  *file,  long  offset,  int  whence) 

{ 

struct  MemFile  *mf  = (struct  MemFile  *)file->priv; 

switch  (whence)  f 

case  SEE  K_S  E T : 

/*  offset  is  correct,  as  is  */ 
break; 
case  SEE  K_C  U R : 

offset  +=  mf->cur  - mf->base; 
break; 
case  SEE  K_E  N D : 

offset  +=  mf->end  - mf->base; 
break; 

} 


if  (offset  < 0 | | offset  > mf->end  - mf->base) 
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{ 

memSetError  (file,  PG P E R R_F I L E_0 P F A I L ) ; 
return  P G P E R R_F I L E_0 P F A I L ; 

} 

mf->cur  = mf->base  + offset; 
return  0; 

> 

static  int 

memFileEof  (struct  PgpFile  const  * f i l e ) 

{ 

struct  MemFile  * m f = (struct  MemFile  *)file->priv; 
return  mf->cur  >=  mf->end; 

} 


static  struct  PgpFileError  const  * 
memFi  leError  (struct  PgpFile  const  *file) 

{ 

struct  MemFile  * m f = (struct  MemFile  * ) f i l e - > p r i v ; 


> 


if  (mf->error) 
return 

else 


return 


&mf->err; 

NULL; 


static  void 

memFi  leClearError  (struct  PgpFile  * f i L e ) 

{ 

struct  MemFile  * m f = (struct  MemFile  *)file->priv; 
mf->error  = 0; 

> 


static  int 

mem F i l e W r i t e 2 R e a d (struct  PgpFile  *file) 

{ 

memSetError  (file,  P G P E R R_F I L E_B A D 0 P ) ; 
return  PG P E R R_F I L E_B A DO P ; 

> 

static  struct  Pg p C f b C o n t e x t * 
memFileCfb  (struct  PgpFile  const  *file) 

{ 

(void)file;  /*  Quiet  compiler  warning  */ 

/*  XXX:  I'm  not  realty  sure  what  should  be  done  here  */ 
return  NULL; 

> 

struct  PgpFile  * 

pgp F i l eMemReadOpen  (void  *base,  si ze_t  len) 

{ 

struct  PgpFile  * f i l e ; 
struct  MemFile  *mf; 

file  = (struct  PgpFile  OpgpMemAlloc  (sizeof  (*file)); 
if  ( ! f i l e ) 
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> 


return  NULL; 

mf  = (struct  MemFile  * ) p g p M e m A L l o c (sizeof  (*mf)); 
if  ( ! mf  ) { 

pgpHemFree  (file); 
return  NULL; 

> 

memset  (mf,  0,  sizeof  (*mf)); 
memset  (file,  0,  sizeof  (*file)); 

mf->base  = mf->cur  = (char  *)base; 
mf->end  = mf->base  + len; 

file->priv  = mf; 
file->read  = memFi leRead; 
file->write  = memFi  leWrite; 
file->flush  = memFi  leFlush; 
file->close  = memFi leClose; 
fi  Le  — >tel L = memFi  leTell; 
file->seek  = memFi leSeek; 
file->eof  = memFi  leEof; 
f i le->error  = memFi leError; 
f i l e-> c l ea r E r ro r = memFi leClearError; 
file->write2read  = memFi  leWrite2Read; 
file->cfb  = memFi  leCfb; 
return  file; 
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passcach.c 

/ * 

* passcach.c  — A Passphrase  Cache  — keep  a cache  of  passphrases  and 

* try  them  against  ESKs  and  Secret  Keys.  This  way  you  only  have  to 

* type  your  passphrase  once,  it  gets  cached,  and  then  it  gets  used 

* again  and  again. 

* 

* Written  by:  Derek  Atkins  < w a r l o r d a M I T . E D U> 

★ 

* $ I d : passcach.c, v 1.17  1996/11/12  02  : 17:36  mhw  Exp  $ 

*/ 

#ifdef  HAVE  CONFIG  H 


//include 
# e nd i f 

"config.h" 

^include 

< s t d i o . h > 

^include 

"pgp/esk.h" 

//include 

"pgp/pgpmem.h" 

//include 

"passcach  . h" 

//include 

"pgp/pgperr.h" 

//include 

"pgp/pubkey.h" 

^include 

"pgp/usua  l s . h" 

struct  PgpPass  C 

char  *pass; 
s i z e_t  passlen; 
struct  PgpPass  * n e x t ; 

>; 

struct  PgpPassCache  C 

struct  PgpEnv  const  *env; 
struct  PgpPass  *passlist; 

>; 

struct  PgpPassCache  * 

pgpPassCacheCreate  (struct  PgpEnv  const  *env) 

C 

struct  PgpPassCache  * c a c h e ; 

cache  = (struct  PgpPassCache  * ) pgpMemAlloc  (sizeof  ( * c a c h e ) ) ; 
if  (cache)  C 

memset  (cache,  0,  sizeof  (*cache)); 
cache->env  = env; 

> 

return  cache; 

> 

void 

pgpPassCacheDestroy  (struct  PgpPassCache  *cache) 

{ 

struct  PgpPass  *p,  *t; 

if  ( ! cache) 

return; 

for  (p  = cache->pass  L i st;  p;  p = t)  C 
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t = p->next; 

memset  (p->pass,  0,  p->pass  Len)  ; 
pgpMemFree  (p->pass); 
memset  ( p , 0,  sizeof  ( * p ) ) ; 
pgpMemFree  ( p ) ; 

> 

memset  (cache,  0,  sizeof  ( * c a c h e ) ) ; 
pgpMemFree  (cache); 

> 

i n t 

pg p P a s s C a c h e Add  (struct  PgpPassCache  *cache,  char  const  *pass,  size 
{ 

struct  PgpPass  * p ; 
char  * b u f ; 

if  (! cache  ||  (pass  ||  ! passlen) 

return  P G P E R R_B A D P A R A M ; 

p = (struct  PgpPass  * ) pgpMemAlloc  (sizeof  ( * p ) ) ; 
i f ( ! p ) 

return  P G P E R R_N 0 M E M ; 

buf  = (char  * ) p g p M e m A l l o c (passlen  + 1); 
if  ( ! bu  f ) { 

pgpMemFree  (p); 
return  PG P E R R_N0M E M ; 

> 

memcpy  (buf,  pass,  passlen); 
bufCpasslenll  = ' \ 0 ' ; 

memset  (p,  0,  sizeof  ( * p ) ) ; 

p->pass  = buf; 
p->pass  len  = passlen; 
p->next  = cache->passlist; 
c a c h e-> pa s s l i s t = p; 

return  0; 

> 


/* 

* Returns: 

* < 0 : error 

* = 0 : no  phrases  worked 

* > 0 : a pass  phrase  worked  --  session  key  in  key,  size  in  keylen 
*/ 

i n t 

pg p Pa s s C a c h e T ry E s k (struct  PgpPassCache  const  *cache,  struct  PgpESK 

int  (*tryKey)  (void  *arg,  byte  const  *key,  size 
void  *tryarg,  byte  *key,  size_t  *keylen) 

( 

struct  PgpPass  *p; 
int  i ; 

if  (! cache  ||  ! esk  ||  ! key  ||  Ikeylen  ||  itryKey) 

return  P G P E R R_B A D P A R A M ; 


t passlen) 


const  *esk, 
t keylen). 
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> 


i f 


(pgpEskType 

return 


(esk)  ! = PGP_ESKTYPE_PASSPHRASE ) 
P G P E R R_B  ADPARAM; 


for  (p  = cache->passlist;  p;  p = p->next)  { 

i = pg p E s k C o n v D e c ry p t (esk,  cache->env,  p->pass,  p->passlen, 

key); 


if  (i  < 0) 

return  i ; 


/ * error  * / 


if  ( i 


> 


> 0)  { /*  got  a key  --  try 

* k e y l e n = i; 

i = tryKey  (tryarg,  key,  *keylen); 
if(ii)  /*  it  worked  */ 

return  1; 


> 

/*  none  of  the  cached  passphrases  worked  */ 
return  0; 


i t 


*/ 


* 

Returns  : 

* < 

0 

error 

* = 

0 

could  not 

unlock  key 

A 

* -K 

0 

success  - 

- key  unlocked 

i n t 

pg p Pa s s C a c h e T r y Key  (struct  PgpPassCache  const  *cache,  struct  PgpSecKey  *seckey) 
{ 

struct  PgpPass  * p ; 
i n t i ; 

if  (!  cache  ||  ! seckey) 

return  PG P E R R_B A D P A R A M ; 

for  (p  = cache->passlist;  p;  p = p->next)  { 

i = pgpSecKeyUnlock  (seckey,  cache->env,  p->pass,  p->pass  Len) ; 
if  ( i ) 

return  i ; 

> 

return  0; 
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passcach.h 

/* 

* passcach.h  --  A Passphrase  Cache 

* 

* Written  by:  Derek  Atkins  < w a r L o r d 5)M I T . E D U > 

* 

* $ I d : passcach.h, v 1.1  1 1 996/1  1 /1  2 02:1  7:36  mhw  Exp  $ 

★ / 

# i f nde  f PG P_P A S S C A C H E_H 
//define  P G P_P A S S C A C H E_H 

^include  " p g p / u s u a l s . h " 

struct  PgpPassCache; 

//  i f nde  f T Y P E_PG P P A S S C A C H E 

//define  T Y P E_P G P P A S S C A C H E 1 

typedef  struct  PgpPassCache  PgpPassCache; 

//  e n d i f 

struct  PgpEnv; 

//  i f nde  f T Y P E_P G P E N V 

//define  T Y P E_P  G P E N V 1 

typedef  struct  PgpEnv  PgpEnv; 

Ue  n d i f 

struct  PgpESK; 

//  i f nde  f T Y P E_P G P E S K 

//define  T Y P E_P  G P E S K 1 

typedef  struct  PgpESK  PgpESK; 

//end  i f 

struct  PgpSecKey; 

# i f n d e f T Y P E_PG P S E C K E Y 
//define  T Y P E_P  G P S E C KE  Y 1 

typedef  struct  PgpSecKey  PgpSecKey; 

//  e n d i f 

struct  PgpPassCache  *pgpPassCacheCreate  (struct  PgpEnv  const  *env); 

void  pgpPassCacheDestroy  (struct  PgpPassCache  * c a c h e ) ; 

int  pg p Pa s s C a c h e Add  (struct  PgpPassCache  *cache,  char  const  *pass, 

s i z e_t  passlen); 

int  pg p Pa s s C a c h e T ry E s k (struct  PgpPassCache  const  *cache, 

struct  PgpESK  const  *esk, 

int  (*tryKey)  (void  *arg,  byte  const  *key, 

s i ze_t  key  L en  ) , 

void  *tryarg,  byte  *key,  si ze_t  *keylen); 
int  pg p Pa s s C a c h e T r y Ke y (struct  PgpPassCache  const  *cache, 

struct  PgpSecKey  * s e c k e y ) ; 

//endif  /*  PGP  PASSCACHE  H */ 
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pgpdebug.c 


/* 

* pgpdebug.c  --  Assertion  support  routines 

* 

* $ I d : pgpdebug.c, v 1.5. 2. 2 1 996/1  1 /1  5 00:1  4:22  mhw  Exp  $ 
*/ 


ft  i nc  l ude 
# i nc l ude 
ft  include 
ft  i n c L ud  e 


<string.h> 
<stdarg.h> 
"pgp/usuals.h1' 
"pgp/pgpdebug . h" 


# i f d e f DEBUG 


static  void 
AppendCharsC 

uchar  * dest, 

int*  offset, 

i n t max, 

char  const  * src, 
int  L en ) 

C 

pgpAssertAddrValid(src); 
if  (Len  >=  max  - *offset) 

Len  = max  - *of f set  - 1 
memcpyCdest  + *offset,  src, 
★offset  +=  len; 

} 


len); 


static  void 

AppendUnsi gnedNumber( 

uchar  * 

dest. 

int  * 

offset 

i n t 

max. 

i n t 

radix. 

u l o n g 

num ) 

{ 


static  char  const  digi tC17U  = 

char  bufH36H; 

int  i=sizeof(buf); 


"01 23456789ABCDEF"; 


pgpAssertMsg(radix  >=  2 SS  radix  <=  16,  "Invalid  radix"); 
d o 
{ 

pgpAssertli  > 0); 

bufC--iD  = digitCnum  % radix]; 

num  /=  radix; 

> while  (num  > 0); 

A pp e nd C h a r s ( d e s t , offset,  max,  buf  + i,  sizeof(buf)  - i); 


static  void 
Appends ignedNumberC 


uchar  * 

dest. 

int  * 

offset 

i n t 

max. 

i n t 

radix. 

long 

num ) 
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if  ( num  < 0 ) 

{ 

AppendCharsCdest,  offset,  max,  1); 

AppendUnsignedNumberCdest,  offset,  max,  radix,  -num); 

> 

else 

AppendUnsignedNumberCdest,  offset,  max,  radix,  num); 


/* 

* 

* 

* 

* 


Formats  a string  into  the  given  buffer. 
If  ma ke Pa s c a l S t r i n g is  true,  the  string 
In  either  case,  the  string  always  has  a 


similarly  to  sprintf. 
is  made  into  a Pascal 
null  terminator. 


string 


★ 

Recognizes  the 

following  special  sequences  in 

the 

format 

s t 

★ 

%% 

Replaced 

with 

a s i 

ng l e ' % ' 

★ 

%s 

Replaced 

with 

the 

C string 

a rgument 

★ 

% P 

Replaced 

with 

the 

Pascal  string  argument 

★ 

% i 

Replaced 

with 

the 

signed  integer  value  Cbase  10) 

* 

XI 

Replaced 

with 

the 

signed  long  value  Cbase 

10) 

★ 

%u 

Replaced 

with 

the 

unsigned 

integer  va 

l u e 

Cbase 

10) 

★ 

%U 

Replaced 

with 

the 

unsigned 

long  value 

Cbase  10) 

★ 

%x 

R e p l a 

c ed 

with 

the 

unsigned 

integer  va 

l u e 

Cbase 

16) 

★ 

%X 

R e p l a 

c e d 

with 

the 

unsigned 

long  value 

Cbase  16) 

★ 

% b 

R e p l a 

c e d 

with 

the 

unsigned 

integer  value 

Cbase 

2 ) 

★ 

J.  / 

/ B 

R e p l a 

c e d 

with 

the 

unsigned 

long  value 

Cbase  2 ) 

void 

pgpFormatVAStrC 

u c h a 

r * 

buffer 

/ 

i n t 

bufferSize 

/ 

i n t 

makePascalStr, 

char 

const  * 

formatStr, 

f 

v a_ l i s t 

args) 

i n t 

bufferlndex  = makePascalStr  ? 

1 : 

0; 

i n t 

f ormatStrlndex; 

pgpAssertAddrValidCbuffer); 
pgpAssertCbufferSize  >=  2 ) ; 
pgpAssertAddrValid(formatStr); 

for  CformatStrlndex  = 0;  formatStrCformatStrlndexD  !=  ' \ 0 ' ; 

f ormatStrIndex++) 

{ 

if  CformatStrlformatStrlndex]  !=  '%') 

A ppe nd C h a r s ( bu f f e r , & bu f f e r I nd e x , bufferSize, 
SformatStrCformatStrlndexD,  1); 
else  if  CformatStrlformatStrlndex  + ID) 

formatStrIndex++; 

switch  CformatStrlformatStrlndexD) 

{ 

case  1 % 1 : / * Literal  * / 

Appe nd C h a r s C bu f f e r , &bu f f e r I nd e x , bufferSize, 
&formatStrCformatStrIndexD,  1 ) ; 

break; 

case  ' c ' : /*  Single  character  */ 

{ 

char  ch  = va_arg(args,  char); 
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A pp e nd C h a r s ( bu f f e r , Sbu f f e r I nd ex , bufferSize, 

S c h , 1 ) ; 

break; 

> 

case  's':  /*  C string  argument  */ 

{ 

char  const  * str  = va_arg(args/  char  const  *); 
pgpAssertStrValid(str); 

Ap pe nd C h a r s ( bu f f e r , Sbu f f e r I nd e x , bufferSize,  str, 
strlen(str)); 

break; 

> 

case  ' p ' : /*  Pascal  string  argument  */ 

{ 

uchar  const  * pstr  = va_arg(args,  uchar  const  *); 
pgpAssertPStrValid(pstr); 

A pp e n d C h a r s ( bu f f e r , S b u f f e r I nd e x , bufferSize, 

(char  *)  (pstr  + 1),  pstrLO]); 

break; 

} 

case  ' i ' : /*  Signed  integer  argument,  base  10  */ 

i 

int  num  = va_arg(args,  int); 

Ap pe n d S i g n ed N umbe r ( bu f f e r , S bu f f e r I nd e x , bufferSize, 

10,  num); 

break; 

> 

case  'I':  /*  Signed  long  argument,  base  10  */ 

t 

long  num  = va_arg(args,  long); 

A ppe nd S i g n ed N umb e r ( bu f f e r , Sbu f f e r I nd e x , bufferSize, 

10,  num); 

break; 

> 

case  ' u ' : /*  unsigned  int  argument,  base  10  */ 

uint  num  = va_arg(args,  uint); 

A ppe nd U n s i g n ed N umb e r ( bu f f e r , S bu f f e r I nd e x , bufferSize, 

10,  num); 

break; 

> 

case  ' U ' : /*  unsigned  long  argument,  base  10  */ 

C 

ulong  num  = va_arg(args,  ulong); 

Ap pe nd U n s i g n ed N umb e r ( b u f f e r , S bu f f e r I n d e x , bufferSize, 

10,  num); 

break; 

> 

case  ' x ' : /*  unsigned  int  argument,  base  16  */ 

{ 

uint  num  = va_arg(args,  uint); 
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A ppe  nd  U n s i g n ed  N limb  e r ( bu  f f e r , &b  u f f e r I n d e x , bufferSize, 

16,  num); 

break; 

> 

case  'X':  /*  unsigned  long  argument,  base  16  */ 

i 

ulong  num  = va_arg(args,  ulong); 

A ppe  nd  1)  n s i g n e d N umbe  r ( bu  f f e r , & b u f f e r I n d e x , bufferSize, 

16,  num ) ; 

break; 

> 

case  ' b ' : /*  unsigned  int  argument,  base  2 */ 

{ 

uint  num  = va_arg(args,  uint); 

A ppe nd U n s i g n e dNumbe r ( bu f f e r , & b u f f e r I n d e x , bufferSize, 

2 , num); 

break; 

> 

case  'B':  /*  unsigned  long  argument,  base  2 */ 

{ 

ulong  num  = va_arg(args,  ulong); 

A p p e nd U n s i g n e d N umbe r ( bu f f e r , &bu f f e r I ndex , bufferSize, 

2 , num  ) ; 

break; 

} 

default: 

{ 

char  errorBufC16H; 


> 


pgpFormatStrlerrorBuf , s i zeof ( er rorBuf  ) , "CINVALID  %%%cd 
formatStrlformatStrlndexl); 

A pp e nd C h a r s ( bu f f e r , &bu f f e r I nd e x , bufferSize, 
errorBuf,  strlen(errorBuf)); 

break; 


> 

> 

b u f f e r [ bu f f e r I nd e x ] = ’ \ 0 ' ; 
if  (makePascalStr) 

bufferCOD  = (bufferlndex  > 256)  ? 255  : (bufferlndex  - 1); 


uchar  * 

pgpFormatPStrl 
uchar  * 
i n t 

char  const  * 

. . . ) 

{ 

v a list 


buffer, 

bufferSize, 

formatStr, 


args; 


v a_s t a r t ( a r g s , formatStr); 

pg p F o r ma t V A S t r ( bu f f e r , bufferSize,  1,  formatStr,  args); 

va_end(args); 

return  buffer; 
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> 


char  * 


pgpFormatStrC 

char  * 

buffer. 

i n t 

bu  f f e r S i 

char  const  * 

. . . ) 

{ 

formatSt 

va_l i s t 

args; 

va_s t a r t ( a r g s , formatStr); 

pgpFormatVAStr( (uchar  *)buffer,  bufferSize,  0,  formatStr,  args); 

va_end(args); 

return  buffer; 

> 

/* 

* WARNING:  This  routine  is  not  thread  safe  and  should  ONLY  be  called 

* from  within  debugging  macros!! 

*/ 

uchar  * 

pgpDebugFormatPStrC 

char  const  * formatStr, 

. . . ) 

static  uchar  bufferC256H; 

va_list  args; 

v a_s t a r t ( a r g s , formatStr); 

pgpFormatVAStrlbuffer,  sizeof(buffer),  1,  formatStr,  args); 
v a_e  nd(args); 
return  buffer; 

> 

/ * 

* WARNING:  This  routine  is  not  thread  safe  and  should  ONLY  be  called 

* from  within  debugging  macros!! 

* / 

char  * 

pgpDebugFormatStrl 

char  const  * formatStr, 

. . . ) 

static  char  bufferC2563; 

va_list  args; 

va_start(args,  formatStr); 

pgpFormatVAStr((uchar  Obuffer,  sizeof(buffer),  0,  formatStr,  args); 
va_end (args); 
return  buffer; 

> 

# e n d i f /*  DEBUG  */ 

/* 

* Local  Variables: 

* tab-width:  4 

* End: 
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* vi:  ts=4  sw=4 

* vim:  si 
*/ 


. 


■ 


' 


■ 
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pgpdebug.h 

/* 

* pgpdebug.h  --  Assertion  macro  headers 

* 

* $ I d : pgpdebug.h, v 1.7. 2.1  1 996/1  1 /1  4 02:36:54  mhw  Exp  $ 
*/ 

# i f n d e f PGPASSER  T_H 
//define  PGPASSER  T_H 

^include  <stdarg.h> 

/*  XXX:  What  should  we  do  for  MSDOS?  */ 

# i f nd  e f MACINTOSH 
//include  <stdio.h> 
ft  e nd  i f 


ft  if 

DEBUG 

/* 

C 

*/ 

ft  if 

MACINTOSH 

/ * 

: 

*/ 

ft  d e f i n e 


pgpDebugFmtMsg(params) 

uchar  pgpDFM b u f f e r C 2 5 6 H ; 


> 


DebugStrCpgpFormatPStr ( pg  p D FM but  f e r , 

s i z e o f ( pg  p D F M but  fer), 

" %s  (%s  line  % I ) " , 

pg p D e bu g F o rma t S t r params, 

FILE , (long) LINE )); 


\ 

\ 

\ 

\ 

\ 

\ 

\ 

\ 

\ 


//define  p g p D e b u g P S t r ( p S t r ) D e b u g S t r ( p S t r ) 

//else  /*  ] MACINTOSH  l */ 


//define  pgpDebug  FmtMsg  ( pa  rams  ) \ 

do  \ 

{ \ 

f p r i n t f ( s t d e r r , "DEBUG:  %s  (%s  line  %ld)\n",\ 
pg p D e bug F o r ma t S t r params,  \ 

FILE , (long) LINE );  \ 

> whi  le(0) 


//  e nd  i f /*  MACINTOSH  ] */ 


//define  p g p A s s e r t F m t M s g ( c o n d i t i o n , params)  \ 

do  \ 

{ \ 

i f ( ! ( c ond i t i on  ) ) \ 

pgpDebugFmtMsg(params);  \ 

> whi  le(0) 


//else  /*  0 DEBUG  L */ 


ft  define  pg  p D e bu  g F m t M s g ( pa  r a m s ) 

//define  pg  p A s s e r t F m t M s g ( c o nd  i t i on  , params) 


//endif  / * DEBUG  0 */ 
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//define  pgpDebugAbortFmtMsg(params) 
pgpDebugFmtMsg(params) 

//define  pg p D e bu g M s g ( me s s a g e ) 

pgpDebugFmtMsgC ( " % s " , message) ) 

//define  pg p A s s e r t M s g ( c o nd i t i on  , message) 

pg p A s s e r t F m t M s g ( c o nd i t i o n , ("%s",  message)) 

//define  pg p A s s e r t ( c o nd i t i o n ) 

pg p A s s e r t F m t M s g ( ( c on d i t i on ) , ("Assertion  failed 


% s 


//condition)) 


/*  XXX: 
//define 


Make  these  more  stringent  * / 
pgpAssertAddrValid(ptr) 


pgpAssertFmtMsg(Cptr)  !=  NULL,  ("%s  is  nil",  #ptr)) 


//define  pg  p A s s e r t A d d r V a l i d M s g ( p t r , msg) 


//define 

//define 

//define 

//define 

//define 

//define 


r^i s-r-1/  ' 

pg p A s s e r t Fm t M s g ( ( p t r ) !=  NULL,  ("%s:  %s  is  nil",  msg,  #ptr)) 

pg p A s s e r t Ad d r A l i g n e d ( p t r , type)  \ 

pg p A s s e r t Fm t M s g ( ( p t r ) !=  NULL,  ("%s  is  nil",  //ptr)) 

pg p A s s e r t Add r A l i g n e d M s g ( p t r , type,  msg)  \ 

pg p A s s e r t F m t M s g ( ( p t r ) !=  NULL,  ("%s:  %s  is  nil",  msg,  #ptr)) 


pgpAssertStrValid(str) 
pgpAssertAddrValid(str) 
p g p A s s e r t S t r V a l i d M s g ( s t r , msg) 
pg p A s s e r t Add r Va  l i dM s g ( s t r , msg) 


pgpAssertPStrValid(str) 
pgpAssertAddrValid(str) 
pgpAssertPStrValidMsgCstr 


msg) 


\ 

\ 

\ 

\ 


p g p A s s e r t A d d r V a l i d M s g ( s t r , msg) 


//if  UNFINISHED_CODE_ALLOWED 
//define  pg  p F i x B e f o r e S h i p ( m s g ) 

//else 

//define  p g p F i x B e f o r e S h i p ( m s g ) 333333  //msg  333333 

//end  i f 


void  pg p F o r ma t V A S t r ( u c h a r *buffer,  int  bufferSize,  int  ma ke Pa s c a l S t r , 

char  const  *formatStr,  va_list  args) ; 
uchar  *pgpFormatPStr(uchar  *buffer,  int  bufferSize, 

char  const  *formatStr,  ...); 

char  *pgpFormatStr(char  *buffer,  int  bufferSize,  char  const  *formatStr,  ...); 
/ * 

* WARNING:  These  routines  are  not  thread  safe  or  re-entrant  and  should 

* ONLY  be  called  from  within  the  above  debugging  macros!! 

* / 

uchar  *pgpDebugFormatPStr(char  const  *f ormatStr,  ...); 
char  * pg p D e bu g F o r ma t S t r ( c h a r const  *formatStr,  ...); 


//end  i f /*  PGPASSERT  H */ 


/* 

* Local  Variables: 

* tab-width:  4 
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* End: 

* vi:  ts=4  sw  = 4 

. 

* vim:  si 
*/ 


. 


. 


— 
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pgperr.c 

/* 

* $ I d : pgperr.c, v 1.4  1 996/1  1 /1  2 02:1  7:37  mhw  Exp  $ 
*/ 

//include  <stdio.h>  /*  For  sprintfl)  */ 


/*  List  of  all  error  codes  */ 
struct  pgper  r_t  { 
int  error; 
char  const  * s t r i n g ; 

>; 


static  struct  pgperr_t  const  pg  p e r r l i s t C 3 = { 
//define  PGPERR(err,  string)  { err,  string  }, 
//include  " pg  p / pg  p e r r . h " 


{ 

>; 

0,  0 > 

/* 

End-of-list 

placeholder  ★/ 

/ * Get  rid 

of  warning 

from 

gcc  about  mi 

ssing  prototype 

char  const 

★pgperrStri 

nglint  code); 

char  const 

* 

pgperrStri 

r 

ng(int  code) 

unsigned  i; 

static  char  b u f C □ = "Unknown  error  code  -xxxxxxxxx"; 
/*  1234567890123456789  */ 


for  (i  = 0;  i < sizeof(pgperrlist)/sizeof(*pgperrlist);  i + + ) { 
if  ( pg pe r r l i s t C i 0 . e r r o r ==  code) 

return  pgperrlistCi]. string; 

> 

spr i nt f ( buf +20,  "%+d",  code); 
return  buf; 
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pgpfile.c 

/ * 

* pgpfile.c  --  An  abstraction  to  files 

* 

* Written  by:  Derek  Atkins  <warlordSlMIT.EDU> 

* 

* $ I d : pgpfile.c, v 1.21  1 996/1  1 /1  2 02:1  7:37  mhw  Exp  $ 
*/ 


//  i f d e f HAVE  CONFIG  H 


# i n c l ude 
//end  i f 

" conf i g . h " 

//include 

<assert  . h> 

# i n c l ude 

<errno.h> 

# i n c l ude 

<stdio.h> 

//include 

"pgpfi le.h" 

ft  include 

"pgp/cfb.h" 

//include 

"pgp/pgpmem.h" 

//include 

"pgp/pgperr.h" 

//include 

"pgp/usuals.h" 

struct  File  { 

int  (*doC  lose)  (FILE  * f i l e , void  *arg); 
void  * c l o s e A r g ; 
struct  PgpFileError  err; 
struct  PgpCfbContext  * c f b ; 

FILE  * f ; 
int  error; 
int  flags; 

>; 


/ * 

* These  are  the  different 

* * * and  types. 

* / 

//define  FLAG  S_R  E A D 1 

//define  FLAG  S_W  RITE  2 

//define  FLAG  S_F I L E 4 

//define  FLAGS  PROC  8 


flags,  which  define  the  various  operations 


//define  PG P_F I LE_R E A D ( F L AG S_F I L E | F L A G S_R E A D ) 
//define  PG  P_F  I L E_W  R I T E ( F L A G S_F  I L E | F L A G S_W  R I T E ) 

//define  P G P_P  R 0 C_W  R I T E ( F L A G S_P  R 0 C j F L A G S_W  R I T E ) 


/*  Stdio  Functions  */ 


static  void 

setError  (struct  PgpFile  *file,  int  code) 

{ 

struct  File  *fp  = (struct  File  * ) f i l e->pri v; 


fp->err.f  = file; 
fp->err . syserrno  = errno; 
fp->err. error  = code; 
f p->error  = f error  (fp  — >f); 
if  (fp->error)  { 
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> 


> 


fp->err.fpos  = pgpFileTell  (file); 


static  s i z e_t 

stdioRead  (void  *ptr,  size__t  size,  struct  PgpFile  *file) 
{ 

struct  File  *fp  = (struct  File  *)file->priv; 
s i z e_t  ret; 

if  ( ! ( f p->  f l a g s & FLAG  S_R  E AD))  { 

setError  (file,  P G P E R R_F I L E_B A D 0 P ) ; 
f p->error  = PG PE R R_F I L E_B A DO P ; 
return  0 ; 

> 

ret  = fread  (ptr,  1,  size,  f p - > f ) ; 
if  ( ! ret) 

setError  (file,  P G P E R R_F I L E_0 P F A I L ) ; 
return  ret; 

> 


static  s i z e_t 

stdioWrite  (void  const  *ptr,  size_t  size,  struct  PgpFile  *file) 
C 

struct  File  * f p = (struct  File  *)file->priv; 
s i z e_t  ret; 

if  ( ! ( f p->  f l a g s & F L AG S_W R I T E ) ) { 

setError  (file,  PG P E R R_F I L E_B A D 0 P ) ; 
fp->error  = PG P E R R_F I L E_B A D 0 P ; 
return  0 ; 

} 

ret  = fwrite  (ptr,  1,  size,  f p - > f ) ; 
if  ( ! ret) 

setError  (file,  PG P E R R_F I L E_0 P F A I L ) ; 
return  ret; 

> 


static  i n t 

stdioFlush  (struct  PgpFile  *file) 

{ 

struct  File  *fp  = (struct  File  *)file->priv; 
i n t ret; 

if  ( ! ( f p->  f l a g s & F L AG S_W R I T E ) ) 

return  PGPERR_F I LE_BAD0P; 

ret  = fflush  (fp->f); 

if  (ret)  { 

ret  = P G P E R R_F I L E_0  P F A I L ; 
setError  (file,  ret); 
f p->error  = ret; 
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> 

return  ret; 

> 

static  Long 

stdioTell  (struct  PgpFile  * f i l e ) 

struct  File  * f p = (struct  File  *)file->priv; 
return  ftell  ( f p - > f ) ; 

> 

static  i n t 

stdioSeek  (struct  PgpFile  ★file,  long  offset,  int  whence) 
{ 

struct  File  * f p = (struct  File  *)file->priv; 
int  code; 

if  ( ! ( f p->  f l a g s S FLAG  S_R  E A D ) ) 

return  PG P E R R_F I L E_B A D 0 P ; 

code  = fseek  ( f p — > f , offset,  whence); 

if  (code)  { 

code  = PGPERR_FIL  E_0  P F A I L ; 
setError  (file,  code); 
f p->error  = code; 

> 

return  code; 

> 


/*  Non-specific  functions  (stdio  or  encrypted)  */ 
static  int 

fileClose  (struct  PgpFile  *file) 

{ 

struct  File  *fp  = (struct  File  *)file->priv; 
int  code  = 0; 

if  (fp->flags  & FLAG  S_F I L E ) 

code  = fclose  (fp->f); 
else  if  (fp->flags  & FLAGS_PR0C)  { 
if  (fp->doClose) 

code  = fp->doClose  ( f p - > f , fp->closeArg); 

/*  We  may  not  be  able  to  'close'  here..  I hope  that  is  ok  */ 

> 

if  (code)  f 

code  = PGPERR_FIL  E_0  P F A I L ; 
setError  (file,  code); 
f p->error  = code; 
return  code; 

> 

if  ( f p->  c f b ) 

pgpCfbDestroy  (fp->cfb); 
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memset  (fp,  0,  sizeof  ( * f p ) ) ; 
pgpMemFree  (fp); 

memset  (file,  0,  sizeof  (*file)); 
pgpMemFree  (file); 

return  code; 

> 

static  int 

fileEof  (struct  PgpFile  const  *file) 

{ 

struct  File  * f p = (struct  File  *)file->priv; 
return  feof  (fp  — >f); 

> 

static  struct  PgpFileError  const  * 

f i leError  (struct  PgpFile  const  * f i l e ) 

f 

struct  File  * f p = (struct  File  *)file->priv; 

if  (fp->error) 

return  &(fp->err); 

return  NULL; 

> 

static  void 

f i l e C l e a r E r r o r (struct  PgpFile  *file) 

{ 

struct  File  * f p = (struct  File  *)file->priv; 

clearerr  (fp  — >f)  ; 
fp->error  = 0; 

> 

/*  Converts  a writing  file  to  a reading  file  * / 
static  int 

fileWrite2read  (struct  PgpFile  * f i l e ) 
f 

struct  File  * f p = (struct  File  *)file->priv; 

if  ( f p — > f lags  ! = PG P_F I L E_W R I T E ) 
return  P G P E R R_F I L E_B A D 0 P ; 

f p->  f lags  = PG  P_F ILE_READ; 

/*  XXX  — should  I rewind  this  file?  */ 

/*  return  pgpFileSeek  (file,  0,  SEE K_S E T ) ; */ 
return  0; 

> 

/*  Creates  a new  P g p C f b C on t e x t and  returns  it.  Returns  NULL  otherwise  */ 
static  struct  Pg p C f b C o n t e x t * 
fileCfb  (struct  PgpFile  const  *file) 

{ 

struct  File  * f p = (struct  File  *)file->priv; 
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if  ( f p->  c f b ) 

return  pgpCfbCopy  (fp->cfb); 
return  NULL; 

> 


/*  Open  functions  */ 


•★*★★****★*★*  / 


/*  take  a FILE*  and  convert  it  to  a PgpFile*  */ 

static  struct  PgpFile  * 

doOpen  (FILE  *file,  int  fflags) 

struct  PgpFile  * f p ; 
struct  File  * f f p ; 

if  ( ! f i l e ) 

return  NULL; 

fp  = (struct  PgpFile  * ) pgpMemA  l l oc  (sizeof  (*fp)); 
if  ( ! f p) 

return  NULL; 

ffp  = (struct  File  *)pgpMemAlloc  (sizeof  (*ffp)); 
if  ( ! f f p)  f 

pgpMemFree  (fp); 
return  NULL; 

> 

memset  (ffp,  0,  sizeof  ( * f f p ) ) ; 
memset  (fp,  0,  sizeof  (*fp)); 

rewind  (file); 
f f p - > f = file; 
ffp->flags  = fflags; 

fp->priv  = ffp; 
fp->read  = stdioRead; 
fp->write  = stdioWrite; 
fp->flush  = stdioFlush; 
f p->c lose  = fileClose; 
fp->tell  = stdioTell; 
fp->seek  = stdioSeek; 
f p - > e o f = fileEof; 
f p->error  = fileError; 
fp->clearError  = fi leClearError; 
f p-> w r i t e 2 r e a d = f i l eW r i t e2 read; 
fp->cfb  = fileCfb; 

return  fp; 

> 


/*  Convert  a FILE*  to  PgpFile*  in  Write  Mode  */ 
struct  PgpFile  * 

pg p F i l e W r i t e 0 pe n (FILE  * f i l e , struct  P g p C f b C o n t e x t *cfbp) 
{ 

assert  (cfbp  = = NULL); 

return  doOpen  (file,  PG P_F I L E_W R I T E ) ; 

> 
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/*  Convert  a FILE*  to  PgpFile*  in  Read  Mode  */ 
struct  PgpFile  * 

pg p F i l e R e a dO pe n (FILE  *file,  struct  PgpUICb  const  *ui, 
{ 

( v o i d ) u i ; 

( vo i d ) u i_a  rg ; 

/* 

* We  still  need  to  check  the  file  for  encrypt 

* the  decryption  key,  somehow. 

* / 

return  doOpen  (file,  PGP_F I LE_READ ) ; 

> 


struct  PgpFile  * 
pgpFi  leProcWri teOpen 

t 


(FILE  *f i l e, 
void  *arg) 


struct  PgpFile  *fp; 
struct  File  * f ; 


i n t 


(*doClose) 


(FILE 


fp  = doOpen  (file,  P G P_P R 0 C_W R I T E ) ; 
f = (struct  File  *)fp->priv; 
assert  (f); 

f->doClose  = doClose; 
f->c  loseArg  = arg; 
return  fp; 


void  *ui_arg) 


ion  and  obtain 


★file,  void  *arg). 
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pgpfile.h 

/* 

* pgpfile.h  --  an  abstraction  to  files 

* 

* Written  By:  Derek  Atkins  < w a r l o r d 5)  M I T . E D U > 

★ 

* $ I d : pgpfile.h, v 1.1  7 1 996/1  1 /1  2 02:17:38  mhw  Exp  $ 
*/ 

# i f ndef  PGP_PGP F I LE_H 

# d e f i n e PG  P_PG  P F I L E_H 

struct  PgpUICb; 

# i f n d e f TYPE_PGPUICB 
#define  TYPE_PGPUICB  1 
typedef  struct  PgpUICb  PgpUICb; 
ft  e nd  i f 

struct  Pg p C f b C o n t e x t ; 

# i f nd  e f TYPE_PGPC  FBCONTEXT 
#de  f i ne  T Y P E_PG P C F B C 0 N T E X T 1 

typedef  struct  PgpCfbContext  PgpCfbContext; 
ft  e nd  i f 

struct  PgpPipeline; 

# i f n d e f T Y P E_PG P P I P E L I N E 

# d e f i n e T Y P E_PG P P I P E L I N E 1 

typedef  struct  PgpPipeline  PgpPipeline; 
ft  e n d i f 

struct  PgpFile; 

# i f nd  e f T Y P E_P G P F I L E 

# d e f i n e TYPE  PGPFILE  1 


typedef 

struct 

Pg  p F i l e 

PgpFi 

le; 

ft  end  i f 

struct 

PgpFileError  C 

struct 

Pgp  F i l e 

* f ; 

/ 

■k 

The 

PgpFile  for  I/O  Errors 

*/ 

long 

fpos; 

/ 

* 

file 

position  * / 

i n t 

error; 

/ 

k 

PGP 

error  code  ( P G P E R R_* ) 

* / 

> ■ 

i n t 

syserrno; 

/ 

k 

don  ' 

t use  errno;  that's  a 

macro 

ft  i f nde  f 

TYPE_PGPFILEERROR 

ft  define 

TYPE_PGPF I LEERROR  1 

typedef 

struct 

PgpFi  leError 

PgpFi 

leError; 

ft  e n d i f 

struct  PgpFile  C 

void  * p r i v ; 

si ze_t  (*read)  (void  *ptr,  size_t  size,  struct  PgpFile  *file); 
size_t  (*write)  (void  const  *ptr,  size_t  size,  struct  PgpFile  * f i l e ) ; 
int  (*flush)  (struct  PgpFile  * f i l e ) ; 
int  ( * c l o s e ) (struct  PgpFile  * f i l e ) ; 
long  ( * t e l l ) (struct  PgpFile  * f i l e ) ; 

int  (*seek)  (struct  PgpFile  * f i l e , long  offset,  int  whence); 
int  ( * e o f ) (struct  PgpFile  const  * f i l e ) ; 

struct  PgpFileError  const  * (*error)  (struct  PgpFile  const  * f i l e ) ; 
void  (*c  learError)  (struct  PgpFile  * f i l e ) ; 
int  (*wri te2read)  (struct  PgpFile  * f i l e ) ; 
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> ; 

# i f n d e f 
//define 
t y p e d e f 
ft  e nd  i f 

struct 

struct 

struct 


struct 

struct 

//define 
ft  d e f i n e 
//define 
# d e f i n e 
//define 
ft  define 
ft  d e f i n e 
ft  d e f i n e 
ft  d e f i n e 
ft  define 
//define 

tte  nd  i f 


struct  Pg p C f b C o n t e x t * (*cfb)  (struct  PgpFile  const  *file); 


TYPE_PGP  F I LE 

T Y P E_P  G P F I L E 1 

struct  PgpFile  PgpFile; 


3 g P F i 
3 g p F i 
3 9 P F i 


l e 
l e 
l e 


3 g P F i 
3 g P F i 


l e 
l e 


* pg p F i l e R e a d 0 pe n (FILE  *file,  struct  PgpUICb  const  *ui, 

void  * u i_a  r g ) ; 

*pgpFileWriteOpen  (FILE  * f i l e , struct  PgpCfbContext  * c f b ) ; 

* pg p F i l e P r o c W r i t e 0 p e n (FILE  * f i l e , 

int  (*doClose)  (FILE  * f i l e , void  * a r g ) , 
void  *arg); 

*pgpFilePipelineOpen  (struct  PgpPipeline  * h e a d ) ; 
*pgpFileMemReadOpen  (void  *base,  size_t  len); 


pgpFi  leRead(p,s,f)  (f)->read(p,s,f) 

pgpFi  leWrite(p,s,f)  (f)->write(p,s,f) 

pg p F i l e F l u s h ( f ) ( f ) - > f l u s h ( f ) 

pg p F i l e C l o s e ( f ) ( f ) -> c l o s e ( f ) 

pgpF i l eTe l l ( f ) (f)->tell(f) 

pgpFi leSeek(f,o,w)  (f )->seek(f,o,w) 

pg p F i l e E o f ( f ) (f)->eof(f) 

pg p F i l e E r r o r ( f ) (f )->error(f  ) 

pgpFi  LeClearError(f)  (f )->clearError(f ) 

pgpFi LeWrite2Read(f)  (f)->write2read(f) 

pg p F i l e C f b ( f ) (f)->cfb(f) 

* PGP  PGPFILE  H */ 
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pgpleaks.c 


/* 

* pgpleaks.c  Leak  tracking  module  for  memory  allocation  routines 

★ 

* $ I d : pgpleaks.c, v 1.5. 2.1  1 996/1  1 /14  02:36:54  mhw  Exp  $ 

*/ 


# i n c l ud e 

# i n c l ud  e 
# i nc  l ude 
# i nc  l ude 
# i n c l ude 

# i n c l ud  e 


<stdlib.h> 
<limits.h> 
<string.h> 
<assert  . h> 
"pgp/pgpmem. h" 
"pgp/pgpleaks . h" 


typedef  struct  _LeaksSession  LeaksSession ; 

struct  _Le a k s S e s s i on 

LeaksSession  * prevSession; 
char  const  * name; 

Leakltem  dummy  I tern; 

>; 


/* 

* In  order  to  avoid  allocating  memory  until  we  have  the  first  session 

* initialized,  we  use  this  static  variable  for  the  first  session. 

*/ 

static  LeaksSession  ini tialSession; 


static  LeaksSession  * 
static  i n t 

static  Lea kA l l ocType 
LeakAl  locType 


currentSession  = NULL; 
numUnallocatedSessions  = 0 ; 
pgpLeaksSessionDummyType; 
pgpLeaksGeneri cAl locType; 


static  void 

pgpLeaksInitAl locTypeC 

Le a k A l l o c Ty pe I n f o * newType, 
char  const  * typeName, 

Le a k A l l o c Ty p e deallocType) 

{ 

pgpAssertAddrValid(newType); 
pgpAssertStrValid(typeName); 
if  ( newT  ype  ! = NULL  ) 

{ 

newType->magic  = kLeakAllocTypeMagic; 
newType->name  = typeName; 
n e w Ty p e-> d e a l l o c Ty pe  = (deallocType  ! = 

> 

> 


NULL)  ? deallocType 


newType; 


void 

pgpLeaksInit(void) 

{ 

static  i n t 

static  Le a k A l l o c Ty p e I n f o 
static  L e a k A l l o c Ty p e I n f o 

if  ( ! a l r e a dy I n i t i a l i z e d ) 

a l r e a dy  I n i t i a l i z e d = 1 


alreadylnitialized  = 0; 
pgpLeaksSessi onDummyTypelnfo; 
pgpLeaksGeneri cAl locTypelnfo; 
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pgpLeaksIni tAL  locTypeC&pgpLeaksSessionDummyTypelnfo, 

"Leaks  Session",  NULL); 

pgpLeaksIni tAl locTypeC&pgpLeaksGeneri cAL  LocTypelnfo, 

"Generic  Alloc",  NULL); 

pgpLeaksSessionDummyType  = SpgpLeaksSessionDummyTypelnfo; 
pgpLeaksGenericAllocType  = SpgpLeaksGenericAllocTypelnfo; 

} 

> 

LeakAl  locType 
pgpLeaksNewAl  LocTypeC 

char  const  * typeName, 

Le a k A l l o c Ty pe  d e a l l o c Ty p e ) 

{ 

LeakAllocTypelnfo  * newType;  / * LeakAllocType  is  a pointer  to  const  * / 

newType  = (LeakAllocTypelnfo  *)pgpMemAlloc(sizeof(LeakAllocTypeInfo)); 
pgpLeaksInitAllocTypeCnewType,  typeName,  deallocType); 
return  newType; 

} 

static  void 
pgpLeaksLi nkltemC 

Leakltem  * e x i s t i n g 1 1 e m , 

Leakltem  * newltem) 

{ 

pgpAssertLeakltemValid(existingltem); 
newltem->prev  = existingltem; 
newltem->next  = existingltem->next; 
newltem->prev->next  = newltem; 
newltem->next->prev  = newltem; 
pgpAssertLeakltemValid(newItem); 

} 

static  void 
pgpLeaksUnlinkltemC 

Leakltem  * item) 

{ 

pgpAssertLeakltemValid(item); 
pgpAssertLeakItemValid(item->prev); 
pgpAssertLeakltemValidCi tem->next); 
item->prev->next  = item->next; 
i tem->next->prev  = i tem->prev; 

> 

static  void 

pgpAssertLeaksSessionValidC 
LeaksSession  * session) 

{ 

/* 

* pgpLeaksNotifyltemMoved  assumes  this  routine 

* won't  check  the  prev  and  next  links 
*/ 

pgpAssertAddrValid(session); 

pgpAssertLeakItemValid(Ssession->dummyItem); 

> 

static  void 
pgpLeaksInitLinkltemC 
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Leakltem  * 

item. 

LeakAl  locType 

allocType, 

void  const  * 

memory. 

char  const  * 

f i l eName, 

long 

l i neNumbe  r ) 

item->magic  = 

kLeakltemMagi c; 

item->allocType  = allocType; 

i tem->i gnore  = 

0; 

item->prev  = item->next  = item; 

i t em->  f i leName 

= fileName; 

i t e m- > l i n e N u m b e r = LineNumber; 

item->memory  = 

memory; 

> 

void 

pgpl_eaksStartSession( 

char  const  * sessionName) 

LeaksSession  * newSessi on; 

pgpLeaksInitO;  / * XXX:  Just  in  case  we  aren't  already  initialized  * / 

pgpAssertStrValid(sessionName); 

/ * 

* If  we  can't  allocate  a new  session,  we  just  increment  the 

* numUna  l l o c a t ed S e s s i on s counter,  so  we  keep  using  the  parent  session 

* instead.  In  addition,  if  we're  already  in  a session  which  couldn't 

* be  allocated  ( n umll  n a l l o c a t ed  S e s s i o n s > 0),  we  won't  even  try  to 

* allocate  this  one,  because  it  would  be  more  complicated  to  keep  track 

* of  than  it's  worth. 

*/ 

if  ( c u r r e n t S e s s i on  ==  NULL) 

newSession  = & i n i t i a l S e s s i o n ; 
else  if  (numUnallocatedSessions  > 0) 
newSession  = NULL; 

else 

newSession  = (LeaksSession  *)pgpMemAlloc(sizeof(LeaksSession)); 
if  (newSession  = = NULL) 

numUnal  locatedSessions++; 

pgpDebugMsg(" Unable  to  allocate  new  leaks  session"); 

> 

else 

newSession->prevSession  = currentSession; 
newSessi on->name  = sessionName; 

pgpLeaksInitLinkItem(SnewSession->dummyItem,  pgpLeaksSessionDummyType, 

NULL,  FILE , LINE ); 

currentSession  = newSession; 

> 


static  void 

pgpLeaksShowSessionLeaks( 

LeaksSession  * session) 

Leakltem*  item; 
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pgpAssertLeaksSessionValid(session); 
item  = Ssessi on->dummyItem; 
pgpAssertLeakltemValid(item); 


item  = item->next; 

while  (item  !=  & s e s s i o n -> d u mmy  1 1 e m ) 


pgpAssertLeakltemValid(item); 
if  (!item->ignore) 

{ 


> 


pgpDebug FmtMsg ( ( " LEAK  from  %s  line  %I  (%s),  session  %s", 

item->fi  leName,  item->lineNumber, 
i tem->a  l locType->name,  sessi on->name  ) ) ; 


> 


item  = item->next; 

> 


void 

pgpLeaksEndSession(void) 

{ 

if  (numlJna  l locatedSessi  ons  > 0) 
numUna l locatedSessions  — ; 

else 

{ 


LeaksSession  * oldSession; 

pgpAssertLeaksSessionValid(currentSession); 
oldSession  = currentSession; 
currentSession  = o l d S e s s i o n-> p r e v S e s s i on ; 
pgpLeaksShowSessionLeaks(oldSession); 
if  (oldSession  !=  S i n i t i a l S e s s i o n ) 
pgpMemFree(oldSession)  ; 


> 


> 


void 

pgpLeaksRememberItem( 


Leakltem  * 


item, 
type, 
memory, 
f i l eName, 
lineNumber) 


LeakAl locType 
void  const  * 
char  const  * 
long 


{ 


pgpLeaksInitLinkItem(item,  type,  memory,  f i leName,  lineNumber) ; 
pgpLeaksLinkItem(ScurrentSession->dummyItem,  item); 

} 

void 

pgpLeaksIgnoreItem( 

Leakltem  * item) 

{ 

pgpAssertLeakltemVa  lid( i tern); 
item-> ignore  = 1; 


> 


void 

pgpLeaksForget!tem( 
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Leakltem  * i tern, 

L e a k A L L o c Ty p e deaLLocType) 

{ 

pgpAssertLeakltemVaLid(item); 

pgpAssert FmtMsg ( i tem->a L LocType->dea L LocType  = = deaLLocType, 

("BLock  deaLLocated  incorrectLy  with  %s,  from  %s  in  %s  Line  %I", 
d e a L L o c Ty pe-> n a me , i t em-> a L L o c Ty p e-> n a m e , i t em-> f i L e N a me , 
i tem->  L i neNumber) ) ; 
pgpLeaksUnLinkltem(item); 

> 

void 

pgpLeaksNoti fyltemMovedC 

Leakltem  const  * oLdltem, 

Leakltem  * newltem) 

{ 

/*  Assumes  that  the  assertion  won't  check  the  Links  */ 
pgpAssertLeakltemVaLid(newItem); 

if  ( new  1 1 em-> p r e v ==  oLdltem) 

{ 

/*  This  is  the  onLy  item  in  the  List  */ 
newltem->prev  = newltem->next  = newltem ; 

> 

e L s e 

newltem->prev->next  = newltem; 
newltem->next->prev  = newltem; 

> 

> 


/* 

★ 

Lo  c a L 

VariabLes: 

★ 

t a b- 

w i 

d t h : 4 

★ 

E nd  : 

★ 

v i : 

t s 

=4  sw=4 

★ 

vim: 

s 

i 

*/ 
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pgpleaks.h 


/ * 

* pgpleaks.h  --  Leak  tracking  module  for  memory 

* 

* $Id:  pgpleaks.h, v 1.5. 2. 2 1996/11/14  21:29:35 
*/ 


//ifndef  P G P L E A KS_H 
//define  PGPLEAKS  H 


allocation 
h a l Exp  $ 


routines 


#include  " pg p / u s u a l s . h " 

//include  " pg  p / pg  pd  e bu  g . h " 

/* 

not  thread-safe 


LeakAl locTypelnfo; 
LeakAl  locType; 

struct  _Lea kA l l ocType I nf o 
C 

ulong  magic; 

char  const  * name; 

Le a k A l l o c Ty pe  deallocType; 

>; 


* WARNING:  The  leaks  library  is  currently 
*/ 


//define  k L e a k A l l o c Ty p e M a g i c 
//define  k L e a k 1 1 e m M a g i c 


OxEI 9C834B 
0xB74D951 F 


typedef  struct  _L e a k A l l o c T y p e I n f o 
typedef  struct  _Le a k A l l o c Ty pe I n f o const  * 


extern  LeakAllocType  pgpLeaksGenericAllocType; 

/ * 

* The  Leakltems  form  a c i r c u l a r l y- l i n k ed  list. 

* Each  session  has  its  own  list,  each  with  its  own  dummy  element. 

* / 


typedef  struct  _LeakItem 


struct  _L  e a k 1 1 e m 

{ 

ulong 

magi c; 

LeakAl locType 

al  locType; 

i n t 

ignore; 

Leakltem  * 

prev; 

Leakltem  * 

next; 

char  const  * 

fi  leName; 

long 

l i neNumber; 

void  const  * 

memory; 

>; 

Lea  kl tern; 


//define  pgpAssertLeakAllocTypeValid(type) 

pg p A s s e r t M s g ( ( t y pe ) !=  NULL  88  ( t y pe  ) ->ma g i c 

"Invalid  LeakAllocType  magic") 
//define  pgpAssertLeakltemValid(item) 

pg p A s s e r t M s g ( ( i t em ) !=  NULL  88  ( i t em  ) ->ma g i c 

"Invalid  Leaklnfo  magic") 


\ 

k Le a k A l l o c Ty pe Ma g i c , \ 

\ 

kLeakltemMagic,  \ 


void  pgpLeaksInit(void); 

LeakAllocType  pg p Lea k s N e w A l l o c Ty pe ( c h a r const  *typeName, 

LeakAllocType  deallocType); 
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void  pgpLeaksStartSessionlchar  const  *sessi onName  ) ; 

void  pgpLeaksEndSessionCvoid  ); 

void  pgpLeaksRememberltemdeakltem  * i t e m , LeakAL  locType  type, 

void  const  *memory,  char  const  *fileName, 
tong  lineNumber); 

void  pgpLeaksIgnoreltemtLeakltem  *i tem) ; 

void  pgpLeaksForgetltemCLeakltem  * i t e m , LeakALLocType  type); 

/ * 

* Call  this  whenever  a Leakltem  moves  in  memory.  <oldItem>  will  not  be 

* referenced  and  need  not  contain  any  valid  data.  It  need  only  indicate 

* where  the  item  used  to  be  in  memory. 

*/ 

void  pgpLeaksNoti f y I t emMo v ed ( L e a k I t em  const  *oldItem, 

Leakltem  *newltem); 

# e n d i f /*  PGPLEAKS  H */ 


/* 

★ 

Local 

Variables: 

★ 

t a b- 

w i 

d t h : 4 

★ 

E nd  : 

★ 

v i : 

t s 

= 4 sw  = 4 

* 

vim: 

s 

i 

*/ 
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pgpmem.c 


/* 

* pgpmem.c  --  pgpMemAlloc  and  friends  with  debugging  suppdrt 

* 

* $ I d : pgpmem.c, v 1.5. 2.1  1 996/  1 1 / 1 4 02:36:5  5 mhw  Exp  $ 

*/ 

#ifdef  H A V E_C  0 N F I G_H 
^include  "config.h" 

# e nd i f 


//include 
# i n c L ud  e 
^include 
# i nc  l ude 
^include 
#include 
# i n c L u d e 
//include 


< s t d L i b . h > 

< L i m i t s . h > 
<string.h> 
"pgp/usuals.h" 
"pgp/pgpmem.h" 
"pgp/pgperr . h" 
"pgp/pgpdebug  . h" 
"pgp/pgpleaks.h" 


/*  Fills  a l l o c a t e d / d e a l l o c a t e d memory  with  OxBB's  */ 
//ifndef  DEBUG_F I LL_MEM 

//define  D E B U G_  F I L L_M  E M DEBUG 

//  e n d i f 


/*  Puts  a ulong-sized  magic  number  before  the  start  of  each  block  */ 

//ifndef  D EBU  G_M  E M_H  E A D_M  A G I C 

//define  D E B U G_M  E M_H  E A D_M  A G I C DEBUG 

# e n d i f 

/*  Puts  magic  bytes  after  the  end  of  each  block  */ 

//ifndef  D E BU  G_M  E M_T  A I L_M  AG  I C 
//if  DEBUG 

//define  D E B U G_M  E M_T  A I L_M  A G I C 4 

ft  e l s e 

//define  D EB  U G_M  E M_T  A I L_M  AG  I C 0 

U e n d i f 

# e nd i f 

/*  Makes  p g p M e m R e a l l o c always  move  a growing  block  */ 

//ifndef  D E B U G_A  L W A Y S_M  0 V E 

//define  D E BU  G_A  L W A Y S_M0  V E DEBUG 

# e n d i f 

# i f DEBUG_F I LL_MEM 

//define  Maybe  F i l l Mem  ( p,  size)  memset((void  *)(p),  OxBB,  size) 

//else 

//define  M a y b e F i l l M e m ( p , size) 

U e n d i f 


//define  kMemHeaderMagic  0xD837C51E 


typedef  struct  _MemHeader  MemHeader; 
struct  _MemHeader 
{ 

//if  DEBUG  FIND  LEAKS 


Leakltem 
//end  i f 

leakltem; 

/* 

Information 

for 

s i z e_t 

size; 

/* 

Size  of  the 

user 

the  leaks  package  * / 
area  of  the  block  * 


/ 
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#if  D E B U G_M  E M_H  E A D_M  A G I C 

ul-ong  magic;  /*  Trailing  magic  number  */ 

Send  i f 

>; 

^define  UserPtrToMemHeader(userPtr)  \ 

((MemHeader  *)((char  *)(userPtr)  - s i z eof ( MemHeade r ) ) ) 

#define  MemHeaderTollserPtr(hdrPtr)  \ 

((void  * ) ( ( char  *)(hdrPtr)  + s i zeof ( MemHeader ) ) ) 

#define  F u l l B l o c k S i z e ( u s e r S i z e ) \ 

(si zeof (MemHeader  ) + (userSize)  + D E B U G_M  E M_T  A I L_M  A G I C ) 

/* 

* Defines  the  sequence  of  tail  magic  bytes.  We  want  every  byte  to  be 

* odd  to  catch  memory  references,  but  also  each  should  be  distinct. 

* / 

#define  Ta i l Ma g i c By t e< i ) \ 

(char)(34  * (i)  + Ox  3 D ) 


/* 

PI  .it  f o r m specific  routines 


* / 


/* 

* These  platform-specific  routines  can  be  very  simple.  They  needn't 

* deal  with  NULL  pointers  or  perform  any  assertion  checking.  They  will 

* never  be  passed  a zero  size,  because  a MemHeader  will  always  be  included. 

* pgpP  l a t f o rmRea  l l o c should  never  move  the  block  itself;  instead  it  should 

* just  return  P G P E R R_N 0 M E M , causing  the  p l a t f o r m- i n d e p e n d e n t routine  to 

* allocate  a new  block  and  move  the  memory  itself. 

* / 

static  void  * pg p P l a t f o rm A l l o c ( s i z e_t  size); 

static  PGPError  pgpPlatformRealloc(void  **ptrRef,  si ze_t  oldSize, 

si ze_t  newSize); 

static  void  pgpPlatformFree(void  * p t r ) ; 

# i f MACINTOSH  /*  C */ 

/ * 

* Macintosh  specific  routines 
*/ 

void 

pgpCopyMemory ( 

void  const  * src, 
void*  dest, 

s i z e_t  size) 

{ 

pg p A s s e r t M s g ( ( S i z e ) s i z e >=  0, 

"pgpPlatformAlloc:  size  negative  or  too  large"); 
BlockMoveData(src,  dest,  (Size)size); 

> 

static  void  * 
pgpPlatformAl  loc( 

s i z e_t  size) 

{ 

pg p A s s e r t M s g ( ( S i z e ) s i z e >=  0, 

"pgpPlatformAlloc:  size  negative  or  too  large"); 
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return  (void  * )NewPt r ( ( S i ze ) si ze ) ; 

> 


static  PGPError 
pgpPlatformReal loc( 


void  * * 

p t r R e f , 

s i z e_t 

o l d S i z e , 

s i z e_t 

newSize) 

Ptr 

ptr  = (Ptr)*ptrRef; 

s i z e_t 

actualSize; 

/* 

* We  need 

to  perform  this  additional 

* signed 

long  instead  of  an  unsigned 

*/ 

assertion,  because  the  Mac  uses  a 
Long  (size_t)  for  memory  allocation 


pg p A s s e r t M s g ( ( S i z e ) n e w S i z e >=  0, 

"pgpPlatformAlloc:  size  negative  or  too  large"); 
SetPtrSize(ptr,  (Size)newSize); 
actualSize  = G e t P t r S i z e ( p t r ) ; 
if  (actualSize  ! = newSize) 
return  P G P E R R_N 0 M E M ; 

else 


> 


return  PGPERR_0K; 


static  void 
pgpPlatformFree( 

void*  ptr) 

{ 

Di sposPt r ( (char  * ) p t r ) ; 

> 

//else  /*  ] MACINTOSH  [ */ 


/ * 

* ANSI-specific  routines  (for  non-Macs) 
*/ 


void 

pgpCopyMemory( 

void  const  * 
void  * 
s i z e_t 

{ 

memmove(dest, 

} 


s r c , 
d e s t , 
size) 

src,  size); 


static  void  * 
pgpPlatformAl loc( 

s i z e_t  size) 

{ 

return  (void  *)malloc(size); 

> 


static  PGPError 
pgpPlatformRealloc( 
void  **  pp, 

s i z e_t  oldSize, 
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s i z e_t  newSize) 

void  * oldP  = * p p ; 

void*  newP; 

if  (newSize  > oldSize) 

return  PG  P E R R_N  0 M E M ; 
newP  = realloc(oldP,  newSize); 
if  (newP  ==  NULL) 

return  PG P E R R_N OM E M ; 

*pp  = newP; 
return  PGPERR_0K; 

> 

static  void 
pgpPlatformFreeC 

void*  p ) 

{ 

free(p)  ; 

> 

# e nd  i f / * ] * / 

/ * 

Platform  independent  routines 


* / 


void 

pgpAssertMemBlockValidC 

void*  userPtr) 

{ 

MemHeader  * header  = UserPtrToMemHeader(userPtr); 

pgpAssertAddrValid(userPtr); 

# i f D E B U G_F IND_LEAKS 

pgpAssertLeakItemValid(&header->leakItem); 
ft  e nd  i f 

U if  D E B U G_M  E M_H  E A D_M  A G I C 

pg p A s s e r t M s g ( h e ad e r->ma g i c ==  kM emH e a d e r Ma g i c , 

"Invalid  MemHeader  magic"); 

ft  e n d i f 

ft  if  D E B U G_M  E M_T  A I L_M  A G I C 
{ 

char  * tailMagic  = (char  *)userPtr  + header->size; 

i n t i ; 

for  (i  = 0;  i < D E BU G_M E M_T A I L_M AG  I C ; i++) 

pg p A s s e r t M s g ( t a i l Ma g i c [ i D ==  T a i l Ma g i c By t e ( i ) , 
"Invalid  memory  tail  magic"); 

> 

ft  e nd  i f 

> 

static  void 
pgpMemSetTai LMagic( 

MemHeader  * header) 

{ 

ft  i f DEBUG  M E M_T A I L_M AGIO 
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char  * tailMagic  = (char  * ) heade  r + sizeof (MemHeader)  + header->size; 

i n t i ; 

for  (i  = 0;  i < D E B U G_M E M_T A I L_M A G I C ; i++) 

t a i l M a g i c C i 1 = T a i L Ma g i c By t e ( i ) ; 

#end i f 

> 

void  * 

P G P_I N T E R N A L_A  L L 0 C ( 

s i z e_t  size 

PG P A L L0 C_C ONT E X T_P A R AM S_D E F ) /*  fileName  and  LineNumber  */ 

{ 

MemHeader  * header; 

void*  userPtr; 

s i z e_t  fullSize; 

pg p A s s e r t M s g ( s i z e >=  0,  " pg p I n t e r n a L A L L o c : Negative  size"); 
header  = (MemHeader  * ) pg p P L a t f o rm A L l o c ( F u l L B l o c k S i z e ( s i z e ) ) ; 
if  (header  ==  NULL) 
return  NULL; 

MaybeFi  llMem(header,  FullBlockSize(size)); 
userPtr  = MemHeaderToUserPtr(header); 

# i f D E B U G_F IND_LEAKS 

pgpLeaksRememberItem(Sheader->LeakItem,  pgpLeaksGeneri cAL  LocType, 

userPtr,  fileName,  LineNumber); 

#end  i f 

header->size  = size; 

U i f D E B U G_M  E M_H  E A D_M  A G I C 

h e a d e r - > ma g i c = k M e m H e a d e r M a g i c ; 

# e n d i f 

# i f D E B U G_M  E M_T  A I L_M  A G I C 

pgpMemSetTai LMagi c(header); 

# e nd i f 

return  userPtr; 

> 


PGPError 
pgpRealloc( 
void  * * 

userPtrRef , 

s i z e_t 

{ 

si z e_t 

newSize) 

oldSize; 

void  * 

oldUserPtr 

= *userPtrRef; 

MemHeader  * 

oldHeader  = 

UserPtrToMemHeader(oldUserPtr); 

void  * 

newUserPtr; 

MemHeader  * 

newHeader; 

PGPError 

result; 

pgpAssertMemBlockValid(oldUserPtr); 

pg p A s s e r t M s g ( n e w S i z e >=  0,  "pgpRealloc:  Negative  size"); 
oldSize  = o l d H ea d e r -> s i z e ; 
if  (newSize  ==  oldSize) 
return  PGPERR_0K; 

/*  If  we're  shrinking  the  block,  wipe  the  tail  end  before  resizing  */ 
if  (newSize  < oldSize) 

MaybeFi  llMem((char  *)oldUserPtr  + newSize,  oldSize  - newSize); 
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newHeader  = oldHeader; 

/*  Always  move  growing  blocks  if  D E B U G_A  L W A Y S_M  0 V E */ 
if  ( D E B U G_A  L W A Y S_M  0 V E &S  newSize  > oldSize) 
result  = PGPER  R_N  0 M E M ; 

else 

result  = pgpP  1 a t f o rmRea  l l oc ( ( vo i d **)8newHeader, 

FullBlockSize(oldSize),  FullBlockSize(newSize)); 

if  (result  ==  PG P E R R_N OM E M ) 

{ 

/*  pg p P l a t f o r m R e a l l o c failed,  try  allocating  a new  block  and  moving  */ 
pgpAs se rt Msg ( newS i z e > oldSize, 

"pgpPlatformReal  loc  failed  to  shrink  block" ); 
newHeader  = pgpPlatformAlloc(FullBlockSize(newSize)); 
if  (newHeader  = = NULL) 

return  PG P E R R_N OM E M ; 

pgpCopyMemory( (void  *)oldHeader,  (void  OnewHeader, 
si zeof (MemHeader)  + oldSize); 

MaybeFi LlMem(oldHeader,  FullBlockSize(oldSize)); 
pgpPlatformFree(oldHeader); 

> 

else  if  (result  !=  PGPER  R_0  K ) 
return  result; 

newUserPtr  = MemHeaderToUserPtr(newHeader); 

/*  If  we're  growing  the  block,  wipe  the  newly-allocated  portion  */ 
if  (newSize  > oldSize) 

MaybeFi l lMem( (char  *)newUserPtr  + oldSize,  newSize  - oldSize); 
if  (newHeader  !=  oldHeader) 

#if  D E B U G_F I N D_L  E A K S 

pgpLeaksNotifyItemMoved(SoldHeader->leakItem,  SnewHeader->leakItem); 

# e nd i f 

*userPtrRef  = newUserPtr; 

> 

newHeader->size  = newSize; 

U if  D E B U G_M  E M_T  A I L_M  AGIO 

pgpMemSetTai LMagic(newHeader); 

#e  nd  i f 

return  PGPERR_0K; 

> 

void 

pgpFree( 

void*  userPtr) 

{ 

MemHeader  * header  = UserPtrToMemHeader(userPtr); 

pgpAssertMemBlockValid(userPtr); 

#if  D E B U G_F I N D_L  E A KS 

pgpLeaksForgetItem(Sheader->leakItem,  pgpLeaksGenericAllocType); 

# e nd i f 

MaybeFi llMem(header,  FullBlockSize(header->size)); 
pgpPlatformFree(header); 

> 
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Backward-compatible  wrapper  routines, 
which  treat  NULL  like  a 0-sized  block. 

*/ 


void  * 

P G P_I N T E R N A L_M  EMALLOC ( 

s i z e_t  size 

PGPALLOC_CONTEXT_PARAMS_DE F ) /*  fileName  and  lineNumber  */ 

{ 

if  (size  ==  0) 

return  NULL; 

else 

return  PG P_I NT E RN A L_A L L0 C ( s i z e P G P A L L 0 C_C 0 N T E X T_P A S S_P A R A M S ) ; 

> 

void  * 

P G P_I N T E R N A L_M  EMREALLOC( 

void*  userPtr, 

s i ze_t  newS i ze 

PGPALL0C_C0NTEX  T_P  ARAMS_DEF)  /*  fileName  and  lineNumber  */ 

{ 

if  (userPtr  ==  NULL) 

return  P G P_I N T E R N A L_M E M A L L 0 C ( n e w S i ze  PG P A L L0 C_C 0 N T E X T_P A S S_P A R A M S ) ; 
else  if  (newSize  ==  0) 

{ 

pgpMemFree(userPtr); 
return  NULL; 

> 

else  if  (pgpRea l locCSuserPtr,  newSize)  !=  PGPERR_0K) 
return  NULL; 

else 

return  userPtr; 

> 

void 

pgpMemFreel 

void*  userPtr) 

{ 

if  (userPtr) 

pgpFree(userPtr); 

> 

/* 

* Local  Variables: 

* tab-width:  4 

* End: 

* vi:  ts=4  sw=4 

* vim:  si 
*/ 
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pgpmem.h 

/ * 

* pgpmem.h  — Memory  allocation  routines  with  debugging  support 

★ 

* $ I d : pgpmem.h, v 1.5. 2.1  1 996/1  1 /1  4 02  : 36:55  mhw  Exp  $ 

*/ 

//  i f nd  e f P G P M E M_H 
//define  P G P M E M_H 

//include  <stdlib.h> 

//include  " pg p / u s u a l s . h " 

//include  " pg p / pg pe r r . h " 


/* 

* There  are  five  macros  which  control  the  debugging  features  of  pgpmem. 

* Unless  explicitly  set,  they  default  to  the  value  of  the  DEBUG  macro. 

* 

* NOTE:  There's  no  need  to  set  these  explicitly  for  most  purposes. 

* 

* DEBUG_F I LL_MEM 

* 

* 

* 

* D E B U G_M  E M_H  E A D_M  AGIO 

* 

* D E B U G_M  E M_T  A I L_M  AGIO 

* 

* 

* DEBUG_FIN  D_L  E A K S 

★ 

* D E B U G_A  L W A Y S_M  0 V E 

* 

* / 

# i f nde  f D E BUG_F I N D_L E AKS 

//define  D EBUG_F I N D_LE AKS  DEBUG  /*  Find  memory  leaks  */ 

//end  i f 


If  set,  all  allocated  memory  will  be  set  to  OxBB 
before  use,  and  all  deallocated  memory  will  be  set 
to  OxBB  before  being  freed.  This  is  also  done  when 
resizing  blocks. 

If  set,  a ulong-byte  magic  number  is  placed  immediately 
before  each  block,  to  detect  buffer  overruns. 

If  set,  magic  numbers  are  placed  after  the  end  of  each 
block  to  detect  buffer  overruns.  The  value  of  the 
macro  determines  the  number  of  bytes  added. 

If  set,  a list  is  kept  of  all  allocated  blocks  which  is 
used  to  detect  memory  leaks  on  program  exit. 

If  set,  memory  blocks  are  always  moved  when  increasing 
the  size  of  a block. 


#if  DEBUG_F I ND_LEAKS 
//define  PGPALLOC_CONTEX  T_P  A RAMS 
//define  PG  P A L L0  C_C  ON  T E XT_P  A R AMS_D  E F 
//define  PGPALLOC_CONTEXT_PASS_PARAMS 
//define  PG  P_I  N TE  R N A L_A  L LO  C 
//define  PG  P_I  N T E R N A L_M  E M A L LO  C 
//define  P G P_I  N T E R N A L_M  EMREALLOC 
//else 

//define  PG  P A L LO  C_C  0 NT  E X T_P  A R AM  S 
//define  PG  P A L LO  C_C  ON  T E XT_P  A R AM  S_D  E F 
//define  PG  P A L LO  C_C  ONT  E X T_P  A S S_P  A R A M S 
//define  PG  P_I  N T E R N A L_A  L LO  C 
//define  PG  P_I  NTE  RN  A L_M  EM  A LLO  C 
//define  PG  P_I  N T E R N A L_M  E M R E A L LO  C 
//  e nd  i f 


, FILE , LINE 

, char  const  *fileName,  long  l i neNumber 
, fileName,  l i neNumber 
pgpInternalContextAlloc 
pgplnterna IContextMemAl  loc 
pgpInternalContextMemRealloc 


pgpInternalAlloc 
pgpInternalMemAlloc 
pgpInternalMemReal  loc 


/ * 

* These  functions  won't  return  NULL  for  0-sized  blocks, 

* and  will  fail  assertions  if  NULL  is  passed  in. 

* pgpRealloc  also  has  a different,  cleaner  calling  convention. 
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* / 

//define 

//define 

PGPError 

void 


pgpAlloc(size)  \ 

PGP_INTERNAL_ALLOC(si ze  PG P A L L 0 C_C 0 N T E X T_P A R A M S ) 
pgpNew ( type  ) \ 

(((type)  *)pgpAlloc(sizeof(type))) 

pg p R e a L l o c ( v o i d * * u s e r P t r R e f , si ze_t  newSize); 

pgpFree(void  *userPtr); 


/ * 

* These  functions  WILL  return  NULL  for  0-sized  blocks,  and 

* deal  with  NULL  passed  in  as  if  it  was  a 0-sized  block, 

* for  backward  compatibility.  They  have  the  same  semantics 

* as  malloc/realloc/free. 

* / 


//define 
#def i ne 
//define 
void 


pgpMemAlloc(size)  \ 

PGP_I NTERNAL_M EM ALLOC ( size  PG P A L L 0 C_C 0 N T E X T_P A R A M S ) 
pgpMemNew ( type  ) \ 

(((type)  *)pgpMemAlloc(sizeof(type))) 
pgpMemReal  loctuserPtr,  newSize)  \ 

P G P_I N T E R N A L_M  EMREALLOC (userPtr,  newSize  P G P A L L 0 C_C 0 N T E X T_P A R A M S ) 
pgpMemFree(void  *userPtr); 


void 


pgpAssertMemBlockValid(void  *userPtr); 


/*  Memory  copy  routine  optimized  for  large  blocks,  overlapping  okay  */ 


void 


pgpCopyMemory(void  const  *src,  void  *dest,  si ze_t  size); 


/*  Lookie  here!  An  A N S I - c o m p l i a n t alignment  finder!  */ 


ft  i f nd  e f 
//define 
//end  i f 


a l i g n o f 

alignof(type)  (sizeof (structUype  _x;  char  _y;>)  - si zeof ( type) ) 


/ * 

* WARNING:  These  should  only  be  used  by  the  above  macros 

* / 

void  * PGP_INTERNAL_ALLOC ( si ze_t  size  PG P A L L 0 C_C 0 N T E X T_P A R A M S_D E F ) ; 

void  * PGP_INTERNAL_MEMALLOC ( si ze_t  size  PG P A L LO C_C 0 N T E X T_P A R A M S_D E F ) ; 

void  * PG P_I N T E R N A L_M E M R E A L LO C ( v o i d *userPtr,  si ze_t  newSize 

PGPALLOC_CONTEXT_PARAMS_DEF ) ; 


Ue ndif  /*  PG  PM  E M_H  */ 
/ * 

* Local  Variables: 

* tab-width:  4 

* End: 

* vi:  ts=4  sw=4 

* vim:  si 
*/ 
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pgpmsg.c 

/ * 

* pgpmsg.c  --  a way  to  obtain  the  List  of  PGP  Messages 

* 

* Written  by:  Derek  Atkins  <wa r l o rd3M I T . E DU> 

* 

* Sid:  pgpmsg.c, v 1.8  1996/11/12  02:17:39  mhw  Exp  $ 

*/ 

#include  <stdio.h>  /*  For  sprintfC)  */ 

#define  PGPMSGCmsg,  string)  { msg,  string  >, 

/*  List  of  all  message  codes  */ 
struct  pgpms  g_t  { 
i n t msg; 

char  const  *string; 

>; 

static  struct  pgpmsg_t  const  pgpmsglistCO  = f 
^include  " pg p / pg pm s g . h " 

t 0,  0 > /*  End-of-list  placeholder  */ 

>; 

/ * Get  rid  of  warning  from  gcc  about  missing  prototype  */ 
char  const  *pgpmsgString  (int  code); 

char  const  * 
pgpmsgString  (int  code) 

< 

unsigned  i; 

static  char  buf[]  = "Unknown  msg  code  xxxxxxxxx"; 

/*  1234567890123456789  */ 

for  (i  = 0;  i < sizeof  (pgpmsglist)/sizeof  (*pgpmsglist);  i + + ) { 
if  ( pg pm s g l i s 1 1 i 0 . ms g ==  code) 

return  pgpmsglistCiO. string; 

} 

sprintf  (buf+19,  "%+d",  code); 
return  buf; 

> 
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pipefile.c 

/ * 

* pipefile.c  --  a PgpFile  interface  to  write  to  Pipelines 

* 

* Written  by:  Derek  Atkins  <warlord51MIT.EDU> 

* 

* $ I d : pipefile.c, v 1.1  2 1 996/1  1 /1  2 02:1  7:40  mhw  Exp  $ 

*/ 

# i f d e f HAVE  CONFIG  H 


//include 
# e n d i f 

" c o n f i g . h " 

# i n c l ud  e 

< s t d i o . h > 

//include 

"pgpfi le.h" 

//include 

"pgp/ pgpmem. h" 

//include 

" pgp/pi pe  l i ne  . h " 

//include 

"pgp/pgperr . h" 

//include 

"pgp/usuals.h" 

struct 

File  { 

struct 

PgpFileError  err; 

struct 

PgpPipeline  *head; 

int  error; 

>; 

static 

void 

setError  (struct  PgpFile  *file,  int  code) 

{ 

struct  File  * f p = (struct  File  *)file->priv; 

fp->err.f  = file; 
fp->err . error  = code; 
f p->error  = code; 

} 


static  s i z e_t 
pipeRead  (void  *ptr, 
{ 

(void)  ptr; 
(void)  s i z e ; 
setError  (fi 
return  0 ; 

> 


si ze_t  size,  struct  PgpFile  *file) 


e,  P G P E R R_F I L E_B  A D 0 P ) ; 


static  s i z e_t 

pipeWrite  (void  const  *ptr,  si ze_t  size,  struct  PgpFile  *file) 

{ 

struct  File  * f p = (struct  File  *)  file->priv; 
int  code  = 0; 

size  = fp->head->write  (fp->head,  (byte  const  * ) p t r , size, 
setError  (file,  code); 
return  size; 

> 

static  int 

pipeFlush  (struct  PgpFile  *file) 


& code); 
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{ 

struct  File  * f p = (struct  File  * ) file->priv; 
i nt  code; 

code  = tp->head->flush  (fp->head); 
setError  (file,  code); 
return  code; 

> 

static  int 

pipeClose  (struct  PgpFile  *file) 

{ 

struct  File  * f p = (struct  File  * ) file->priv; 
int  code  = 0 ; 

code  = f p-> h e a d-> s i z e Ad v i s e (fp->head,  0); 
setError  (file,  code); 
if  ( code  ) 

return  code; 

fp->head->teardown  (fp->head); 

memset  (fp,  0,  sizeof  ( * f p ) ) ; 
pgpMemFree  (fp); 

memset  (file,  0,  sizeof  (*file)); 
pgpMemFree  (file); 
return  0; 

> 

static  long 

pipeTell  (struct  PgpFile  *file) 

(void)  file; 
return  0 ; 

> 

static  int 

pipeSeek  (struct  PgpFile  *file,  long  offset,  int  whence) 
{ 

(void)  file; 

(void)  offset; 

(void)  whence; 

return  PG P E R R_F I L E_B A DO P ; 

> 

static  int 

pipeEof  (struct  PgpFile  const  *file) 

C 

(void)  file; 
return  0; 

> 

static  struct  PgpFileError  const  * 
pipeError  (struct  PgpFile  const  *file) 

struct  File  *fp  = (struct  File  * ) file->priv; 

if  (fp->error) 
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return  &(fp->err); 
return  NULL; 

> 

static  void 

pi peC learError  (struct  PgpFile  *file) 

{ 

struct  File  *fp  = (struct  File  *)  file->priv; 
f p->error  = 0 ; 

> 

static  int 

pi peWr i te2 read  (struct  PgpFile  * f i l e ) 

{ 

(void)  file; 

return  PG P E R R_F I L E_B A D 0 P ; 

> 

static  struct  P g p C f b C o n t e x t * 
pipeCfb  (struct  PgpFile  const  *file) 

{ 

(void)  file; 
return  NULL; 

> 

struct  PgpFile  * 

pg p F i l e P i pe l i n eO p e n (struct  PgpPipeline  *mod) 

{ 

struct  PgpFile  * f p ; 
struct  File  * f f p ; 

if  ( ! mod  ) 

return  NULL; 

fp  = (struct  PgpFile  OpgpMemAlloc  (sizeof  ( * f p ) ) ; 
if  ( ! f p ) 

return  NULL; 

ffp  = (struct  File  OpgpMemAlloc  (sizeof  (*ffp)); 
if  ( ! f f p ) { 

pgpMemFree  (fp); 
return  NULL; 

> 

memset  (ffp,  0,  sizeof  (*ffp)); 
memset  (fp,  0,  sizeof  (*fp)); 

ffp->head  = mod; 

fp->priv  = ffp; 
fp->read  = pipeRead; 
fp->write  = pipeWrite; 
fp->flush  = pipeFlush; 
f p->c lose  = pipeClose; 
fp->tell  = pipeTell; 
fp->seek  = pipeSeek; 
f p - > e o f = pipeEof; 
fp->error  = pipeError; 


676 


lib/pgp/helper/ pipefile.c 


fp->clearError  = pi peC Lea rError; 
fp->write2read  = pipeWrite2read; 
fp->cfb  = pipeCfb; 

return  fp; 

> 
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str2key.c 

/ * 

* str2key.c  --  A prototype  s t r i n g - t o- ke y framework. 

★ 

* $ I d : strZkey. c,v  1.1  5.2.1  1 996/1  1 /1  4 04:09:27  cbertsch  Exp  $ 

*/ 


#ifdef  H A V E_C  0 N F I G_H 
# i n c l ud  e "config.h" 
ft  e n d i f 


^include  <string.h> 
^include  <assert . h> 
//include  <stddef.h> 


/ * For  offsetofO  * / 


ft  include 
//include 
ft  include 
#i nclude 
ft  include 
//include 


"str2key.  h" 
"pgp/hash  . h" 
"pgp/pgpmem.h" 
"pgp/pgperr  . h" 
"pgp/random.h" 
"pgp/usuals.h" 


/*  It  turns  out  that  they  all  use  the  same  private  context  structure  */ 
struct  S t r i n g T o Ke y P r i v { 

struct  PgpEnv  const  * e n v ; 

struct  PgpHash  const  *hash; 

byte  bufCIO;  / * Variable-sized  * / 

>; 


/*  And  it  can  be  destroyed  with  a common  routine  */ 
static  void 

s2kDestroy(struct  P g p S t r i n g T o Ke y *s2k) 

{ 

struct  StringToKeyPriv  *priv  = (struct  StringToKeyPriv  *)s2k->priv; 

memsetCpriv,  0,  s2k->encodelen  + offsetof(struct  StringToKeyPriv,  b u f ) ) ; 

pgpMemFree(priv); 

memset(s2k,  0,  sizeof(*s2k)); 

pgpMemFree(s2k); 

> 


static  struct  PgpS t r i ngToKey  * 

s 2 k A l l o c ( s t r u c t PgpEnv  const  *env,  struct  PgpHash  const  *h,  unsigned  size) 
{ 

struct  StringToKeyPriv  *priv; 
struct  PgpStringToKey  *s2k  = NULL; 

priv  = (struct  StringToKeyPriv  *) 

pgpMemAlloc(offsetof(struct  StringToKeyPriv,  buf)  + size); 
if  (priv)  { 

s2k  = (struct  PgpStringToKey  *)pgpMemAlloc(sizeof(*s2k)); 
if  ( s 2 k ) T 

s2k->priv  = priv; 
s 2 k- > e n c od i n g = priv->buf; 
s2k->encodelen  = size; 
s2k->destroy  = s2kDestroy; 
pr i v->env  = env; 
priv->hash  = h; 
priv->buf[10  = h->type; 

> 
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> 

return  s2k; 


/*  Allocate  an  array  of  "num"  hash  private  buffers,  all  sharing  the  same  hash*/ 
static  void  * * 

mu  1 1 i H a s h C r e a t e ( s t r u c t PgpHash  const  *h,  unsigned  num) 

{ 

void  * * v ; 
void  * p ; 
unsigned  i,  j; 
byte  const  b = 0; 


> 


v = (void  **)pgpMemAlloc(num  * sizeof (*v)); 


i f 

( ! v) 

return  NULL; 

for 

( i 

= 0;  i < num; 

p = pgpMemAlloc(h->context_size); 

if  ( ! p)  { 

while  (i){ 

memset (v[--i ],  0,  h -> c o n t e x t_s i z e ) ; 
pgpMemFreelvli ] ) ; 

> 

pgpMemFree(v) ; 
return  NULL; 

> 

h->init(p); 

/*  Initialze  the  Pg pH  a s h C on t e x t with  leading  null  bytes  */ 
for  (j  = 0;  j < i;  j + + ) 

h->update(p,  & b , 1 ) ; 
v C i ] = p ; 

> 

return  v; 


/*  Update  an  array  of  hash  private  buffers,  all 
static  void 

mu  1 1 i H a s h U pda t e ( s t r u c t PgpHash  const  *h,  void  * 
byte  const  *string,  si ze_t  len) 


> 


while  (num--) 

h->update(*v++,  string,  len); 


sharing  the  same  hash  */ 
const  * v , unsigned  num. 


/ * 

* Extract  the  final  combined  string  from  an  array  of  hash  private  buffers, 

* then  wipe  and  free  them. 

* / 

static  void 

mu  1 1 i H a s h F i n a l ( s t r u c t PgpHash  const  *h,  void  **v,  byte  *key,  si ze_t  klen) 

{ 

void  **v0  = v; 

unsigned  hsize  = h->hashsize; 

while  (klen  > hsize)  { 

memcpy(key,  h->final(*v),  hsize); 
key  +=  hsize; 
klen  -=  hsize; 
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memset(*v,  0,  h->context_size); 
pgpMemFree(*(v++) ) ; 

> 

memcpy(key,  h->final(*v),  klen); 
memset(*v,  0,  h->context_size); 
pgpMemFree(*v); 

pgpMemFree(vO); 

> 

static  i n t 

s 2 k S i mp L e ( s t r u c t P g p S t r i n g T o Ke y const  *s2k,  char  const  *str, 
si ze_t  slen,  byte  *key,  size_t  klen) 

unsigned  num; 

struct  StringToKeyPriv  const  * p r i v ; 
struct  PgpFlash  const  * h ; 
void  * * v ; 

assert(s2k->encodelen  = = 2 ) ; 
if  ( ! k L e n ) 

return  0;  / * Okay,  I guess...  * / 

priv  = (struct  StringToKeyPriv  *)s2k->priv; 
h = priv->hash; 

assert ( h->type  ==  priv->bufC1]); 
num  = (klen-1)/h->hashsize  + 1 ; 
v = multihlashCreateCh,  num); 
if  ( ! v) 

return  P G P E R R_N  0 M E M ; 

multihlashUpdate  (h,  v,  num,  (byte  const  * ) s t r , slen); 
multiHashFinal(h,  v,  key,  klen); 

return  0; 

> 


static  i n t 

s 2 k S a l t e d ( s t r u c t PgpS t r i ngToKey  const  *s2k,  char  const  *str, 
si ze_t  slen,  byte  *key,  si ze_t  klen) 

{ 

unsigned  num; 

struct  StringToKeyPriv  const  *priv; 
struct  PgpHash  const  *h; 
void  * * v ; 

assert(s2k->encodelen  ==  10); 
if  ( ! k l e n ) 

return  0;  /*  Okay,  I guess...  */ 

priv  = (struct  StringToKeyPriv  *)s2k->priv; 
h = priv->hash; 

assert(h->type  = = priv->bufC1D); 
num  = (klen-1)/h->hashsize  + 1; 
v = mu 1 1 i H a s h C r e a t e ( h , num); 
if  ( ! v) 

return  P G P E R R_N 0 M E M ; 
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multiHashUpdate  ( h , v , num,  priv->buf+2,  8 ) ; 
multiHashllpdate  ( h , v , num,  (byte  const  *)str,  slen); 
multiHashFinaLCh,  v , key,  klen); 

return  0 ; 

> 

/ * 

* The  count  is  stored  as  4.4  bit  normalized  floating-point.  The  high 

* 4 bits  are  the  exponent  (with  a bias  of  6),  and  the  low  4 bits 

* are  the  mantissa.  0x12  corresponds  to  (16+0x2)  <<  (0x1+6). 

* The  minimum  value  is  (16+0)  <<  (0+6)  = 0x400  = 1024. 

* The  maximum  is  (16+0xf)  <<  (Oxf+6)  = 0x3e00000  = 65011712. 

* These  functions  convert  between  the  expanded  count  and  a 

* floating-point  approximation. 

* / 

^define  EXPBIAS  6 
static  word32 
c_t o_by t e s ( by t e c) 

return  ((word32)16  + (c  8 15))  <<  ( ( c >>  4)  + EXPBIAS)  ; 

> 

static  byte 

by t e s_t o_c ( w o r d 3 2 bytes) 

{ 

unsigned  c; 

if  (bytes  <=  (word32)16  <<  EXPBIAS) 
return  0; 

if  (bytes  >=  (word32)31  <<  ( 1 5 + E X PB  I A S ) ) 
return  Oxff; 

/ * Normalize  mantissa  to  32.  .63  * / 
c = 0 ; 

for  (bytes  >>=  EXPBIAS-1;  bytes  > = 64;  bytes  >>=  1) 

C + + ; 

/*  Round  to  4 bits  by  adding  in  low-order  bit  */ 
bytes  + = (bytes  & 1); 

/*  Add  exponent  and  mantissa  */ 

return  (byte)((c<<4)  + ((unsigned)bytes  >>  1 ) ) ; 

> 

static  int 

s 2 k 1 1 e r S a 1 1 ( s t r u c t Pg p S t r i n g To  Key  const  *s2k,  char  const  *str, 
si ze_t  slen,  byte  *key,  si ze_t  klen) 

{ 

unsigned  num; 

struct  StringToKeyPriv  const  *priv; 
struct  PgpHash  const  *h; 
word32  bytes; 
void  * * v ; 

assert(s2k->encodelen  ==  11); 
if  ( ! k l e n ) 

return  0;  /*  Okay,  I guess...  * / 

priv  = (struct  StringToKeyPriv  *)s2k->priv; 
h = priv->hash; 
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assert(h->type  ==  priv->bufC1D); 
num  = (klen-1)/h->hashsize  + 1 ; 
v = multiHashCreate(h,  num); 
if  ( ! v) 

return  PG P E R R_N OM E M ; 

/*  Find  the  Length  of  the  material  to  hash  */ 
bytes  = c_t o_by t e s ( p r i v-> bu f C 1 0 D ) ; 

/*  Always  hash  a least  the  whole  passphrase ! */ 

if  (bytes-8  < slen  + 8) 

bytes  = (word32)(slen  + 8 ) ; 

/*  Hash  len  bytes  of  (salt,  passphrase)  repeated...  */ 


while  (bytes 

> slen  + 8) 

{ 

multi 

HashUpdate 

(h. 

v. 

num  , 

priv->buf+2,  8); 

multi 

\ 

HashUpdate 

(h. 

v. 

num. 

(byte  const  *)str,  slen); 

J 

if  (bytes  <= 

8)  { 

multi 

HashUpdate 

(h. 

v. 

num. 

priv->buf+2,  ( s i z e_t ) b y t e s ) ; 

> else  T 

multi 

HashUpdate 

(h. 

v. 

num. 

priv->buf+2,  8); 

multi 

HashUpdate 

(h. 

V, 

num. 

(byte  const  * ) s t r , 

( s i 

z e. 

_t)  bytes-8); 

> 

multiHashFinal(h,  v , key,  klen); 


return  0; 

> 

/ * Encoded  as  \000  + hash  specifier  * / 
struct  Pg p S t r i n g To  Key  * 

pg p S 2 Ks i mp l e ( s t r u c t PgpEnv  const  *env,  struct  PgpHash  const  *h) 

{ 

struct  PgpStringToKey  * s 2 k ; 
byte  * b u f f ; 

s2k  = s2kAlloc(env,  h,  2); 
if  ( s2k)  { 

s2k->stringToKey  = s2kSimple; 

buff  = ((struct  StringToKeyPriv  *)s2k->priv)->buf; 
buffCOD  = 0; 

> 

return  s2k; 


/*  Encoded  as  \ 0 0 1 + hash  specifier  + salt8  */ 

struct  PgpStringToKey  * 

pg p S 2 Ks a 1 1 ed ( s t r u c t PgpEnv  const  *env,  struct  PgpHash 
byte  const  *salt8) 


{ 


struct  PgpStringToKey  *s2k; 
byte  *buff; 


const  *h. 


s2k  = s2kAlloc(env,  h,  10); 
if  ( s2k)  { 

s2k->stringToKey  = s2kSalted; 

buff  = ((struct  StringToKeyPriv  *)s2k->priv)->buf; 
b u f f [ 0 0 = 1; 

memcpy ( buf f +2 , salt8,  8); 

} 
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> 


return  s 2 k ; 


/*  Encoded  as  \003  + hash  specifier 

static  struct  Pg p S t r i n g T o Key  * 

pg pS 2 Ki t e r i n t e rn ( s t ru c t PgpEnv  const 

byte  const  *salt8. 


+ salt8  + (compressed)  count 

*env,  struct  PgpHash  const 
byte  c ) 


*/ 
* h , 


struct  PgpStringToKey  * s 2 k ; 
byte  * b u f f ; 


> 

struct 

pgpS2K 

{ 

> 


s2k  = s2kAlloc(env,  h , 11); 
if  ( s 2 k ) { 

s2k->stringToKey  = s2kIterSalt; 

buff  = ((struct  StringToKeyPriv  *)s2k->priv)->buf; 
buff  CO]  = 1; 

memcpy (buf f +2,  salt8,  8); 
buff  Cl  0:  = c; 

> 

return  s 2 k ; 

PgpStringToKey  * 

t e r sa L t ( s t rue t PgpEnv  const  *env,  struct  PgpHash  const  *h, 
byte  const  *salt8,  word32  bytes) 

return  pg p S 2 K i t e r i n t e r n ( e n v , h,  salt8,  by t e s_t o_c (bytes)); 


/* 


* Returns  either  an  error  <0  or  the  Length  >=0  of  the  encoded 

* string2key  data  found  in  the  buffer.  If  s2k  is  non-NULL,  a 

* structure  is  allocated  and  returned. 

* / 


i n t 

pg p S 2 Kd e c od e ( s t r u c t PgpStringToKey  **s2kp, 
byte  const  *buff,  size_t  len) 


struct  PgpEnv  const 


struct  PgpHash  const  *h; 
int  prefix; 


*env. 


if  (lien) 

return  PG P E R R_B A D_S T R I NG 2 KE Y ; 
if  (buf f CO]  > 3 ||  buff  COD  ==  2) 

return  PG P E R R_U N K_S T R I NG 2 KE Y ; 
if  (len  < 2) 

return  PG P E R R_B A D_S T R I NG 2 KE Y ; 
h = pgpHashByNumber(buffCIJ); 
if  ( ! h ) 

return  PG P E R R_B A D_H A S H N U M ; 
switch  (buffCOJ)  T 
case  0 : 

if  ( ! s 2 k p ||  (*s2kp  = pgpS2Ks i mp l e ( env,  h))  !=  0) 

return  2; 

break; 
case  1 : 

if  (len  < 10) 

return  PG P E R R_B A D_S T R I NG 2 KE Y ; 

if  ( ! s 2 k p ||  (*s2kp  = pg p S 2 Ks a 1 1 e d ( e n v , h,  buff  + 2))  !=  0) 

return  10; 
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> 


break; 
case  3 : 

prefix  = 11; 
if  (Len  < 11) 

return  PG P E R R_B A D_S T R I NG 2 KE Y ; 
if  ( ! s 2 k p ||  ( * s 2 k p = pg p S 2 K i t e r i n t e r n ( e n v , h,  buff+2, 

buff  Cl  0]  ) ) 


! = 0) 

return  11; 

break; 

> 

/*  Tried  to  allocate  and  failed  */ 
return  PG P E R R_N 0M E M ; 


/ * 

* Return  the  default  StringToKey  based  on  the  setting  in  the 

* environment.  This  is  expected  to  be  the  usual  way  to  get 

* such  structures. 

* / 

struct  PgpS t r i ngToKey  * 

pgpS2Kdef au l t ( st ruct  PgpEnv  const  *env,  struct  Pg p R a nd om C on t e x t const  *rc) 
{ 

/ * Kludge  for  now  * / 

( v o i d ) r c ; 

return  pg p S 2 Ks  i mp  l e ( e n v , p g p H a s h B y N u mb e r ( P G P_H A S H_M D 5 ) ) ; 

> 

/*  Returns  1 if  this  is  simple/md5,  0 otherwise  */ 
int  pg p S 2 K i s 0 l d Ve r s (struct  P g p S t r i n g T o Ke y const  *s2k) 

{ 

byte  const  *ptr; 

if  ( s2 k->encode  l en  !=  2) 
return  0; 

ptr  = s2k->encoding; 

if  (ptrCO:  ==  0 &&  ptrCi:  ==  P G P_H  A S H_M  D 5 ) 
return  1; 

return  0; 

> 
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str2key.h 

/* 

* str2key.h  — A PGP  String  to  Key  Conversion  System 

★ 

* $ I d : str2key.h,v  1.1  1 1 996/1  1 /1  2 02:1  7:40  mhw  Exp  $ 

* / 

//ifndef  P G P_S  T R 2 K E Y_H 
//define  P G P_S  T R 2 K E Y_H 

//include  " pg p / u s u a L s . h " /*  For  byte  */ 

struct  PgpEnv; 

//  i f nd  e f T Y P E_P G P E N V 
//define  T Y P E_P  G P E N V 1 
typedef  struct  PgpEnv  PgpEnv; 
tt  e n d i f 

struct  PgpRandomContext ; 

//ifndef  TYPE_PGPRANDOMCONTEXT 
//define  TYPE_PGPRAND0MC0NTEXT  1 

typedef  struct  PgpRandomContext  PgpRandomContext; 

//  e n d i f 

struct  PgpHash; 

# i f n d e f T Y P E_P  G P H A S H 

//define  T Y P E_P  G P H A S H 1 

typedef  struct  PgpHash  PgpHash ; 

//end  i f 

struct  PgpS t r i ngToKey  { 
void  * p r i v ; 

byte  const  *encoding;  / * For  transmission  * / 
unsigned  encodelen; 

void  (*destroy)  (struct  PgpStringToKey  * s 2 k ) ; 

int  (*stri ngToKey)  (struct  PgpStringToKey  const  *s2k,  char  const 

size_t  slen,  byte  *key,  si ze_t  klen); 

>; 

//ifndef  T Y PE_PG  P S T R I NG  TOKE  Y 
//define  T Y P E_PG  P S T R I N GTO  KE  Y 1 

typedef  struct  PgpStringToKey  PgpStringToKey; 

//end  i f 

/*  Deallocate  the  structure  */ 

//define  pg  p S 2 Kd  e s t r oy  ( s 2 k ) ( s 2 k ) ->d  e s t roy  ( s 2 k ) 

/*  Turn  a string  into  a key  */ 

//define  pgpStringToKey(s2k,s,sl,k,kl)  (s2k)->stringToKey(s2k,s,sl,k,kl) 

/* 

* Decodes  a byte  string  into  a PgpStringToKey  object.  Returns  either  an 

* error  <0  or  the  length  >=0  of  the  encoded  string2key  data  found  in 

* the  buffer.  If  s2k  is  non-NULL,  a structure  is  allocated  and 

* returned. 

* / 

int  pgpS2Kdecode  (struct  PgpStringToKey  **s2k,  struct  PgpEnv  const  *env, 

byte  const  *buf,  size_t  len); 

/ * 

* Returns  the  default  PgpStringToKey  based  on  the  setting  in  the 


* s t r , 
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* environment.  This  is  expected  to  be  the  usual  way  to  get  such 

* structures. 

* / 

struct  PgpStri ngToKey  * p g p S 2 Kd e f a u l t (struct  PgpEnv  const  *env, 

struct  PgpRandomContext  const  *rc); 

int  p g p S 2 K i sOldVers  (struct  PgpStringToKey  const  * s 2 k ) ; 

/ * 

* Specific  PgpStringToKey  creation  functions.  Use  these  functions  to 

* specifically  request  a certain  string  to  key  algorithm. 

* / 

struct  PgpStringToKey  * pg p S 2 Ks i m p l e (struct  PgpEnv  const  *env, 

struct  PgpHash  const  * h ) ; 
struct  PgpStringToKey  * p g p S 2 Ks a l t e d (struct  PgpEnv  const  *env, 

struct  PgpHash  const  *h, 
byte  const  *salt8); 

struct  PgpStringToKey  * p g p S 2 K i t e r s a l t (struct  PgpEnv  const  *env, 

struct  PgpHash  const  *h, 
byte  const  *salt8, 
w o r d 3 2 bytes); 


/* 

★ 

The  PgpStri 

ngToKey 

objects 

are  encoded 

using  the  follow  table: 

★ 

type 

numbe 

r s2k  arguments 

★ 

simple 

\000 

hash 

specifier 

★ 

salted 

\001 

hash 

specifier  + 

s a 1 1 8 

* 

itersalt 

\ 003 

hash 

specifier  + 

salt8  + (compressed)  count 

*/ 

# e n d i f /*  PGP  S T R 2 K E Y_H  */ 
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fimedate.c 

/* 

* timedate.c  — conversions  between  a word32  timestamp  and  year, 

* month,  day,  and  time.  A bunch  of  convenience  functions. 

* 

* $ I d : timedate.c, v 1.4  1 996/1  1 /1  2 02:1  7:41  mhw  Exp  $ 

* / 


//ifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 

# e nd i f 

//include  <stdio.h> 
//include  <time.h> 


//include  " t i meda  t e . h " 

# include  "pgp/usuals.h" 


/*  System  clock  must  be  broken  if  it  isn't  past  this  date:  */ 

//define  REASONABLE_DATE  ((unsigned  long)  0x27804180L)  /*  91  Jan  01  00:00:00  */ 

/* 

* Convert  a year-month-day  to  a number  of  days  since  Jan  1,  1970 

* Month  and  day  are  1-based. 

* 

* To  compute  the  day  of  the  week,  note  that  Jan  1,  1970  is  a Thursday. 

* / 

unsigned 

pgpDateFromYMD  (int  y,  int  m,  int  d) 

( 

unsigned  t; 

static  const  unsigned  s t a r t da y H 1 2 ] = { 

0,  31,  59,  90,  120,  151,  181,  212,  243,  273,  304,  334  >; 

/*  jfmamjjasond*/ 

/*  Number  of  4-years  since  1968  */ 
t = (y  - 1968)/4; 

/*  Number  of  days  in  the  4-years  */ 
t *=  365*4+1; 

/*  Add  days  in  years  since  */ 
t +=  365  * ( y % 4 ) ; 

/*  Add  leap  day  unless  before  march  in  year  0 of  cycle  */ 
if(y%4!=0||m>2) 
t + + ; 

/*  Adjust  to  1970  base  */ 
t -=  365*2+1; 

/*  Add  month  and  day  offset  */ 
t + = startdayCm-10  + d-1; 


> 


return  t; 


/* 

* Given  timestamp  as  days  elapsed  since  1970  Jan  1, 

* returns  year  (1970-2106),  month  (1-12),  and  day  (1-31). 

* Not  valid  for  dates  after  2100  Feb  28  (no  leap  day  that  year). 
*/ 

void 

pgpDateToYMD  (unsigned  days,  int  *year,  int  *month,  int  *day) 
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i n t y , m ; 

static  const  unsigned  mdaysC12]  = /*  March . . February  */ 

{31, 30, 31, 30, 31, 31, 30, 31, 30, 31,31, 29>; 

days  +=  365+365-31-28;  / * Days  since  Fri  1 Mar  1968  * / 

/*  Locate  to  within  a Leap-year  cycle  */ 
y = days  / 1461; 
days  %=  1461; 

y *=  4; 

/*  Find  the  year  within  the  cycle  */ 
if  (days  >=  730 ) { 
y +=  2; 
days  -=  730; 

> 

if  (days  >=  365)  { 
y + + ; 

days  -=  365; 

> 

*year  = y; 

/*  days  is  now  in  the  range  CO. . 365  ] */ 

/*  Compute  month,  based  on  March=0  */ 
m = 0 ; 

while  (days  >=  mdaysCm]) 

days  -=  mdaysCm++]; 

/*  Now,  fix  the  month  so  March  = 2,  with  carry  into  the  year  */ 
m +=  2 ; 

if  (m  >=  12)  { /*  January  or  February  of  the  next  year  */ 

m - = 12; 
y + + ; 

> 

/*  Save  the  final  (1-based)  results  */ 

* y e a r = y + 1968; 

★month  = m+1; 

*day  = days+1; 


/ * 

* It's  a bit  annoying  that  we  have  to  go  through  these  shenanigans 

* to  get  seconds  since  Jan  1,  1970  0:00:00  GMT  (okay,  okay,  UTC), 

* when  time()  on  half  the  platforms  in  the  world  returns  this  value 

* already,  but  some  platforms  (e.g.  Microsoft  C,  version  7.0  - but 

* not  earlier  versions!)  return  different  values. 

* 

* So  this  uses  the  ANSI  C functions.  tm_yday  could  be  used  to  reduce  the 

* work,  but  this  is  hardly  a time-critical  function  and  tm_yday  is 

* infrequently  used,  so  it  might  be  buggy. 

* 

* ANSI  allows  the  timeO  and  gmtimeO  to  fail,  so  this  returns  0 in  that 

* case. 

* / 

wo  rd32 

pgpTimeStamp  (int  tzFix) 
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{ 

const  t = t i me ( ( t i me_t  *)0); 
struct  tm  const  * g ; 
unsigned  days; 

if  ( t ==  ( t i me_t ) -1 ) 
return  0; 
g = gmtime(St); 
if  ( ! g ) 

return  0 ; 

/*  tm_year  is  1900-based,  tm_mon  is  0-based,  tm_day  is  1-based  */ 

/*  Some  systems  do  tm_year  oddly,  though...  */ 

days  = pgpDateFromYMD(g->t m_y ear  + (g->tm_year  > 1 900  ? 0 : 1 900), 

g->tm_mon+1,  g->tm_mday); 

return  g-> t m_s e c + 60  * ( g -> t m_m i n + 60*(g->t  m_h  our  + tz  F ix+24*(word32)days)); 

> 

/ * 

* Create  a date  string,  given  a 32-bit  timestamp.  Returns  characters 

* printed.  Format:  "yyyy-mm-dd" 

* 1234567890 

* This  format  is  specified  by  some  international  ISO  standard,  but  I 

* forget  which  one. 

* / 
i nt 

pgpDateString  (word32  tstamp,  char  bufCPGPDATESTRINGLEN+1 3) 

{ 

int  month,  day,  year; 

if  (tstamp  ==  0)  { 

memset  (buf,  ' ' , 10); 

buf Cl  OH  = 'Non- 
return 10; 

> 

pgpDa t eToYMD (( un s i g ned  )( t s t amp  / 86400  ) , Syear,  Smonth,  Sday); 
sprintf  (buf,  "%4d-%02d-%02d",  year,  month,  day); 
return  PGPDATESTRINGLEN; 

> 

/* 

* Create  a "date  and  time"  string,  given  a 32-bit  timestamp. 

* Returns  number  of  characters  printed. 

* Format:  "yyyy-mm-dd  hh:mm  GMT" 

* 12345678901234567890 
*/ 

int 

pg  pT  i me  S t r i n g (word32  tstamp,  char  bu  f C PG  PT  I M E S T R I N G L E N + 1 II ) 

{ 

unsigned  min; 

pgpDateString  (tstamp,  buf); 

tstamp  /=  60;  / * Minutes  since  00:00  Jan  1,  1970  */ 

min  = (unsigned) (tstamp  / 1440);  /*  Minutes  since  0:00  today  */ 

sprintf  (buf  + PGPDATESTRINGLEN,  " %02d:%02d  GMT",  min/60,  min  % 60); 
return  PG PT  I M E S T R I NG L E N ; 

} 
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# i f d e f TESTMAIN 
#include  <stdlib.h> 


i n t 

ma i n ( vo  i d ) 

{ 

unsigned  i , t ; 
int  y , m,  d ; 


> 


pu t s ( " S t a r t i n g test..."); 
for  (i  = 0;  i < 65535;  i + + ) { 
i f ( i % 1 000  ==  0) 

p r i n t f ( " % 5 u \ r " , i ) ; 
pgpDateToYMDCi,  &y,  &m,  &d); 
t = pgpDateFromYMDCy,  m,  d); 
if  ( i ! = t ) { 

printf("\ni  = %u  !=  t = 
i , t , y,  m,  d); 


%u 


y/m/d  = %04d/%02d/%02d\n". 


puts(  "\nDone  ! " ) 
return  0; 


# e nd i f 
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timedate.h 

/* 

* timedate.h  --  functions  to  convert  between  a word32  timestamp  and 

* various  time  and  date  values  (uncluding  ISO  string  represenations 

* 

* Sid:  timedate.h, v 1.3  1996/11/12  02:17:41  mhw  Exp  $ 

* / 

# i f nde  f PG P_T I M E D AT E_H 
# d e f i n e P G P_T I M E D A T E_H 

//include  " pg p / u s u a l s . h " 

/*  Convert  between  number  of  days  since  1970  Jan  1 and  year/month/day  */ 
unsigned  pgpDateFromYMD  (int  y,  int  m,  int  de- 
void pgpDateToYMD  (unsigned  days,  int  *year,  int  *month,  int  *day); 

/* 

* Return  the  current  timestamp.  tzFix  is  +/-  //hours  to  off  from  GMT 

* if  local  conversions  don't  work  properly.  (c.f.  TZFIX 

* configuration  variable) 

* / 

word32  pgpTimeStamp  (int  tzFix); 

/*  Create  strings  for  the  Date  or  T i me-a nd-d a t e */ 

//define  PG  P D AT  E S T R I N G L E N 10 

int  pgpDateString  (word32  tstamp,  char  bufCPGPDATESTRINGLEN+1 ]); 

//define  PG  PT  I M E S T R I N G L E N 20 

int  pgpTimeString  (word32  tstamp,  char  bufCPGPTIMESTRINGLEN+1 0); 

//endif  /*  PGP  TIMEDATE  H */ 
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include/ 


■ 


.cvsignore 

Ma  kef  i L e 


lib/ pgp/include/. cvsignore 


. 


lib/ pgp/include/Makefile.in 


Makefile,  in 

# 

tt  Lib/incLude 
# 

ff  $ I d : Makef i Le . i n,v  1.14  1 996/1  1 /1  2 02:1  7:42  mhw  Exp 

# 

PUBHDRS=  annotate. h convkey.h  pgperr.h  pgpmsg.h  pgpui. 
PRIVHDRS=  kludge. h pktbyte.h 


u s u a l s . h 
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makefile,  msc 

P G P L I B=  . .\.  .\pgplib.  Lib 

CFLAGS=-I..\..\..\include  -I..\..\include  \ 

-DHAVE_C0NFIG_H=1  $(DEBUG) 

all::  lib 

headers:  incl 

! include  " ma k e f i l e . i n " 


incl: 

if  not  "$(PUBHDRS)"==""  \ 

for  %f  in  ( $(PUBHDRS)  ) do  copy  %f  . . \ . . \ . . \ i n c l u d e \ pg p 
if  not  "$ ( PR  IVHDRS ) " = = " " \ 

for  %f  in  ( $(PRIVHDRS)  ) do  copy  %f  . . \ \ i n c l u d e 


DOSOBJ  SX: 
DOSOB J S = 
lib: 


$ ( OB J S : . o = 
$ ( DOSOB J SX 


$ ( DOSOB J S ) 


. ob  j ) 

:unix=win32) 


. c . o b j : 

$ ( C C ) $ ( C FLAGS ) -17  -c  $< 

# lib  /out :$(PGPLIB)  $(PGPLIB)  $*.obj 

clean: 

del  * . o b j 

DONE  : 

if  exist  S(PGPLIB)  l i b / o u t : $ ( PG P L I B ) $(PGPLIB)  $(D0S0BJS) 
if  not  exist  $(PGPLIB)  l i b / o u t : $ ( PG P L I B ) S(DOSOBJS) 
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annotate.h 

/ * 

* annotate.h  --  This  is  the  List  of  known  annotations.  Each 

* annotation  has  its  own  number,  to  make  it  unique.  In  addition, 

* this  list  really  should  not  change  too  much  over  time. 

ie 

* Written  by:  Derek  Atkins  < w a r l o r d 3 M I T . E D U > and  Colin  Plumb 

* 

* This  is  a Public  API  Function  Header. 

★ 

* $Id:  annotate. h,v  1.41  1996/11/12  02:17:43  mhw  Exp  $ 

*/ 

# i f n d e f P G P_A  NN0TATE_H 
//define  P G P_A N N 0 T A T E_H 

/*  Convert  a scope  type  (via  a begin)  to  a string  */ 
const  char  *pgpScopeName  (int  type); 

/*  NOTE:  Begin  scope  always  ends  in  0x00,  End 
//define  PG P_I S_S C 0 P E_M A R KE R ( x ) ( ( ( x ) & Oxfe) 

//define  PG P_I S_E N D_S C 0 P E ( x ) (((x) 

//define  PG  P_I  S_B  E G I N_S  C 0 P E ( x ) ( ( ( x ) S Oxff) 

/* 

* Given  an  annotation  type,  update  the  current  scope  depth  accordingly. 

* Can  be  followed  with  "assertldepth  !=  -1)". 

* / 

//define  P G P_S  C 0 P E_D  E P T H_U  P D A T E ( d e p t h , x ) \ 
if  (PGP_IS_SCOPE_MARKER(x) ) \ 

(depth)  +=  PGP_IS_BEGIN_SCOPE(x)  ? 1 : -1 

/*  Commit  to  sending  the  current  packet:  e.g.,  request  a callback!  */ 
//define  P G P A N N_C 0 M M I T 0x002 

/* 

* There  are  four  possible  packet-ended-too-early  cases,  based  on 

* two  binary  options.  The  first  binary  option  is  whether  the 

* end  is  caused  by  EOF  or  a short  packet  length.  (E.g.  an 

* encrypted  packet  that  does  not  at  least  contain  an  IV.) 

* These  are  called  the  _T RUNCATED  and  _SH0RT  cases,  respectively. 

* The  second  is  whether  the  problem  applies  to  the  current  scope 

* or  not.  I.e.  is  it  at  the  current  parsing  level,  or  one  level 

* down?  These  are  marked  as  _SC0PE_  and  _PACKET_,  respectively. 


*/ 

//define  PG  P A N N_P  A C KE T_T  R U N C AT E D 0x010 

//define  P G P A N N_P  A C K E T_S  H 0 R T 0x011 

//define  PG  P A N N_S  C 0 P E_T  R U N C A T E D 0x012 

//define  PG  P A NN_S  C 0 P E_S  H 0 RT  0x013 

/*  A signature  is  too  damn  big  to  pass  as  an  annotation  */ 
//define  PG  P AN  N_S  I G N AT  U R E_T0  0_B  I G 0x020 

/*  An  encrypted  session  key  is  too  damn  big  */ 

//define  P G P A N N_E  S K_T 0 0_B  I G 0x021 

/*  For  a FileWrite  module:  start  a new  file.  */ 

//define  PG  P A N N_N  E W F I L E_S  T A R T 0x030 


scope  always  ends  in  0x01  */ 
==  0x00) 

& Oxf f ) ==  0x01  ) 

==  0x00) 


/ * Status  requests  of  the  ascii  armor  parser  * / 
//define  PGPANN  PARSEASC  MSG  COUNT  0x050 
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//define  PG P ANN_P A R S E A S C_M S G_L E F T 0x051 

//define  PG  P A N N_P  A R S E A S C_M  S G_C  U R R E N T 0x052 

//define  PG P A N N_P A R S E A S C_M S G_P A R T S 0x053 

//define  PG P A N N_P A R S E A S C_M S G_P A R T I N F 0 0x054 

/*  Parser  Callbacks  */ 

//define  PG  P AN  N_P  A R S E R_E  AT  I T 0x102 

//define  P G P A N N_P  A R S E R_P  A S S T H R 0 U G H 0x103 

//define  PG  P AN  N_P  A R S E R_P  R0  C E S S 0x104 

//define  PG  P A N N_P  A R S E R_R  E C U R S E 0x105 


/*  Unrecognized  packet  type  (EATIT,  PASSTHROUGH, 
//define  PG  P A N N_U N KN OW N_B  E G I N 0x200 

//define  P G P A N N_U  N KN  0 W N_E  N D 0x201 


/*  Literal  Packet  information  */ 

//define  PG  P A N N_L  I T E R A L_B  EG  I N 0x300 

//define  PG  P A N N_L  I T E R A L__E  N D 0x301 

//define  PG  P A N N_L  I T E R A L_T  Y P E 0x302 

//define  PG  P A N N_L  I T E R A L_N  AM  E 0x303 

//define  PG  P A N N_L  I T E R A L_T  I M E S T AM  P 0x304 

/ * Cipher  Packet  Information  * / 

//define  PG  P A N N_C  I P H E R_B  E G I N 0x400 

//define  P G P A N N_C  I P H E R_E  N D 0x401 

//define  PG  P AN  N_C  I P H E R_N0  T E XT  0x402 

//define  PG  P A N N_S  KC  I PH  E R_E  S K 0x403 

//define  PG  P A N N_P KC  I P H E R_E  S K 0x404 

/*  Compressed  Packet  Information  */ 

//define  PG  P A N N_C  0M  P R E S S E D_B  E G I N 0x500 

//define  PG  P A N N_C  OM  P R E S S E D_E  N D 0x501 


/*  Comment  Packet  Information  */ 

//define  PG  P A N N_C  OMM  E NT_B  E G I N 0x600 

//define  PG  P A N N_C 0 MM  E N T_E  N D 0x601 

/*  Signed  messages  */ 

//define  PG  P A N N_S  I G N E D_B  E G I N 0x900 

//define  PG  P A N N_S  I G N E D_E  N D 0x901 

//define  PG  P A N N_S  I G N E D_S  I G 0x902 

//define  PG P AN N_S  I G N E D_S  I G 2 0x903 

//define  PG  P ANN_S  I G N E D_S  E P 0x904 

/ * Hash  Packets  * / 

//define  P G P A N N_H  ASH_REQUEST  0x910 

//define  PG  P A N N_H  A S H_V  A LU  E 0x920 

/ * PGP  Key  Data  * / 

//define  PG  P A N N_P  G P K E Y_B  E G I N OxFOO 

//define  P G P A N N_PG  PKEY_END  OxFOl 

/*  Not  a packet  at  all  (EATIT,  PASSTHROUGH  opti 
//define  PG  P ANN_N  ON  P A C KE  T_B  E G I N 0x1000 

//define  PG  P A N N_N  0 N P A C K E T_E  N D 0x1001 

/*  From  the  Armor  Parser.  text  not  in  armor  */ 
//define  PG  P AN  N_N0  N PG  P_B  E G I N 0x1100 

//define  PGPANN  N 0 N PG  P_E  N D 0x1101 


PROCESS  options  only)  */ 


/ * Callback  */ 

/*  Double  callback  (!)  */ 


only)  * / 
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/*  Ascii  Armor ' ed  data  */ 
//define  P G P A N N_A R M 0 R_B E G I N 
//define  PG P A N N_A R MO R_E N D 
//define  P G P A N N_A R M 0 R_P A R T 
//define  PG P AN N_A RMO R_B A D L I N E 
//define  PG P AN N_A RMO R_B A D H E A D E R 
# define  PG  P A N N_A  RMO  R_T  OOLONG 
//define  PG  P A N N_A  R M 0 R_N  0 C R C 
//define  PG  P A N N_A  R MO  R_C  R C C AN  T 
//define  PG  P AN  N_A  R MO  R_C  R C B A D 

/*  Clearsigned  Data  */ 

//define  PG  P AN  N_C  L E A R S I G_B  E G I N 
//define  PG  P A NN_C  L E A R S I G_E  N D 

/ * Main 
//define 
//define 


0x1200 

0x1201 

0x1202 

0x1203 

0x1204 

0x1205 

0x1206 

0x1207 

0x1208 


0x1300 

0x1301 

annotation  * / 


input  scope  --  only  an  application  should  send  this 
PGPANN_INPUT_BEGIN  0x1400 

PGPANN  INPUT  END  0x1401 


/*  Independent  files.  */ 

//define  PG  P A N N_F  I L E_B  E G I N 0x1500 

//define  P G P A N N_F  I L E_E  N D 0x1501 

/*  Armor  Multipart  messages  */ 

//define  P G P A N N_M U L T I A R M 0 R_B  E G I N 0x1600 

//define  PG  P AN  N_M  U LT  I A R MO  R_E  N D 0x1601 

# e n d i f /*  PGP  ANNOTATE  H */ 
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convkey.h 

/ * 

* convkey.h  --  Conventional  Encryption  Keys  for  PGP 

★ 

* Written  By:  Derek  Atkins  < w a r l o r d a M I T . E D U > 

* 

* $ I d : convkey.h, v 1.8  1 996/1  1 /1  2 02:1  7:43  mhw  Exp  $ 
*/ 

//  i f nd  e f PG P_C ON VKE Y_H 
//define  PG P_C ON VKE Y_H 

^include  " pg p / u s ua l s . h " 

struct  PgpSt r i ngToKey; 

//ifndef  T Y P E_PG P S T R I N G T OKE Y 
//define  T Y P E_PG P S T R I N GT 0 KE Y 1 

typedef  struct  PgpStringToKey  PgpStringToKey; 
tt  e nd  i f 

struct  PgpConvKey  { 

struct  PgpConvKey  const  * n e x t ; 
struct  PgpStringToKey  const  *stringToKey; 
char  const  *pass; 
s i z e_t  passlen; 

>; 

# i f nd  e f T Y P E_PG P C ON VKE Y 

//define  TYPE_PGPCONVKEY  1 

typedef  struct  PgpConvKey  PgpConvKey; 

# e nd  i f 

#endif  /*  PGP  C ON VKE  Y H */ 
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kludge.h 


//ifndef  KLUDGE_H 
//define  KLUDGE_H 

/ * 

* Kludges  for  n o t -q u i t e- A N S I systems. 

* This  should  always  be  the  last  file  included,  because  it  may 

* mess  up  some  system  header  files. 

* 

* $Id:  kludge. h,v  1.2  1996/11/12  02:17:43  mhw  Exp  $ 

*/ 

//if  N 0_F P0 S_T  /*  The  whole  f p o s_t / f g e t p o s / f s e t p o s thing  is  missing  */ 
typedef  long  fpos_t; 

#define  f g e t po s ( s t r e a m , pos)  ( (*(pos)  = ftell(stream))  < 0 ? -1  : 0) 

//define  fsetposCstream,  pos)  fseekCstream,  *(pos),  SEEK_SET) 

# e nd i f 

#if  N 0_M  E M M 0 V E /*  memoveO  not  in  libraries  */ 

#define  m e mm o v e ( d e s t , s r c , l e n ) b c o py ( s r c , d e s t , l e n ) 

# e n d i f 

//if  N0_STRERR0R  /*  strerrorO  not  in  libraries  */ 

U i f nd  e f s y s_n err 
extern  int  sys_nerr; 

# e nd i f 

//ifndef  sys_errlist 
extern  char  * s y s_e r r l i s t C d ; 

#end i f 

#define  strerror(err)  ((err)  < sys_nerr  ? sy s_e r r l i s t ler r ] : "Unknwon  error") 

//  e n d i f /*  N 0_S  T R E R R 0 R */ 

//if  N 0_S  T R T 0 U L /*  strtoul  ( ) not  in  libraries  */ 

//define  strtoul  strtol  /*  Close  enough  */ 

//end  i f 

#if  N0_RAISE  /*  raiseO  not  in  libraries  */ 

//include  <sys/types.h>  /*  For  getpidl)  - kill()  is  in  <signal.h>  * / 

//define  raise(sig)  k i l l ( g e t p i d ( ) , s i g ) 

//end  i f 

/ * 

* Would  you  believe  that  there  exist  (non-ANSI,  of  course)  <stdio.h>'s  that 

* don't  define  the  SEEK_  macros?  If  EOF  is  defined  (a  giveaway  that 

* <stdio.h>  has  been  included),  define  these  to  their  usual  meanings. 

* / 

//if  defined(EOF) 

//ifndef  SEEK  SET 


# d e f i n e 

SEEK_ 

.SET 

0 

/ * 

Set 

f i 

l e 

pointer 

t 0 

"offset" 

*/ 

ft  define 

SEEK_ 

.CUR 

1 

/* 

Set 

f i 

l e 

pointer 

t 0 

current 

plus  "offset"  * / 

# d e f i n e 

SEEK_ 

.END 

2 

/* 

Set 

f i 

l e 

pointer 

t 0 

EOF  plus 

"offset"  */ 

#endi f 


//ifndef  S T D I N_F  I L E N 0 
//define  S T D I N_F  I L E N 0 0 

//define  STDOUT  FILENO  1 
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U e nd i f 

ft  i f N 0_S  I Z E_T 

typedef  unsigned  size_t;  /*  Actually,  "int"  gets  used  a lot...  */ 

# e nd i f 

#if  N 0_S T D I 0_P R 0 T 0 S /*  Missing  prototypes  for  "simple"  functions  */ 

int  (puts) (char  const  *); 

int  (fputs)Cchar  const  * , FILE  * ) ; 

void  (rewindMFILE  *); 

int  (fflush)CFILE  *); 

int  (fclose)CFILE  *); 

int  (printf)Cchar  const  * , ...); 

int  (fprintf)CFILE  * , char  const  *,  ...); 

int  (fseek)CFILE  *,  long,  int); 

int  (remove)tchar  const  *); 

int  (renameHchar  const  * , char  const  *); 

void  (perror)  (char  const  *); 

int  (system)Cchar  const  *);  / * Really  in  <stdlib.h>,  but  this'll  do...  */ 

int  (pclose)CFILE  *); 

/*  If  we  have  a sufficiently  old-fashioned  stdio,  it  probably  uses  these...  */ 
int  (_flsbuf)(unsigned  char,  FILE  *); 

int  ( fi Ibuf) ( FILE  *); 

int  (ungetc)Cint,  FILE  * ) ; 

si  ze_t  (f  readHchar  *,  si  ze_t,  size_t,  FILE  *); 
size_t  (fwriteKchar  const  *,  si  ze_t,  si  ze_t,  FILE  *); 

#if  def ined(va_start)  ||  def ined(va_arg)  ||  def i ned ( va_end ) 


int  ( v f p r i 

ntf  ) ( FILE 

* , char  const  *,  ...); 

#endi f 
# e n d i f 

/ * 

N0_STD I0_ 

PR0T0S  */ 

# e nd i f 

/* 

EOF  */ 

#end  i f 

/* 

KLUDGE_H 

*/ 
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pgperr.h 

/ * 

* pgperr.h  --  This  file  contains  the  List  of  PGP  errno  values  ( i . e . , the 

* the  error  values  that  are  returned  from  functions  returning  an  error 

* 

* The  errors  are  grouped  into  blocks  of  codes  for  specific  functions,  and 

* they  should  all  be  negative! 

* 

* Written  by:  Colin  Plumb  and  Derek  Atkins  <wa r l o r d3M I T . E DU> 

* 

* This  is  a Public  API  Definition  Header. 

* 

* $Id:  pgperr.h, v 1.37.2.1  1996/11/14  04:09:27  cbertsch  Exp  $ 

* / 


# i f n d e f PGPERR_H 
//define  PGPERR  H 


/* 

* Code  to  translate  error  codes  to  strings  can  define  this  macro  and 

* //include  this  file  to  perform  some  sort  of  lookup  table  i n i t i a l z a t i o n . 

* Please  update  this  in  the  obvious  way  when  you  change  this  file. 

*/ 


# i f n d e f 
//define 
/ * Only 
t y p e d e f 


PGPERR 

PGPERRCnum,  st 
include  functi 
int  PGPError; 


char  const 
ft  e n d i f 


*pgperrStri 


ring)  /*nothing*/ 

on  prototype  if  we're  not  doing  preprocessor  magic  */ 
/*  Most  places  still  use  int  directly,  by  the  way  */ 
nglint  error); 


/ * 

* All  messages  with  a negative  error  code  should  be  printed.  Some  positive 

* "error  codes"  are  used  as  severity  levels  to  control  masking  of  inessential 

* messages. 


*/ 


//define 

PGPERR_VERB0SE_0 

0 

//define 

PGPE  RR_VERESOS  E_1 

1 

# d e f i n e 

P G P E R R_V  ERB0SE_2 

2 

#def i ne 

PGPERR_VERB0SE_3 

3 

//define 

PGPERR 

PGPERR_0K 
( P G P E R R_0  K , 

0 

/* 

* Avoid  using  this  code  - if 

it  appears 

* too 

* just 

lazy  to  find  the  right 
plain  " - 1 " . 

one  . 

It's 

*/ 

#def i ne 

PGPERR 

P G P E R R_G  E N E R I C 
( PG  P E R R_G  E N E R I C , 

-1 

#def i ne 
PGPERR 

PG  P E R R_N  0 M E M 
( PG  P E R R_N  0 M E M , 

-2 

U d e f i n e 

PGPERR_BADPARAM 

-3 

PGPERR  ( P G P E R R_B  ADPARAM, 

//define  PG  P E R R_N0_F  I L E -5 

PGPERR  (PGPERR  NO  FILE, 


No  errors") 


it  means  that  the  programmer  was 
usually  written  in  the  source  as 


Generic  error  (should  be  changed)") 


Out  of  Memory") 


Invalid  Parameter") 


Cannot  open  file") 
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Adefine  PG P E R R_N 0_KE Y B I T S -6 

PGPERR  (PGPERR_NO_KEYBITS, 

Adefine  PG P E R R_B A D_H A S H N UM  -10 

PGPERR  ( P G P E R R_B A D_H  A S H N U M , 

Adefine  PG P E R R_B A D_C I P H E RNUM  -15 

PGPERR  ( PGPERR_BAD_CIPHERNUM, 

Adefine  PG P E R R_B A D_KE Y L E N -16 

PGPERR  ( PG  P E R R_B A D_KEYLEN, 

Adefine  PG P E R R_S I Z E A D V I S E -20 

PGPERR  (PGPERR_SIZEADVISE, 

Adefine  PG P E R R_C 0 N F I G -100 

PGPERR  ( PGPERR_C0NFIG, 

Adefine  PG P E R R_C 0 N F I G_B A D F U N C -101 

PGPERR  ( P G P E R R_C  0 N F I G_B  A D F U N C , 
Adefine  PG P E R R_C 0 N F I G_B A D 0 PT  -102 

PGPERR  ( P G P E R R_C  0 N F I G_B  ADOPT, 

Adefine  PG P E R R_KE Y_I S LO C KE D -110 

PGPERR  ( PGPERR_KEY_ISLOCKED, 

Adefine  PG P E R R_KE Y_U N U N LO C KAB L E -111 
PGPERR  ( P G P E R R_KE  Y_U  NUNLOCKABLE, 

^define  PG P E R R_S I G_E R R 0 R -120 

PGPERR  ( P G P E R R_S I G_E  R R 0 R , 

Adefine  PG P E R R_A D D S I G_E R R 0 R -121 

PGPERR  ( PG  P E R R_A  DDSIG_ERROR, 

Adeline  P G P E R R_C A N N 0 T_D E C R Y P T -125 

PGPERR  ( P G P E R R_C  ANNO  T_D  E C R Y P T , 
Adefine  PG P E R R_A D D E S K_E R RO R -126 

PGPERR  ( PG  P E R R_A  DDES  K_E  R R 0 R , 

Adefine  PG P E R R_U N K_S T R I NG 2 KE Y -127 
PGPERR  ( P G P E R R_U  N K_S  T RING2KEY, 


"Don't  know  how  to  convert  pass 


"Internal  keyring  bits  exhausted") 

"Unknown  hash  number") 

"Unknown  cipher  number") 

"Illegal  key  length  for  cipher") 

"SizeAdvise  promise  not  kept") 

"Error  parsing  configuration") 
"Invalid  configuration  function") 
"Unknown  configuration  option") 

"Key  requires  passphrase  to  unlock") 
"Key  requires  passphrase  each  time") 

"Error  while  processing  signature") 
"Cannot  add  signature") 

"Cannot  decrypt  message") 

"Cannot  add  encrypted  session  key") 

phrase  to  key") 


Adefine  PG PE R R_B A D_S T R I NG 2 KE Y -128 
PGPERR  ( P G P E R R_B  A D_S  TRING2KEY, 

"Invalid  conversion  from  pass  phrase  to  key") 


Adefine  PG P E R R_E S K_B A D T Y P E -130 

PGPERR  (PGPERR_ESK_BADTYPE, 

Adefine  PG P E R R_E S K_T00 S H 0 R T -131 

PGPERR  ( P G P E R R_E  S K_T  00SH0RT, 

Adefine  PG P E R R_E S K_T 00 L0 N G -132 

PGPERR  ( PG  P E R R_E  S K_T  OOLONG, 

Adefine  PG P E R R_E S K_B A D V E R S I 0 N -133 

PGPERR  ( P G P E R R_E  S K_B  ADVERSI0N, 
Adefine  PG P E R R_E S K_B A D A LG0 R I T H M -134 
PGPERR  ( P G P E R R_E  S K_B  ADALGORITHM, 
Adefine  PG P E R R_E S K_B I T S W RO NG  -135 

PGPERR  ( P G P E R R_E  S K_B ITSWRONG, 

Adefine  PG P E R R_E S K_N 0 KE Y -136 

PGPERR  ( PGPERR_ESK_NOKEY, 

Adefine  PG P E R R_E S K_N 0 D E C R Y PT  -137 


"Unknown  encrypted  session  key  type") 
"Encrypted  session  key  too  short") 
"Encrypted  session  key  too  long") 
Encrypted  session  key  version  unknown") 
Encrypted  session  key  algorithm  unknown") 
"Wrong  number  of  bits  in  ESK") 

Can't  find  key  to  decrypt  session  key") 
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PGPERR  (PGPERR 
//define  PGPERR 
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//define  PGPERR 
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PGPERR  (PGPERR. 
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PGPERR  (PGPERR. 
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PGPERR  (PGPERR. 
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PGPERR  (PGPERR. 
//define  PGPERR. 
PGPERR  (PGPERR. 

//define  PGPERR. 
PGPERR  (PGPERR. 
//define  PGPERR. 
PGPERR  (PGPERR. 
//define  PGPERR. 
PGPERR  (PGPERR. 

//define  PGPERR. 
PGPERR  (PGPERR. 
//define  PGPERR. 
PGPERR  (PGPERR. 

//define  PGPERR. 
PGPERR  (PGPERR. 
//define  PGPERR. 
PGPERR  (PGPERR 


_E  S K_N  ODECRYPT, 

"Can't  decrypt  this  session  key") 

_E  S K_B  A D PA  S S 

-138 

_E  S K_B  A D P A S S , 

"Passphrase  incorrect") 

_S  I G_B  A D T Y P E 

-1  40 

.S  I G_B  A D T Y P E , 

"Unknown  signature  type") 

_S  I G_T  0 0 S H 0 R T 

-141 

_S  I G_T  OOSHORT, 

"Signature  too  short") 

.S  I G_T  OOLONG 

-142 

.S  I G_T OOLONG , 

"Signature  too  Long") 

.SI  G_B  ADVERSION 

-143 

_SIG_BADVERSION, 

"Signature  version  unknown") 

.SI  G_B  A DALGORITHM 

-144 

.S I G_B  ADALGORITHM 

f 

"Signature  algorithm  unknown") 

.S  I G_B  ITSWRONG 

-145 

.SIG_BITSWRONG, 

"Wrong  number  of  bits  in  signature") 

.S  I G_N  0 K E Y 

-146 

_S  I G_NOKE  Y , 

li 

'Can't  find  necessary  key  to  check  sig") 

_S  I G_B  A D E X T R A 

-147 

_S  I G_B  ADEXTRA, 

"Invalid  Extra  Data  for  Signature") 

,NO_PUBKE  Y 

-150 

.NO_PUBKEY, 

"No  public  key  found") 

_NO_S  E C KE  Y 

-1  51 

.N  0_S  E C K E Y , 

"No  secret  key  found") 

.U  N KN 0 W N_K E Y I D 

-152 

.UNKNOWN_KEYID, 

"No  matching  keyid  found") 

.C  0 MM  I T_I  N V A L I D 

-155 

.C  0 MM  I T_I  N V A L I D , 

"Invalid  commit  response") 

.C  A N N 0 T_H  ASH 

-156 

.C  A N N 0 T_H  ASH, 

"Cannot  hash  message") 

,UNBALANCED_SCOPE 

-160 

.UNBALANCE  D_S  COPE 

f 

"Unbalanced  scope") 

,WRONG_S  COPE 

-161 

.W  R 0 NG_S  COPE, 

"Data  sent  in  wrong  scope") 

,U  I_I  N V A L I D 

-165 

U I_I N V A L I D , 

"Invalid  UI  Callback  Object") 

C B_I N V A L I D 

-166 

CB_I NVALI D, 

"Invalid  Parser  Callback") 

P U B K E Y_T  0 0 S M A L L 

-170 

PUBKEY_TOOSMALL, 

"Public  Key  too  small  for  data") 

P U B K E Y_T  0 0 B I G 

-171 

P U B K E Y_T  0 0 B I G , 

"Public  Key  too  big  for  Library") 

P U B K E Y_U  N I M P 

-172 

PUBKEY_UNIMP, 

"Unimplemented  public  key  operation") 

R S A_C  0 R R U P T 

-175 

RSA_CORRUPT, 

"Corrupt  data  decrypting  R S A block") 

P K_C  0 R R U P T 

-176 

P K_C  0 R R U P T , 

if 

Corrupt  data  decrypting  public  key  block 

C M D_T  0 0 B I G 

-180 

C M D_T  0 0 B I G , 

"Command  to  Buffer  too  big") 

F I F 0_R  E A D 

-181 

FI F 0_R  E A D , 

"Incomplete  read  from  Fifo") 
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//define  PG P E R R_V R F Y S I G_W R I T E -185 

PGPERR  ( PG  P E R R_V  R F Y S I G_W  RITE, 

"Data  illegally  written  into  signature  pipe") 
//define  PG P E R R_V R F Y S I G_B A D A N N -186 

PGPERR  ( PG  P E R R_V  R F Y S I G_B A D A N N , 

"Invalid  annotation  to  signature  verifier") 

//define  PG P E R R_A D D H D R_F L U S H -190 

PGPERR  ( PG  P E R R_A  DDHDR_FLUSH, 

"Cannot  flush  buffer  until  size  is  known") 


//define  PG P E R R_J 0 I N_B A D A N N 
PGPERR  (PGPERR_JOI N_B  A D A N N , 


-195 


//define  PG  P E R R_R  A N D S E E D_T00  S M A L L 
PGPERR  ( P G P E R R_R  A N D S E E D_T  00SMALL, 


//define  PG P E R R_E N V_L0 W P R I 
PGPERR  ( PGPERR_ENV_LOWPRI , 
//define  P G P E R R_E  N V_B  A D V A R 
PGPERR  ( P G P E R R_E  N V_B  A D V A R , 


PGPERR  ( P G P E R R_C  H A R M A P_U  N KN  0 W N , 

//define  PG  P E R R_F  I L E_B  A D 0 P 
PGPERR  ( P G P E R R_F I L E_B  A D 0 P , 

//define  PG  P E R R_F  I L E_0  P F A I L 
PGPERR  (PGPERR_FIL  E_0  P F A I L , 


//define  PG  P E R R_P  A R S E A S C_I  N C OM  P L E T E 
PGPERR  ( PGPERR_PARSEASC_IN COMPLETE, 

//define  PG  P E R R_F  I L E F I F 0_S  E E K -230 
PGPERR  ( P G P E R R_F I L E F I F 0_S  E E K , 

//define  PG  P E R R_F  I L E F I F 0_W  R I T E -231 

PGPERR  (PGPERR_FILEFIF  0_W  RITE, 

//define  PG  P E R R_F  I L E F I F 0_R  E A D -232 
PGPERR  ( PGPERR_F I LE F I F0_RE AD, 

//define  PGPE  RR_S  YSTEM_PGPK  -240 

PGPERR  ( P G P E R R_S  Y S T E M_P  G P K , 


"Invalid  annotation  to  join  module") 
-200 

"Not  enough  data  in  randseed  file") 


-205 

"Env  Var 

-206 

"Invalid 

-210 

"Unknown 

-215 

"Invalid 

-216 

" Pgp  F i l e 

Invalid  PgpFile  Operation") 


-220 

"Ascii  Armor  Input  Incomplete") 
"Temp-File  Seek  Error") 

"Temp-File  Write  Error") 

"Temp-File  Read  Error") 


"Error  Executing  PGPK  Program") 

/*  These  errors  occur  only  in  key  management,  and  have  extra  info  attached.  */ 


//define 

PGPERR 

P G P E R R_K  E Y I 0_R  E A D I N G 
( P G P E R R_K  E Y I 0_R  E A D I N G , 

-300 

"1/0 

error 

r e a d i ng 

keyring" 

) 

//define 

PGPERR 

P G P E R R_K  E Y I 0_W  R I T I N G 
( P G P E R R_K  E Y I 0_W  R I T I N G , 

-301 

"1/0 

error 

writing 

keyring" 

) 

U define 
PGPERR 

PGPERR_KEYI0_FTELL 
( P G P E R R_K  EYI0_FTELL, 

-302 

"1/0 

error 

finding 

keyring 

position") 

#d  e f i n e 

PGPERR 

P G P E R R_K  E Y I 0_S  E E K I N G 
( P G P E R R_K  E Y I 0_S  E E K I N G , 

-303 

"1/0 

error 

seeking 

keyring" 

) 
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//define 

PGPERR 

PGPERR_KE Y I 0_0  P E N I N G 
( PGPERR_KEYI 0_0  P E N I N G , 

-304 

"1/0 

error 

open i ng 

keyring") 

//define 

PGPERR 

PGPERR_KEYI0_CL0SING 
( PGPE R R_KE Y I 0_C LOSING, 

-305 

"1/0 

error 

closing 

keyring") 

//define 

PGPERR 

PG  P E R R_K E Y I 0_F  LUSHING 
( PGPE RR_KE Y I 0_F LUSHING, 

-306 

"1/0 

error 

flushing 

keyring") 

/ * 

* The  following  errors  indicate  that  someone  modified  a file  while  it 

* was  open  for  access.  These  can  also  be  found  in  trouble  logs. 

* / 

/*  Did  a seek  to  a known  packet,  encountered  EOF  there!  */ 

//define  P G P E R R_KE Y I 0_E 0 F -310 

PGPERR  ( PG  P E R R_K  E Y I 0_E  OF,  "Unexpected  EOF  fetching  key  packet") 


/ * 

* Did  a seek  to  a known  packet,  found  something  different  there! 

* If  this  happens  after  a keyring  has  been  opened,  it  means  that 

* the  keyring  has  been  changed  out  from  under  PGP! 

* / 

//define  PG P E R R_KE Y I 0_B A D P KT  -311 

PGPERR  ( PG  P E R R_KE  Y I 0_ES  A D PKT  , "Bad  data  found  where  key  packet  expected") 


//define  PG P E R R_KE Y I 0_B A D F I L E -312 

PGPERR  ( PG  P E R R_KE  Y I 0_B  A D F I L E , "Not  a keyring  file") 


/ * 

* The  following  errors  are  warnings  found  in  RingFile  trouble  logs  only. 

* The  only  other  possibilities  found  in  trouble  logs  are 

* - PGPERR_KEYI 0_R  E A D I N G 

* - P G P E R R_K  E Y I 0_F  T ELL 

* - PGPERR_KEYI 0_E 0 F 

* - P G P E R R_KE  Y I 0_B  A D P KT 

* - P G P E R R_N  0 M E M 

* / 

//define  P G P E R R_T R 0 U B L E_M A X -318 

//define  PGPERR  TROUBLE  MIN  -349 


//define  PG  P E R R_T  R0  U B L E_KE  Y S U BKE  Y -318 
PGPERR  ( PG PE RR_TR0UBLE_KEY SUBKEY, 
//define  PG  P E R R_T  ROU  B L E_S  I G S UBKE  Y -319 
PGPERR  ( PGPERR_TROUBLE_S IGSUBKE Y, 
//define  P G P E R R_T  R 0 U B L E_B  A D T R U S T -320 
PGPERR  ( P G P E R R_T  R 0 U B L E_B  ADTRUST, 
//define  PG  P E R R_T  R 0 U B L E_U  N KP  KTB  Y T E -321 
PGPERR  ( PGPERR_TR0UBL  E_U  NKPKTBYTE, 
//define  PG  P E R R_T  R 0 U B L E_U  N X S U B K E Y -322 
PGPERR  ( PG PER R_T R 0 U B L E_U N X SUBKEY, 
//define  P G P E R R_T  R 0 U B L E_U  N X N A M E -323 
PGPERR  ( PG  P E R R_T  R0  U B L E_U  N X N AM  E , 

//define  PG  P E R R_T  R 0 UB  L E_U  NX  S I G -324 

PGPERR  ( P G P E R R_T  R0UBLE_UNXSIG, 

//define  PG  P E R R_T  ROU  B L E_UNX  T R U S T -325 
PGPERR  ( PGPERR_TROUBLE_UNXTRUST, 
//define  PG  P E R R_T  R 0U B L E_KE  Y 2 B I G -326 
PGPERR  ( PGPERR_TR0UBLE_KEY2BIG, 


"Key  matches  subkey") 

"Signature  by  subkey") 

"Trust  packet  malformed") 
"Unknown  packet  byte  in  keyring' 
"Unexpected  subkey  (before  key)' 
"Unexpected  name  (before  key)") 
"Unexpected  sig  (before  key)") 
"Unexpected  trust  packet") 

"Key  grossly  oversized") 


) 

) 
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//define  PGPERR. 
PGPERR  (PGPERR. 
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/ * 

* Errors  that 

* If  multiple 

* 


TR0UBLE_SEC2BIG  -327 
TR0UBLE_SEC2BIG, 
TR0UBLE_NAME2BIG  -328 
.T  R 0 U B L E_N  AME2BIG, 
TROUBLE_SIG2BIG  -329 
TR0UBLE_SIG2BIG, 
TROUBLE_DUPKEYID  -330 
.T  R 0 U B L E_D  UPKEYID, 
TROUBLE_DUPKEY  -331 
T R 0 U B L E_D  1)  P KE  Y , 
TROUBLE_DUPSEC  -332 
.TROUBLE_DUPSEC, 
.TROUBLE_DUPNAME  -333 
.TROUBLE_DUPNAME, 
,TROUBLE_DUPS IG  -334 
.TROUBLE_DUPSIG, 


"Secret  key  grossly  oversized") 

"Name  grossly  oversized") 

"Sig  grossly  oversized") 

"Duplicate  KeylD,  different  keys") 
"Duplicate  key  (in  same  keyring)") 
"Duplicate  secret  (in  same  keyring)") 
"Duplicate  name  (in  same  keyring)") 
Duplicate  signature  (in  same  keyring)") 


.T  R 0 U B L E_D  1)  P U N K -335 

.TROUBLE_DUPUNK,  "Duplicate  unknown  \"thing\"  in  keyring") 

_T  R 0 U B L E_B  A R E KE  Y -336 

TROUBLE_BAREKE Y,  "Key  found  with  no  names") 

_TR0UBLE_VERSI0N_BUG_PREV  -337 

,TR0UBLE_VERS I 0 N_B U G_P R E V , "Bug  introduced  by  l e g a l_k l u d g e " ) 

_T  R 0 U B L E_V  ERSION_BUG_CUR  -338 

T ROUB L E_V E R S I 0N_BU G_C U R , "Bug  introduced  by  l e g a l_k l u d g e " ) 
TR0UBLE_0LDSEC  -339 

T R OUB LE_0 L D S E C , "Passphrase  is  out  of  date") 

.TROUBLE_NEWSEC  -340 

T R0 U B L E_N E W S E C , "Passphrase  is  newer  than  another") 

can  be  encountered  when  parsing  a key. 
errors  apply,  only  the  last  is  reported. 


* Note:  Obviously  the  modulus  n = p*q  must  be  odd,  if  p and  q 

* are  both  large  primes,  since  all  primes  greater  than  2 are  odd. 

* The  exponent  e must  have  a corresponding  decryption  exponent 

* d such  that  e*d  mod  gcd(p-1,q-1)  = 1.  Since  p-1  and  q-1  are  both 

* even,  their  gcd  must  also  be  even  and  thus  e*d  mod  2=1,  implying 

* that  e mod  2 = 1. 

* I.e.  if  e were  even,  the  message  would  not  be  decryptable. 

* / 

//define  PG  P E R R_KE  Y_M  A X -350 
//define  PGPERR  KEY  MIN  -359 


/*  PG P E R R_KE Y_L0 NG  is  a warning  only 


//define  PG  P E R R_KE  Y_L  0 N G -350 

PGPERR  ( P G P E R R_K  E Y_L  0 N G , 

//define  PG  P E R R_KE  Y_S  H 0 RT  -351 

PGPERR  ( PGPERR_KE Y_SH0RT, 

//define  PG  P E R R_KE  Y_V  E R S I ON  -352 

PGPERR  ( PGPERR_KEY_VERS ION, 

//define  PG  P E R R_KE  Y_PKA  LG  -353 

PGPERR  ( P G P E R R_K  E Y_P  K A LG , 

//define  PG  P E R R_KE  Y_M0  D M P I -354 

PGPERR  ( P G P E R R_K  E Y_M  0 D M P I , 

//define  PG  P E R R_KE  Y_E  X PM  P I -355 

PGPERR  ( PGPERR_KEY_EXPMPI , 

//define  P G P E R R_K  E Y_M  0 D E V E N -356 

PGPERR  ( P G P E R R_KE  Y_M  0 D E V E N , 


"Key  packet  has  trailing  junk") 
"Key  packet  truncated") 

"Key  version  unknown") 

"Key  algorithm  unknown") 

"Key  modulus  mis-formatted") 
"Key  exponent  mis-formatted") 
"RSA  public  modulus  is  even") 
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//define  PG P E R R_KE Y_E X P E V E N 
PGPERR  ( PGPERR_KEY_EXPEVEN, 
//define  PG P E R R_KE Y_M P I 
PGPERR  ( PGPERR_KE  Y_M  PI, 


-357 

-358 


"RSA  public  exponent  is  even") 
"Key  component  mi s-f ormatted") 


/* 

* Errors  that  can  be  encountered  when  parsing  a signature. 

* If  multiple  errors  apply,  only  the  last  is  reported. 

* / 

//define  PG P E R R_S I G_M AX  -360 
//define  PGPERR  SIG  MIN  -369 


//define  P G P E R R_S  I G_L0  N G 
PGPERR  ( P G P E R R_S I G_L0  N G , 
//define  PG  P E R R_S  I G_S  H 0 R T 
PGPERR  ( PGPERR_SIG_SHORT, 
//define  P G P E R R_S  I G_M  P I 
PGPERR  ( PGPERR_S IG_MPI , 
//define  P G P E R R_S  I G_P  K A L G 
PGPERR  ( P G P E R R_S I G_P  K A LG, 
//define  PG  P E R R_S  I G_E  X T R A L E N 
PGPERR  (PGPERR_SI G_E  XTRALEN, 
# d e f i n e PG P E R R_S I G_V E R S I ON 
PGPERR  ( PGPERR_SIG_VERSION, 

//endif  /*  PGPERR  H */ 


-360 

-361 

-362 

-363 

-364 

-355 


'Signature  packet  has  trailing  junk") 
Signature  truncated") 

Signature  integer  mi s-f ormatted" ) 
Signature  algorithm  unknown") 

Bad  signature  extra  material  (not  5)") 
Signature  version  unknown") 
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pgpmsg.h 

/* 

* pgpmsg.h  --  A file  of  PGP  Messages 

* 

★ Written  by:  Derek  Atkins  < wa  r l o r d 3 M I T . E D U > 

* 

★ This  is  a Public  API  Function  Header  . 

★ 

* $ I d : pgpmsg.h, v 1.7  1 996/1  1 /1  2 02:1  7:44  mhw  Exp  $ 
*/ 


# i f nd e f PGPMSG_H 
#def i ne  PGPMSG_H 

# i f nd  e f PGPMSG 

#define  PGPMSGCnum,  string)  /*  nothing  */ 

const  char  *pgpmsgString  (int  type); 
ft  e nd  i f 


^define  PG  PM  S G_N  ONE  0 

PGPMSG  ( P G P M S G_N  ONE,  "") 


# d e f i n e P G PM  S G_N  0_K E Y 1000 

PGPMSG  ( P G P M S G_N 0_K E Y , "Error  getting  public  key") 


#def i ne  PG PM S G_S I G_U N KNO WN_KE Y I D 1050 

PGPMSG  ( PGPMSG_SIG_UNKNOWN_KEYID, 


"Signature  by  unknown 
#def i ne  PG PM S G_S I G_E R R 0 R 
PGPMSG  ( PGPMSG_SIG_ERR0R, 

# d e f i n e PG PM S G_S I G_N 0 V E R I F Y 
PGPMSG  ( P G P M S G_S I G_N  0VERIFY, 
#d  e f i n e PG PM S G_S I G_A D D_E R R 0 R 
PGPMSG  ( P G P M S G_S I G_A  D D_E  R R 0 R , 

# d e f i n e PG PM S G_S I G_N 0_C H E C K 
PGPMSG  ( PGPMSG_SIG_NO_CHECK, 


keyid:  % . * s " ) 

1051 

"Signature  check  got  an  error") 

1052 

"Signature  verification  unsuccessful") 

1053 

"Error  adding  Sig") 

1054 


"None  of  the  signatures  were  understood;  can't  check") 
# d e f i n e PG PM S G_S I G_B A D H A S H 1055 

PGPMSG  ( P G P M S G_S I G_B  A D H A S H , 

"unknown  hash:  unable  to  verify  signature") 

^define  PG PM S G_S I G_N 0 S I G S 1056 

PGPMSG  ( PG P M S G_S I G_N 0 S I G S , "No  signatures  to  check") 

#define  PG PM S G_E N C R Y PT E D_P A S S P H R A S E 1100 

PGPMSG  ( P G P M S G_E  NCRYPTED_PASSPHRASE, 

"This  message  is  encrypted  with  a pass  phrase") 


tfdefine  PG PM S G_U NB A L A N C E D_S C 0 P E 1150 

PGPMSG  ( P G P M S G_U  NBALANCE  D_S  COPE,  "Unbalanced  Scope") 


# d e f i n e PGPMSG_N  0_P  U B K E Y 
PGPMSG  ( PGPMSG_NO_PUBKEY, 
tfdefine  PG PM S G_N 0_S E C KE Y 
PGPMSG  ( PGPMSG_N0_SECKEY, 


1200 

"No  public  key  available") 
1201 

"No  secret  key  available") 


# d e f i n e PG PM S G_C OMM I T_I N V A L I D 1250 
PGPMSG  (PGPMSG_C0MMIT_INVALID, 

"Invalid  response  from  commit:  %d") 
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//define  PG PM S G_E S K_NO D E C R Y PT 
PGPMSG  ( PGPMSG_ES  K_N  ODECRYPT, 
//define  PG PM S G_E S K_A D D_E R RO R 
PGPMSG  ( PGPMSG_ESK_ADD_ERROR, 
//define  P G PM S G_E S K_B A D T Y P E 
PGPMSG  (PGPMSG_ES  K_B  A D T Y P E , 
//define  P G P M S G_E S K_B A D P A S S 
PGPMSG  ( PGPMSG_ESK_BADPASS, 


1 300 

"Decryption  unsuccessful") 

1 301 

"Error  adding  ESK") 

1 302 

"Bad  ESK  Type...  skipping") 

1 303 

"Passphrase  incorrect.  Try  Again.") 


//define  PG PM S G_S E P S I G_N 0 V E R I F Y 1350 

PGPMSG  ( P G P M S G_S  E P S I G_N  OVERIFY,  "Separate  signature  unsuccessful") 

//define  PG PM S G_S E P S I G 1351 

PGPMSG  ( PGPMSG_SEPSIG,  "This  signature  applies  to  another  message") 


//define  PGPMSG_ANNOTATE_ERROR 
PGPMSG  ( P G P M S G_A  N N 0 T A T E_E  R R 0 R , 


1 400 

"Annotate  returned  an  error") 


//define  PG PM S G_PKE_E N C R Y PT E D 1450 

PGPMSG  ( PGPMSG_PKE_ENCRYPTED, 

"This  message  is  public  key  encrypted  using  pke  type  %d") 


//define  P G P M S G_T R Y_A G A I N 
PGPMSG  ( P G P M S G_T  RY_AGAIN, 


1 500 
"Try 


again") 


//define  PG  PM  S G_D  E VN  U LL_C  R E A T E 1550 
PGPMSG  ( P G P M S G_D  E V N U L L_C  R E A T E , "Cannot 

//define  PG PM S G_A L LO C_H A S H_BU F F E R 
PGPMSG  ( PGPMSG_ALLOC_HASH_BU F FER, 
//define  PG  PM  S G_A  LL0  C_H  A S H_C  LON  E 1601 
PGPMSG  (PGPMSG_ALL0C_HASH_CL0NE, 


create  Dev  Null  Module") 

1600 

"Failed  to  allocate  hash  buffer") 
"unable  to  clone  hash;  bailing") 


matches 

1651 
"line 

1652 
"line 

1653 
"line 

1654 

boolean 

1655 


//define  PG  PM  S G_C  ON  F I G_AMB  I G UOU  S 1650 

PGPMSG  (PGPMSG_CONFIG_AMBIGUOUS, 

"line  %u:  ambigious  key  %.*s, 

//define  PG  PM  S G_C  ON  F I G_U N KN 0 W N_K E Y W 0 R D 
PGPMSG  ( PG  PM  S G_C  0 N F I G_U  N KN  0 W N_K E Y W 0 R D , 

//define  P G P M S G_C  0 N F I G_S  T R I N G E N D 
PGPMSG  (PGPMSG_CONFI G_S  T RINGEND, 

#def i ne  PG PM S G_C ON F I G_M I S S I N G_EQU A L 
PGPMSG  ( P G P M S G_C  0 N F I G_M I S S I N G_E Q U A L , 

//define  PG PM S G_C ON  F I G_M I S S I N G_BOO L E A N 
PGPMSG  ( P G PM  S G_C  O N F I G_M I S S I N G_B 0 0 L E A N , 

"line  % u:  Missing  argument  to 
//define  PG  PM  S G_C  0 N F I G_U  N KN  0 WN_B0  0 LE  AN 
PGPMSG  ( P G P M S G_C  0 N F I G_U N KN 0 W N_B 0 0 L E A N , 

"line  % u:  Unrecognized  argument 
//define  PG  PM  S G_C  0 N F I G_U  N KN  0 WN_I  N T E G E R 
PGPMSG  ( PGPMSG_C0NF I G_U N KN 0 W N_I N T E G E R , 

"line  %u:  Unrecognized  argument 
//define  P G P M S G_C 0 N F I G_M I S S I N G_I N T E G E R 
PGPMSG  (PGPMSG_CONFIG_MISSING_INTEGER, 

"line  %u:  Missing  argument  to  integer 
//define  PG  PM  S G_C  0 N F I G_I  N T_T  00_H  I G H 1658 

PGPMSG  ( PGPMSG_C0NFIG_INT_T00_HIGH, 

"line  %u:  Argument  to  %.*s  is  too  high 
//define  PG  PM  S G_C  ON  F I G_I  NT_T00_L0W  1659 

PGPMSG  ( PGPMSG_C0N  F I G_I N T_T 0 0_L0 W , 

"line  %u:  Argument  to  %.*s  is  too  low: 


%s  and  %s  . " ) 

%u:  unknown  keyword  %.*s 
%u:  unterminated  string 


% . * s " ) 


%u:  Missing  '='  after  %.*s") 


option  % . *S" ) 


to  boolean 

1656 

to  integer 

1657 


option  % . * s : %.*s") 


option  %.*s:  %.*s") 


option  %.*s") 


% d , max  %d") 


%d , min  %d") 
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//define  PG PM S 6_C ON F I G_I N V A L I D_I N T E G E R 1660 

PGPMSG  ( PGPMSG_CONFI G_I NVALID_INTEGER, 

"line  Xu : Invalid  argument  to  integer  option  %.*s:  %.*s") 

//define  PG PM S G_C 0 N F I G_S T R I NG_T00_L0NG  1661 

PGPMSG  ( PGPMSG_C0NFIG_STRING_T00_L0NG, 

"line  %u:  Argument  to  %.*s  is  too  long  %d") 

//define  PG PM S G_C ON F I G_I N V A L I D_S T R I NG  1662 

PGPMSG  ( P G PM  S G_C  0 N F I G_I N V A L I D_S T R I N G , 

"line  %u:  Invalid  argument  to  string  option  %.*s:  %.*s") 

//define  PG PM S G_C 0 N F I G_N0_F I L E 1663 

PGPMSG  ( P G PM S G_C 0 N F I G_N 0_F I L E , "Cannot  open  configuration  file  %s") 

//define  PG PM S G_C 0 N F I G_L I N E_T00_L0 N G 1664 

PGPMSG  ( PG  PM  S G_C  0 N F I G_L  I N E__T 0 0_L 0 N G , "line  %u:  Line  too  long  %s") 

//define  PG  PM  S G_C  0 N F I G_B  A D_C  H A R 1665 

PGPMSG  ( PG PM S G_C 0 N F I G_B A D_C H A R , "line  %u:  Bad  C h a r a c t e r \ n % s \ n 0 f f s e t %d") 
//define  PG  PM  S G_C  0 N F I G_M  A X_E  R R0  R S 1666 

PGPMSG  ( PG PM S G_C 0 N F I G_M A X_E R R 0 R S , "Processing  halted  after  %d  errors") 

//define  PG  PM  S G_C  0 N F I G_N  UM_E  R RO  R S 1667 

PGPMSG  (PGPMSG_CONFIG_NUM_ERRORS,  "%d  error(s)  detected") 

//end  i f /*  PGPMSG  H */ 
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pgpui.h 

/ * 

* pgpui.h  --  Header  for  PGP  UI  Callback  defintions. 

* 

* Written  by:  Derek  Atkins  < w a r l o r d 5)  M I T . E D U > 

* 

* This  is  a Public  API  Function  Header. 

* 

* Sid:  pgpui.h, v 1.21  1996/11/12  02:17:44  mhw  Exp  $ 
*/ 

# i f n d e f PGPUI_H 
#def i ne  PGPU I_H 

#include  " pg p / u s ua  l s . h " 


struct  PgpPipeline; 

# i f nd  e f T Y P E_PG P P I P E L I N E 

# d e f i n e T Y P E_P G P P I P E L I N E 1 

typedef  struct  PgpPipeline  PgpPipeline; 

#end  i f 

struct  PgpESK; 

# i f n d e f TYPE_PGPESK 

# d e f i n e TYPE_PGPESK  1 
typedef  struct  PgpESK  PgpESK; 

# e nd  i f 

struct  PgpSig; 

# i f ndef  TYPE_PGPSIG 

# d e f i n e TYPE_PGPSIG  1 
typedef  struct  PgpSig  PgpSig; 
ft  end  i f 

/ * 

* This  is  the  structure  that  contains  the  callback  function  pointers 

* for  the  PGP  UI  callbacks.  An  application  fills  in  this  structure 

* with  the  appropriate  functions  to  perform  the  callbacks.  Some 

* callbacks  support  additional  arguments  to  the  msg.  Callback 

* functions  should  use  stdarg,  where  each  argument  is  of  type  "struct 

* PgpUICbArg  const  *" 

* / 

struct  PgpUICb  C 

/*  required  callbacks  */ 

int  (*message)  (void  *arg,  int  type,  int  msg,  unsigned  numargs,  ...); 
int  (*doCommit)  (void  *arg,  int  scope); 

int  (*newOutput)  (void  *arg,  struct  PgpPipeline  **output, 

int  type,  char  const  * s ug g e s t e d_n a me ) ; 
int  (*needlnput)  (void  *arg,  struct  PgpPipeline  *head); 
int  ( * s i gV e r i f y ) (void  *arg,  struct  PgpSig  const  *sig, 

byte  const  *hash); 

int  ( * e s k D e c r y p t ) (void  *arg,  struct  PgpESK  const  *esklist, 

byte  *key,  size_t  *keylen, 

int  (*tryKey)  (void  *arg,  byte  const  *key, 

s i z e_t  keylen), 

void  *tryarg); 

/*  optional  callbacks  below  this  line  */ 

int  (*annotate)  (void  *arg,  struct  PgpPipeline  *origin,  int  type, 

byte  const  *string,  size_t  size); 
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>; 

# i f nde  f TYPE_PGPUICB 
^define  TYPE_PGPUICB  1 
typedef  struct  PgpUICb  PgpUICb; 

# e nd  i f 


/*  Define  whether  a callback 
#de  f i ne  P G P_U I_A  R G_I  N T 
# d e f i n e PG P_U I_A R G_U N S I G N E D 
^define  PG P_U I_A R G_WO R D 32 
tfdefine  PG P_U I_A RG_S T R I NG 
#define  PGP  UI  ARG  BUFFER 


a rgument 
1 
2 

3 

4 

5 


is  an  int  or  a string  */ 


/ * 

* This  structure  is  used  for  callback  arguments.  Whenever  a callback 

* of  any  sort  requires  arguments,  this  structure  is  used  to  hold  the 

* arguments.  The  type  is  any  PGP_UI_ARG_*  and  the  appropriate  entry 

* in  val  is  used. 

*/ 

struct  PgpUICbArg  { 
int  type; 
union  { 

int  i ; 

unsigned  u; 
word32  w32; 
char  const  *s; 
struct  f 

byte  const  *buf; 
unsigned  len; 

} b u f ; 

> val; 

>; 

# i f nde  f T Y P E_PG P U I C B A R G 

#def i ne  T Y P E_PG P U I C B A R G 1 

typedef  struct  PgpUICbArg  PgpUICbArg; 

Send  i f 


#end i f /*  PGPUI  H */ 
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pktbyte.h 


/ * 

* pktbyte.h  --  Definitions  of  packet  byte  types 


* 


★ 

This  is  a PRIVATE 

header  file,  for  use 

only 

w i 

thin  the 

PGP 

Library 

* 

You  should  not  be 

using  these  functions 

i n 

a n 

a pp  l i c a t i 

on  . 

★ 

* 

$Id:  pktbyte. h , v 1 

.22.2.1  1996/11/14  04 

: 09  : 

27 

cbertsch 

Exp 

$ 

*/ 

//ifndef  PKTBYTE_H 
#def i ne  P KT  B Y T E_H 

//include  " pg p / u s u a L s . h " 

//define  I S_0 L D_P KT B Y T E ( p k t by t e ) (((pktbyte)  & OxCO)  ==  0x80) 

//define  I S_N E W_P KT B Y T E ( p k t by t e ) (((pktbyte)  & OxCO)  ==  OxCO) 

//define  OLD_PKTBYTE_TYPE ( pktbyte ) (((pktbyte)  >>  2)  & OxF) 

//define  NEW_PKTBYTE_TYPE ( pktbyte ) ((pktbyte)  & 0x3F) 

//define  PKTB Y T E_T Y P E ( p k t by t e ) ( I S_0 L D_P KT B Y T E (pktbyte)  ? \ 

0 L D_P  KT  B Y T E_T  YPE(pktbyte)  : \ 

N E W_P  KT  B Y T E_T  YPE(pktbyte) ) 

//define  P KT B Y T E_L L E N ( p k t b y t e ) ((pktbyte)  & 3) 

//define  P KT B Y T E_B U I L D ( t y p e , lien)  ((type)>0xf  ? \ 

P KTB  Y T E_B  U I L D_N  EW(type)  : P KT B Y T E_B U I L D_0 L D ( t y p e , Lien)) 

//define  P KT  B Y T E_B  U I L D_0  L D ( t y p e , Lien)  ((byte)(0x80  | ((type)  8 OxF)  <<2  \ 

| (Lien))) 

//define  PKTB  Y T E_BU  I L D_N  E W ( t y pe  ) ((byteMOxCO  | ((type)  & 0x3F))) 

//define  LLEN  TO  BYTES(llen)  ((1  <<  (Lien))  & 7) 


/ * 

* For  the  new  packet  formats  --  macros  for  creating  the  Length  byte(s) 

* of  terminating  subpackets.  The  format  is: 


* 

Format 

Length 

Macro 

★ 

Osssssss 

0-127 

P KT  L E N_1 BYTE ( ) 

★ 

lOssssss 

128-191 

P KT  L E N_1 BYTE ( ) 

★ 

1 1 Osssss  ssssssss 

1 92-8383 

P KT  L E N_B  Y T E 0 ( ) , P KT L E N_B Y T E 1 ( ) 

A 

* P KT  L E N_0  N E_B  Y T E ( ) is  used  to 

determine  if 

the  length  is  1 byte 

(use 

* PKTLEN_1 BYTE ( ) ) or  two  bytes 

(use  P KT  L E N_ 

BYTEOO  then 

* P KT  L E N_B  Y T E 1 ( ) ) 

* / 

//define  PKTLEN_0N  E_B  YTE(  len) 

((len)  < 192) 

//define 

PKTLEN_1 BYTE ( len) 

(byte)(len  & 

Ox  F F ) 

#def i ne 

P KT  L E N_B  Y T E 0 ( len) 

(byte)  (OxCO 

+ ( ( ( len-192)  >>  8)  8 

0x1 F ) ) 

//define 

P KT  L E N_B  Y T E 1 (len) 

(byte)((len- 

192)  8 OxFF) 

/* 

* A non-terminating  subpacket  (followed  by  another  subpacket)  is 

* a power  of  two  bytes  long  and  has  a length  byte  encoded  as 

* follows: 

* 1 1 1 xxxxx  2A0-2A31  bytes 

* / 


/ * Types  * / 
enum  pktbyte  ( 

P KT  B Y T E_E  S K = 1, 

P KT  B Y T E_S I G = 2, 
PKTBYTE_CONVESK  = 3, 
PKTBYTE_1 PASSSIG  = 4, 
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> ; 

# e n d i f 


PKTBYTE_SECKEY  = 5, 
PKTBYTE_PUBKEY  = 6, 
PKTBYTE_PUBSUBKEY  = 7, 
PKTBYTE_COMPRESSED  = 8, 
PKTBYTE_CONVENTIONAL  = 9, 
P KT  B Y T E_M  AGICNUMBER  = 10, 
PKTBYTE_LITERAL  = 11, 

P KT  B Y T E_T  RUST  = 12, 

P KT  B Y T E_N  A M E = 13, 
PKTBYTE_COMMENT  = 14, 
PKTBYTE_SECSUBKEY  = 16, 


/*  PKTBYTE  H */ 
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/ * 

* usuals.h  - Typedefs  and  //defines  used  widely. 

★ 

* $ I d : usuals.h, v 1.15  1996/11/12  02:17:44  mhw  Exp  $ 

* / 

ZHfndef  PGP_USUALS_H 
//define  PGP  USUALS_H 


//include  <limits.h> 


typedef  unsigned  char 
typedef  unsigned  int 
typedef  unsigned  long 


uchar; 
u i n t ; 
ulong; 


//if  U C H A R_M  A X ==  Oxff 
typedef  unsigned  char  byte; 
typedef  signed  char  int8; 

//else 

//error  This  machine  has  no  8-bit  type 
//  e nd  i f 


ti  i f 1)  I N T_M  A X ==  Oxffff 
typedef  uint  w o r d 1 6 ; 
typedef  int  i n 1 1 6 ; 

# e l i f U S H R T_M  A X = = Oxffff 
typedef  unsigned  short  w o r d 1 6 ; 
typedef  short  i n 1 1 6 ; 

# e l s e 

//error  This  machine  has  no  16-bit  type 

# e n d i f 


//if  U I N T_M  A X ==  Oxfffffffful 
typedef  uint  w o r d 3 2 ; 
typedef  int  int32; 

#elif  UL0NG_MAX  ==  Oxfffffffful 
typedef  ulong  word32; 
typedef  long  int32; 

//else 

#error  This  machine  has  no  32-bit  type 
#end  i f 

/ * 

* Find  a 64-bit  data  type,  if  possible. 

* The  conditions  here  are  more  complicated  to  avoid  using  numbers  that 

* will  choke  lesser  preprocessors  (like  0 x f f f f f f f f f f f f f f f f ) unless 

* we're  reasonably  certain  that  they'll  be  acceptable. 

* / 

#if  UL0NG_MAX  > Oxfffffffful 

ft  i f U L 0 N G_M  A X ==  0 x f f f f f f f f f f f f f f f f u l 

typedef  ulong  bnword64; 

//define  BNW0RD64  bnword64 
//define  HAVE64  1 
//end  i f 
# e n d i f 

/ * 

* I would  test  the  value  of  unsigned  long  long,  but  some  *preprocessors* 

* choke  on  constants  that  long  even  if  the  compiler  can  accept  them,  so 
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* it  doesn't  work  reliably.  So  cross  our  fingers  and  hope  that  it's 

* a 64-bi t type . 

* 

* GCC  uses  UL0NG_L0NG_MAX . Solaris  uses  ULLONG_MAX. 

* IRIX  uses  U L 0 N G LO N G_M A X . Are  there  any  other  names  for  this? 

*/ 

# i f n d e f HAVE64 

#if  defined(ULON  G_L  0 N G_M  AX)  ||  defined  ( U L L 0 N G_M  AX)  ||  d e f i n e d ( U L 0 N G L 0 N G. 
typedef  unsigned  long  long  w o r d 6 4 ; 
typedef  long  long  i n 1 6 4 ; 

#def i ne  HAVE64  1 

# e nd  i f 
Send  i f 

^include  <string.h>  /*  Prototype  for  memset  */ 

/ * 

* Wipe  sensitive  data. 

* Note  that  this  takes  a pointer  to  a structure  to  be  wiped! 

* / 

#define  wipe(x)  memsetCx,  0,  s i z eof  ( * ( x ) ) ) 

/*  This  is  a useful  macro  to  find  the  minimum  of  two  values  */ 

# i f nd  e f min 

^define  min(x,y)  (((x)<(y))  ? (x)  : (y)) 

Send  i f 


U i f ndef  max 

#define  max(x,y)  ( ( ( x ) > ( y ) ) ? (x) 

Send  i f 


(y)  ) 


/*  A way  to  hold  the  PGP  Version  number  */ 
typedef  int  PgpVersion; 

# d e f i n e PGPVERSI0N_2  2 /*  2.0  through  2.5  */ 

#define  P G P V E R S I 0 N_2_6  3 /*  2.6.x  */ 

# d e f i n e PGPVERSI0N_3  4 /*  3.0  */ 

/*  The  PGP  Library  Version  string  */ 
extern  char  const  pgpLibVersionStringCO; 

/*  The  PGP  Library  Cipher  IV  Length  */ 

#define  IVLEN  10 


/*  Literal  Message  Types  */ 
#def i ne  PG P_L I T E R A L_T E X T 
#def i ne  PGP  LITERAL  BINARY 


\ 1 6 4 ' /*  Ascii  ' t ' */ 

\ 1 4 2 ' /*  Ascii  ' b ' */ 


#e  nd i f /*  PGP  USUALS  H */ 


MAX  ) 


717 


lib/ pgp/keys/ 

keys/ 


718 


lib/ pgp/keys/.cvsignore 


•cvsignore 

Makefile  DONE 
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Makefile. in 

# 

ft  l i b/  keys 
# 

ft  $ I d : Makefi  Le.in,v  1.25  1 996/1  1 /1  2 02:1  7:45  mhw  Exp  $ 

ft 

0BJS=  mempool.o  ringpub.o  ringpriv.o  ringpkt.o  ringpars.o  ringread.o  \ 
ringmnt.o  trust. o trustpkt.o 

PUBHDRS=  ringmnt.h  ringpub.h  ringread.h  trust. h trustpkt.h 
PRIVHDRS=  ringpriv.h  ringpkt.h  ringpars.h  mempool.h 

all::  DONE 
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makefile.msc 

PG P L I B=  . .\.  .\pgplib.  Lib 

CFLAGS=-I..\..\..\include  -I..\..\include  \ 

-DHAVE_C0NFIG_H=1  $(DEBUG) 


a L l 


l i b 


headers:  incl 

! include  "makefile. in 


incl: 

if  not  "$ ( PUBHDRS ) " = = " " \ 

for  %f  in  ( $(PUBHDRS) 
if  not  "$( PRIVHDRS ) " " \ 

for  %f  in  ( S(PRIVHDRS) 


DOSOB J SX  = 
DOSOBJ  S = 


$(0BJS:  . o=  . ob  j ) 
$(D0S0BJSX:unix=win32) 


lib: 


S(DOSOBJS) 


do  copy  %f  . . \ \ \ i n c l ud e \ pg p 
) do  copy  % f ..\..\include 


. c . ob  j : 

$(CC)  $(CFLAGS)  -17  -c  $< 

# lib  /out : $( PGPLIB)  $(PGPLIB)  $*.obj 

clean: 

del  * . ob  j 

DONE  : 

if  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(PGPLIB)  S(DOSOBJS) 
if  not  exist  S(PGPLIB)  l i b / o u t : $ ( PG P L I B ) $(DOSOBJS) 
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mempool.c 


/ * 

* mempool.c  - Pooled  memory  allocation,  similar  to  GNU  obstacks. 

★ 

* Written  by  Colin  Plumb. 

* 

* $Id:  mempool.c, v 1.12  1996/11/12  02:17:45  mhw  Exp  $ 

* / 

ft  U del  H A V E_C  0 N F I G_H 
//include  "config.h" 

# e nd  i f 


//include 

//include 

//include 


<assert  . h> 
< s t d i o . h > 
<s  t r i ng . h> 


//include 
//include 
# include 


"mempool.h" 
"pgp/pgpmem.  h" 
"pgp/usuals.h" 


//ifndef  NULL 
#define  NULL  0 
ft  e n d i f 


/*  Define  this  symbol  to  cause  secure  wiping  */ 
//ifndef  SECURE 
//define  SECURE  1 
fie  n d i f 


/ * 

* The  memory  pool  allocation  functions 

* 

* These  are  based  on  a linked  list  of  memory  blocks,  usually  of  uniform 

* size.  New  memory  is  allocated  from  the  tail  of  the  current  block, 

* until  that  is  inadequate,  then  a new  block  is  allocated. 

* The  entire  pool  can  be  freed  at  once  by  calling  memPoo  l F r ee  ( ) . 

*/ 

struct  PoolBuf  C 

struct  PoolBuf  * n e x t ; 
unsigned  size; 

/ * Data  follows  * / 

>; 

/*  Page  size  to  use  */ 

# i f d e f MSDOS 

//define  ALL0C_UNIT  1024 

//else 

//define  ALL0C_UNIT  4096 
ft  e nd  i f 

static  struct  MemPool  const  EmptyPool  = 

C NULL,  NULL,  0,  ALL0C_UNIT,  0,  (int  (*)(void  *))NULL,  NULL}; 


/ * 

* Initialize  the  pool  for  first  use 

* / 

void 
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memPoo L I n i t ( s t r u c t MemPool  *pool) 
*poo L = Empty  Poo  L ; 

} 


/*  Set  the  pool's  purge  function  */ 
void 

memPoo  l S e t Pu rg e ( s t ru c t MemPool  *pool,  int  ( * pu r g e ) ( vo i d *),  void  *arg) 
{ 

pool->purge  = purge; 
pool->purgearg  = arg; 

} 


/ * 

* Free  all  the  memory  in  the  pool 

* / 

void 

mem  Poo  l Emp t y ( s t r u c t MemPool  *pool) 
struct  PoolBuf  * b u f ; 


while 

# i f SECURE 
#end  i f 


((but  = pool->head)  !=  NULL)  { 
pool->head  = buf->next; 

memsetlbuf,  0,  buf->size); 


pgpMemFree(buf)  ; 

> 

pool->f reespace  = 0; 
poo  l -> t o t a l s i z e = 0; 


/* 

* Restore  a pool  to  a marked  position,  freeing  subsequently  allocated 

* memory. 

*/ 

void 

memPoo  l C u t Ba c k ( s t ru c t MemPool  *pool,  struct  MemPool  const  *cutback) 

{ 

struct  PoolBuf  *buf; 

assert(pool)  ; 
assert(cutback); 


assert(pool->totalsize  >=  cutback->totalsize); 


while((buf  = pool->head)  !=  c u t ba c k-> h ea d ) 
pool->head  = buf->next; 


#if  SECURE 


# e nd i f 


> 


memsetCbuf,  0,  buf->size); 
pgpMemFree(buf); 


> 


★pool  = *cutback; 


{ 


/* 
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* Structure  and  string  allocations. 

* To  make  alingment  work,  strings  and  other  objects 

* are  allocated  from  different  pools. 

*/ 


/ * 

* Allocate  a chunk  of  memory  for  a structure,  with  the  given  alignment. 

* This  is  more  space-efficient  than  mallocO  for  small  objects 

* with  loose  alignment  restrictions  - like  short  strings. 

* Note  that  alignment  is  relative  to  the  beginning  of  a chunk  returned  from 

* mallocO,  which  is  guaranteed  by  ANSI  to  be  as  aligned  as  can  possibly 

* matter. 

*/ 


void  * 

memPoolAlloclstruct  MemPool  * p o o l , unsigned  len,  unsigned  alignment) 
{ 


char  * p ; 

unsigned  t; 

/*  Where  to  allocate  next  object  */ 
p = pool->f reeptr; 

/*  How  far  it  is  from  the  beginning  of  the  chunk.  */ 
t = p - (char  * ) po o l -> h e a d ; 

/ * 

* How  much  padding  to  add  to  f reeptr  to  make  alignment.  The  first 

* case  (not  a power  of  2)  will  never  happen,  but  we  do  it  right 

* for  bragging  rights  in  the  ANSI  C compliance  department. 

* / 

if  (alignment  & ( a l i g n m e n t - 1 ) ) 

t = alignment-1  - ( t - 1 ) % a l i g n m e n t ; /*  Never  called  */ 

else 


t = -t  S (alignment-1);  / * This  one  always  * / 


/*  Okay,  does  it  fit?  */ 
if  (pool->f reespace  >=  len+t)  { 

pool->f reespace  -=  len+t; 
P +=  t; 

pool->f reeptr  = p + len; 
return  p; 


/*  It  does  not  fit  in  the  current  chunk.  Allocate  a new  chunk.  */ 


/*  First,  figure  out  how  padding  is  needed  after  the  header.  */ 
if  (alignment  & ( a l i g n m e n t - 1 ) ) 

alignment  - = 1 + (si zeof (struct  PoolBuf)-1)  % alignment; 

else 


alignment  = (alignment-1)  & -(unsigned)sizeof(struct  PoolBuf); 
alignment  +=  sizeof (struct  PoolBuf); 

/*  Then,  figure  out  a chunk  size  that  will  fit  */ 

t = pool->chunksize; 

assert(t); 

while  (len  + alignment  > t) 
t * = 2 ; 

while  ((p  = (char  * ) pg pM em A l l o c ( t ) ) ==  NULL)  { 

/*  If  that  didn't  work,  try  purging  or  smaller  allocations  */ 
if  ( ! po o l -> p u r g e ||  ! poo l -> p u r g e ( po o l -> pu r g e a r g ) ) { 

if  (len  + alignment  ==  t) 
return  NULL; 
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> 


> 


t /=  2; 

if  (t  < l en  + a L i gnment ) 

t = len+alignment; 


/*  Update  the  various  pointers.  */ 
pool->totalsize  +=  t ; 

((struct  PoolBuf  *)p)->next  = pool->head; 
((struct  PoolBuf  *)p)->size  = t; 
pool->head  = (struct  PoolBuf  * ) p ; 
pool->f reespace  = t - len  - alignment; 
p +=  alignment; 
pool->f reeptr  = p + len; 


return  p; 

> 

#ifdef  DEADCODE 
/ * 

* Store  a string  in  the  table,  returning  a pointer  to  the  string. 

* / 

char  const  * 

me m Poo l S t o r e ( s t r u c t MemPool  *pool,  char  const  *str) 

{ 

unsigned  len  = strlen(str)  + 1; 
char  * p ; 

p = mem Po o l A l l o c ( poo l , len,  1); 
if  ( p ) 

memcpy(p,  str,  len); 
return  p; 

> 

# e nd  i f 
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mempool.h 

/ * 

* $ I d : mempool.h, v 1.6  1 996/1  1 /1  2 02:1  7:45  mhw  Exp  $ 
*/ 


//ifndef  MEMPOO  L_H 
//define  MEMPOO  L_H 

struct  MemPoo l f 

struct  PoolBuf  * h e a d ; 
char  *f reeptr; 
unsigned  f reespace; 

unsigned  chunksize;  / * Default  starting  point  * / 

unsigned  long  totalsize; 

int  (*purge) (void  *);  /*  Return  non-zero  to  retry  alloc  */ 

void  *purgearg; 

>; 

//ifndef  T Y P E_M  E M P 0 0 L 

//define  T Y P E_M  E M P 0 0 L 1 

typedef  struct  MemPool  MemPool; 

//end  i f 


/* 

* Nice  clean  interfaces 

* / 

//define  m e m P o o l I s E m p t y ( p o o l ) ( ( p o o l ) - > h e a d ==  0) 

void  memPoo l I n i t ( s t r u c t MemPool  *pool); 

void  memPoolSetPurgelstruct  MemPool  * p o o l , int  (*purge)(void  *),  void  *arg); 
void  memPoolEmptylstruct  MemPool  *pool); 

void  memPoo l C u t Ba c k ( s t r u c t MemPool  *dest,  struct  MemPool  const  *cutback); 
void  *memPoolAlloc(struct  MemPool  * p o o l , unsigned  len,  unsigned  alignment); 

# i f d e f DEADCODE 

char  const  *memPoolStore(struct  MemPool  * p o o l , char  const  * s t r ) ; 

# e n d i f 

/*  Lookie  here!  An  A S N I - c omp  l i a n t alignment  finder!  */ 

//define  alignof(type)  (sizeof (structltype  _x;  char  _y;>)  - sizeof (type)) 
//define  memPoo  l New  ( poo  l , type)  m e m P o o l A l l o c ( p o o l , s i z e o f ( t y p e ) , a l i g n o f ( t y p e ) ) 
//endif  /*  MEMPOOL  H */ 
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ringmnt.c 


/ * 

* ringmnt.c  - Perform  the  maintenance  pass  over  a keyring. 

* This  is  a Lot  more  efficient  that  the  way  PGP  2.x  did  it 

* I modestly  think,  easier  to  understand  to  boot. 

* 

* Written  by  Colin  Plumb 

* 

* $ I d : ringmnt.c, v 1.49  1996/1  1 /1  2 02:1  7:48  mhw  Exp  $ 

*/ 


tfifdef  HAVE  CONFIG  H 


//include 
tt e nd  i f 

" c on  f i g . h " 

# i nc  l ude 

<assert . h> 

tt i n c l ud  e 

<string.h> 

/* 

For 

//include 

<stddef  . h> 

//include 

<t i me  . h> 

/ * 

for 

//include 

"makesig.h" 

//include 

"pktbyte.h" 

//include 

"ringmnt.h" 

//include 

"ringpars.h" 

//include 

"ringpriv.h" 

tt  i nc  l ude 

" r i n g p k t . h " 

//  i nc  l ude 

" t r u s t . h " 

//  i nc  l ude 

"trustpkt.h" 

//include 

"pgp/hash.h" 

//include 

"pgp/pgperr  . h" 

//include 

"pgp/pubkey.h" 

//include 

"pgp/ringread.h 

ii 

//include 

" pgp/  s i g . h " 

//include 

"pgp/sigspec.h" 

tt  i n c l ud e 

"pgp/usuals.h" 

tt  i nc  l ude 

"pgp/ringui  .h" 

strlenO  * / 
time  ()  * / 


/*  for  r i ng F e t c h Ob j e c t */ 


and. 


//  i f ndef  NULL 
//define  NULL  0 
tt  e nd  i f 


/ * 

* This  symbol  marks  code  which  prints  the  progress  of  the  maintenance 

* pass.  That  code  assumes  stdio,  which  is  not  portable  across  GUIs,  so 

* something  will  need  to  be  done  about  it.  The  prints  are  left  in  the 

* source  to  make  the  location  of  the  replacements  obvious.  The  code 

* assumes  a non-existent  "FILE  *f"  to  print  to,  so  just  //defining  this 

* symbol  will  NOT  work. 

* / 

//undef  P R I N T_P  R OGRESS 
/ * 

* The  trust  models... 

* Both  models  start  from  a number  of  axiomatic  "the  buck  stops  here" 

* keys.  These  are  the  keys  owned  by  the  PGP  user.  This  is  the 

* initial  set  of  trusted  keys.  Each  key  has  a trust  value  - a 

* level  of  confidence  that  the  user  places  in  signatures  made  by 

* that  key. 

* 

* 
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* --  The  old  trust  model  -- 

* Each  key  has  an  introducer  trust,  either  ultimate,  complete,  or 

* partial.  These  have  scores  of  1,  1/x  and  1/y.  For  each  key  on  the 

* axiomatically  trusted  list,  and  each  signature  made  by  that  key  on 

* a name,  the  introducer  trust  is  added  to  the  name's  validity  score. 

* If  that  score  reaches  1,  the  name's  key  is  added  to  the  next  introducer 

* list  and  its  introducer  trust  is  used  for  the  level  after  that. 

* 

* At  the  end,  names  are  graded  according  to  their  score. 

* If  it  is  >=  1,  they  are  completely  valid.  If  it  is  >=  1/2, 

* they  are  partially  valid.  If  < 1/2,  they  are  not  valid  at  all. 

* Partial  versus  lack  of  validity  only  affects  the  warning  messages 

* printed  out.  If  a key  does  not  have  any  comletely  valid  names, 

* its  introducer  trust  is  set  to  0. 

* 

* There  are  actually  three  kinds  of  zero  introducer  trust: 

* - Undefined,  meaning  that  it  has  not  been  set.  If  a key  has 

* a completely  valid  name  and  undefined  introducer  trust,  the 

* user  is  asked  to  set  one. 

* - Unknown 

* - Untrusted 

* These  latter  two  are  equivalent  valid  "set"  values,  with  the 

* only  difference  being  for  user-interface  purposes. 

* 

* --  The  new  trust  model  -- 

* This  is  based  on  a much  more  rigorous  treatment  of  trust  by  Ueli 

* Maurer.  Consider  the  graph  formed  by  taking  each  key  as  a node  and 

* each  signature  as  an  edge,  and  assign  each  signature  an  independent 

* probability  of  being  correct.  (The  probabilities  don't  have  to  be 

* independent,  but  it  gets  messy  fast  if  they  aren't,  so  the  possibility 

* isn't  considered  any  further.)  For  each  possible  combination  of 

* valid  and  invalid  signatures,  assign  it  a probability  based  on  the 

* probability  of  each  signature  being  correct,  and  if  there  is  a path 

* of  valid  signatures  from  the  root  set  to  a given  name,  it  is  correct. 

* Add  up  the  probabilities  of  all  the  cases  in  which  the  name  is  correct, 

* and  you  have  the  computed  probability  that  the  name  is  correct. 

* 

* Basically,  you  have  to  consider  every  possible  path  from  the  root 

* set  of  axiomatically  trusted  keys  to  the  name  in  question  and  correct 

* for  overlaps  and  loops.  This  can't  be  done  in  a reasonable  amount  of 

* time,  but  a conservative  approximation  can  be  made.  By  leaving  out 

* some  of  the  more  complex  paths,  a lower  probability  can  be  computed. 

* Since  it  is  lower  than  the  ideal  computation,  it  can  still  be  trusted. 

* A good  approximation  is  fast  to  compute  and  yet  approaches  the  ideal 

* approximation  well. 

* 

* Since  PGP  supports  multiple  names  on  a key,  the  question  arises 

* which  validity  value  is  used.  The  solution  here  is  to  assign  a trust 

* value  to  each  of  the  names,  take  the  v a l i d i t y * t r u s t product  for  each 

* name,  and  take  the  maximum.  A name  which  is  meaningless  to  the  user 

* (e.g.  a name  in  an  unknown  character  set,  such  as  cyrillic  or  kanji) 

* can't  be  trusted,  but  that  doesn't  mean  that  a second  name  which  *is* 

* intelligible  should  be  penalized. 

* 

* The  approximation  that  PGP  uses  is  as  follows: 

* - Clear  all  trust  accumulators  to  0. 

* - Starting  with  a root  set  of  keys  (level  0),  each  of  which  have  some 

* specified  confidence,  take  that  confidence  directly  as  the  trust. 

* This  is  currently  assumed  to  be  ultimate.  For  each  signature  made 
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* by  such  a key,  add  the  confidence  to  the  name's  valididty  score. 

* - Using  this  provisional  validity,  multiply  each  names's  confidence 

* by  its  validity  to  get  a provisional  trust.  Use  this  trust  to 

* increase  the  validity  score  of  each  name  already  processed. 

* - Multiply  the  final  validity  by  the  confidence  to  get  the  final  trust 

* on  the  key,  which  is  used 
*/ 


/ * 

* Check  to  see  if  the  signature  is  valid  in  time.  It  must  not  be 

* post-dated,  and  must  still  be  valid. 

k 

* To  avoid  overflow  problems  with  65535  days  being  larger  than  a 32-bit 

* timestamp,  compute  how  old  the  signature  is  in  days,  and  compare 

* that  with  the  validity  period.  If  its  age,  in  days  rounded  down, 

* is  < the  validity  period,  it  is  valid.  To  deal  with  a validity 

* period  of  0 being  infinite,  subtract  one  from  the  validity  using 

* unsigned  arithmetic  and  change  the  < to  <=.  (n  < 5 iff  n <=  4,  for 

* integer  n).  0 will  wrap  to  UINT_MAX,  and  every  unsigned  number 

* compared  <=  UINT_MAX,  so  the  test  will  always  be  true. 


k 

* An  intelligent  8086  or  68000  compiler  would  evaluate  the  division  by 

* 86400  = 675  * 128  as  (x>>7)/675,  which  can  use  a 32/16  bit  divide 

* (which  can't  overflow),  but  I'd  be  surprised  if  any  PC  compilers 

* actually  did  it  that  way. 

*/ 

static  i n t 

mn t S i g I s V a l i d ( wo r d 3 2 timenow,  word32  tstamp,  unsigned  validity) 

{ 


> 


return  (tstamp  <=  timenow 

&&  ( u n s i g n e d ) ( ( t i meno w- 1 s t a mp ) / 86400 ) <=  v a l i d i t y- 1 u ) ; 


# i f 0LDTRUST 

/ k 

* Add  "inc"  trust  to  the  name  signed  by  the  given  sig. 

* If  the  trust  passes  "thresh",  mark  the  name  with  the  level 

* and  add  the  key  that  owns  it  to  the  list.  Return  the  expanded  list. 

* 

* T0D0:  Do  something  sensible  with  signatures  on  keys. 

*/ 

static  struct  RingKey  const  * 

mn t D o S i g ( s t r u c t RingSig  const  *sig,  struct  RingKey  const  *list, 

int  const  inc,  int  const  thresh,  word32  const  timenow,  int  const  level) 

{ 

union  RingObject  * n a m e , * k e y ; 
byte  sigtype; 

assert(mntSigIsValid(timenow,  sig->tstamp,  sig->validity)); 

name  = sig->up; 

if  ( ! OBJISNAME(name) ) C 

/*  aaa  do  anything  with  sigs  on  keys?  */ 
return  list; 

> 

sigtype  = sig->type  8 0xF0; 
if  (sigtype  !=  P G P_S I 6 T Y P E_K  E Y_G  E N E R I C ) 
return  list; 
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#if  P R I N T_P  R 0 G R E S S 

printfC  Trust  % d/%d  ->  / d/%d  on  name  ", 
name-> n . t r u s t v a L , thresh, 
name->trustval  + inc,  thresh); 

( vo  i d ) r i n g T t y Pu t S t r i n g ( name->n a me , name->len,  -1u,  stdout, 
putcharC  ' \ n 1 ); 

#end  i f 

name->n.trustval  +=  inc; 

/* 

* If  we  are  not  yet  at  the  valid  level  or  have  already 

* marked  this  name  as  validated,  bail  out. 

*/ 


if  ( name->n . t rus t va l < thresh  ||  N AM E L E V E L ( Sna m e-> n ) ) 
return  list; 

/ * Passed  threshold  - label  with  certification  level.  * / 
NAMESETLEVEL(&name->n,  level); 
key  = name->n.up; 
assert(OBJISKEYCkey)); 

if  ( key->g . f lags  S KEY  F_T  RUSTED  ||  /*  Already  listed? 

key->k.  trust  & PG P_KE Y T R U S T F_R E VO KE D ) 
return  list; 

#if  PRINT  PROGRESS 


ringKeyIDprintCstdout, 

Potential  introducer:  first  userlD  trust  >=  1 on  keylD 

key->  key  I D ) ; 


# e n d i f 


il 

/ 


key->k.util  = (struct  RingKey  *)list; 
key->g. flags  |=  KE Y F_T R U S T E D ; 
return  &key->k; 


ini 

/ 


*/ 


" ' ) ; 


/ * 

* Add  "inc"  trust  to  each  name  signed  by  a valid  signature  on 

* the  "sigs"  list.  If  the  trust  passes  "thresh",  add  the  resultant 

* key  to  the  list.  Return  the  expanded  list. 

* 

* Signatures  that  are  expired  or  have  been  superseded  are  weeded  out. 

* Note  that  a postdated  signature  does  not  supersede  one  dated  yesterday! 

* / 

static  struct  RingKey  const  * 

mntWalkSigLi stCstruct  RingSig  const  *sigs,  struct  RingKey  const  * l i s t , 
int  const  inc,  int  const  thresh,  ringmask  const  mask, 
w o r d 3 2 const  timenow,  int  const  level) 

{ 

struct  RingSig  const  *cur; 
while  (sigs)  { 

/*  Find  the  first  valid  checked  signature  under  the  mask.  */ 
if  ( ! (sigs->trust  S P G P_S I G T R U S T F_C H E C K E D ) 

||  !(sigs->mask  S mask) 

||  ! mn t S i g I s Va l i d ( t i me  now , s i g s -> t s t a mp , s i g s -> va  l i d i t y ) ) 

{ 

sigs  = sigs->nextby; 
continue; 

> 

/*  The  first  candidate  signature  */ 
cur  = sigs; 
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> 


/* 


* Search  all  other  signatures  by  this  key  on  the  same  object 

* for  the  most  recent  valid  signature,  which  is  the  only 

* one  which  is  accorded  any  weight.  We  use  the  fact  that 

* after 

* / 

while  ((sigs  = s i g s -> n e x t by ) !=  NULL  &&  sigs->up  ==  cur->up) 

/ * 

* So  now  that  the  signature  at  the  front  of  the  sigs 

* list  is  on  the  same  thing  as  "cusrig",  consider 

* replacing  cur,  if  the  new  signature  is  is 

* checked  good,  valid,  under  the  right  mask,  and 

* more  recent  than  cur. 

* 

* Compute  the  age  using  unsigned  arithmetic  and 

* compare  the  ages,  so  postdated  signatures  will 

* result  in  an  age  that  appears  extremely  old  due 

* to  wrapping  mod  UINT_MAX  and  will  not  displace 
★valid  signatures. 

*/ 


if  (sigs->trust  & PG P_S I GT R U S T F_C H E C KE D 
&&  sigs->mask  & mask 

&&  timenow  - cur->tstamp  > timenow  - sigs->tstamp 
&&  mn t S i g I s V a l i d ( t i me  no w , s i g s -> t s t a mp , 

sigs->validity)) 

cur  = sigs; 


/*  Do  the  trust  computations  on  the  resultant  signature.  */ 
list  = mntDoSigCcur,  list,  inc,  thresh,  timenow,  level); 

> 

return  list; 


/ * 

* Walk  a list  of  keys  (linked  through  the  util  field),  adding  the 

* appropriate  trust  values  to  the  names  the  key  has  signed. 

* / 

static  struct  RingKey  const  * 


mn t L i s t ( s t r u c t RingKey 
ringmask  const 

{ 

struct  RingKey 
int  trustinc; 

const 

mask. 

★list,  int  const  addC8],  i 
word32  const  timenow,  unsi 

nt  const  threshold, 
gned  const  level) 

const 

★newlist; 

for  (newlist  = 

0;  l i 

st;  list  = 

list->util)  t 

assert ( l i st->f  lags  & KE Y F_T R U S T E D ) ; 

trustinc  = add C l i s t-> t r us t & PG P_KE YT R U S T_M A S KU ; 

# i f PRINT_PROGRESS 

printfC,  "Adding  %d/%d  trust  from  ",  trustinc,  threshold) ; 
ringKeyPrintCstdout,  (struct  RingPool  *)0,  list); 

# e nd  i f 
#if  0 

/ * 

* aaa  PGP  2.x  allows  disabled  keys  to  participate  in 

* trust  computation.  Should  this  be  added? 

*/ 
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#end  i f 


> 


if  ( l i st->t rust  & ( PG P_KE YT R U S T F_D I S A B L E D ) ) 
continue; 

if  (trustinc  <=  0) 
continue; 

newlist  = mntWalkSigl_ist(&list->sigsby->s,  newlist,  trustinc, 

threshold,  mask,  timenow,  level); 


return  newlist; 

} 

#else  /*  IOLDTRUST  - new  trust  model!  */ 

/* 

* This  finds  the  combined  trust  value  given  two  trusts  which 

* are  arranged  in  series.  Trust  values  are  actually  the 

* scaled  negative  logarithms  of  *distrust*,  so  assuming 

* independent  failures,  two  signatures  in  parallel  have  a 

* distrust  which  is  the  product  of  the  input  distrusts,  and 

* we  only  have  to  add  the  trust  values.  But  when  they're 

* in  series,  we  want  to  multiply  the  *trusts*,  and  it  gets  hairier... 

* This  is  a quick  and  dirty  brute-force-and-ignorance  approach. 

* I know  of  better  solutions,  but  haven't  had  time  to  do  the 

* necessary  numerical  analysis. 

* 

* aaa  Optimize  this  code 

★ 

* Given  tl  = log(p1)/k  and  t2  = log(p2)/k,  where  pi  and  p2  are 

* probabilities  that  are  bounded  between  0 < p1,p2  <=  1,  find 

* t3  = log(1  — (1— pi )*(1-p2))/k 

* = l og ( 1 - ( 1 -exp ( 1 1 * k ) ) * ( 1 -exp ( t 2 * k ) ) ) / k . 

* = loglpl  + p2  - p1*p2) 

* = log  (exp( 1 1 *k)  + exp(t2*k)  - e x p ( 1 1 * k ) * e x p ( t 2 * k ) ) / k 

* k is  chosen  to  make  the  logs  come  out  right, 

* so  that  an  increment  of  T R U S T_D  E C A D E corresponds  to  1/10. 

* I.e.  exp ( TRUST_DEC ADE*k ) = 1/10 

* =>  T R U S T_D  E C A D E * k = log(1/10) 

* =>  k = - l og ( 1 0 ) /TRUST_DEC ADE; 

* Well,  actually  there's  an  additional  factor  of  T R U S T_C E R T S H I F T 

* thrown  in  there,  a factor  of  64  which  allows  probabilities  down  to 

* 1 0 A - 2 5 and  a granularity  of  + / - 0 . 0 9 % in  trust  values. 

* Note  that  p1+p2-p1*p2  = pi  + p2*(1-p1)  >=  pi,  so  the  output 

* probability  is  always  greater  than  either  of  the  input  probabilities, 

* so  t3  is  always  less  than  tl  or  t2.  Thus,  the  computation  can't 

* overflow. 

* 

* I'd  prefer  to  somehow  evaluate  it  directly  in  log  form,  using 

* something  like  Zech's  log  function  to  evaluate  it. 

* H'm...  an  alternate  evaluation  technique... 

* pi  * (1  + p 2 / p 1 ( 1 - p 1 ) ) 

* = pi  * ( 1 + p 2 * ( 1 /pi  -1  ) ) 

* Choose  pi  as  the  larger  of  the  two...  does  this  lead  to  anything? 

* Yes.  Two  tables  of  size  771  (=  ceil(log(2)*40*64))  will  allow  you 

* to  evaluate  (1/pl— 1 ) directly,  guaranteed  to  round  down,  and  then 

* I think  something  similar  will  do  for  (t+1).  For  the  (1 /pi— 1 ) 

* evaluation,  do  the  entries  for  pi  from  1 to  1/2  directly,  and 

* past  that,  the  value  of  (1  /pi— 1 ) differes  from  the  value  of 

* 1 / p 1 by  at  most  77 1.  Record  in  another  table  the  values  at 
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* which  the  delta  changes,  do  a binary  search,  and  use  the  index  as 

* the  delta. 

*/ 

# i n c l ud e <math.h> 

# i f nd  e f M_LN 1 0 

#define  M_LN10  2.30258509299404568402  /*  ln(10)  */ 

#end  i f 

static  word16 

me rg e t r u s t ( wo rd 1 6 tl,  word16  t2) 

static  double  const  k = -M_LN10  / PG P_T R U S T_D E C A D E ; 
double  p,  q; 

/*  Saturate  at  infinity  */ 
if  (tl  ==  ( w o r d 1 6 ) PG P_T R U S T_I N F I N I T E ) 
return  t 2 ; 

if  ( t 2 ==  (word16)  PG P_T R U ST_I N F I N I T E ) 
return  tl; 
p = exp(t1*k); 
q = exp(t2*k); 

/*  Round  down  for  conservative  estimate  */ 
return  (word16)floor(log(p  + q - p*q)/k); 

> 

/* 

* Compute  the  trust  value  associated  with  a key.  This  is  the 

* weight  given  to  signatures  made  by  that  key.  The  decision  is  based 

* on  the  validity  of  the  key's  name  (how  sure  are  we  that  the  name 

* belongs  to  that  key)  and  confidence  (how  much  do  we  trust  the 

* named  individual).  The  product  of  those  two  gives  the  trust  in 

* the  key  as  a whole. 

* 

* If  the  key  is  a buckstop  key,  ignore  the  validity  and  just  take  the 

* confidence  as-is. 

* 

* If  there  are  multiple  names  on  a key,  compute  the  trust  for  each  and 

* use  the  maximum. 

* 

* BESTVALID  alternate  algorithm 

* 

* If  BESTVALID  if  set,  then  the  overall  trust  in  a key  is  determined 

* from  the  name  with  the  highest  validity.  In  the  case  of  a tie, 

* then  the  best  va l i d i t y * c o n f i d e n c e is  taken.  Thus,  overall  trust 

* is  computed  from  the  name  this  key  is  most  likely  to  belong  to. 

* / 

# i f nd  e f BESTVALID 
# d e f i n e BESTVALID  1 
#end  i f 


static  word16 


calctrust(struct  RingKey 

f 

const  * k , 

\ 

union  RingObject 

const  * n ; 

word16  cur,  best 

= 0; 

# i f BESTVALID 

word16  bestvalid 

II 

o 
> • 

# e nd i f 

ringmask  mask) 
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assertCKEYISKEY(k)); 


/*  For  BUCKSTOP  keys,  don't  worry  about  validity  or  confidence  */ 
if  ( k->  t r u s t & P G P_K  E Y T R U S T F_B  UCKSTOP) 
return  PG P_T RU S T_I N FINITE; 


for  ( n 

#if  BESTVALID 


# e l s e 

# e n d i f 


# i f BESTVALID 


# e l s e 


# e n d i f 


> 

return 


= k->down;  n;  n = n->g.next)  { 

if  ( OB J I SNAME ( n ) &&  (n->g.mask  & mask)  SS 
n->n. valid  >=  bestvalid) 

if  ( OB J I SNAME ( n ) SS  (n->g.mask  S mask)) 


{ 


> 


cur  = n 
if  (cur 

else  if 

else 


>n. confidence; 

= = PG  P_N  E W T R U S T_I NFINITE) 
cur  = n - > n . valid; 

(cur  ==  PG  P_N  E W T R U S T_U  NDEFINED) 
cur  = 0 ; 

cur  = me r g e t r u s t ( c u r <<  T R U S T_C E R T S H I F T , 

n - > n . valid); 


if  (n->n. valid  > bestvalid  || 

( n - > n . valid  ==  bestvalid  SS  cur  > best))  { 
best  = cur; 

bestvalid  = n - > n . valid; 

> 


if  (cur  > best) 

best  = cur; 


best; 


w o r d 1 6 

r i n g Ke y C a l c T r u s t ( s t r u c t RingSet  const  *set,  union  RingObject  *key) 
{ 

word16  trust; 

assert(OBJISKEYCkey)  ); 

assert(set->mask  S key->g.mask); 

trust  = c a l c t r u s t ( S key-> k , set->mask); 

trust  >>=  trust  <<  trust;  / * truncate  * / 

return  trust; 

} 


/ * 

* Add  confidence  to  the  name  signed  by  the  given  sig,  and  if  the  name 

* has  confidence  and  the  key  has  not  already  been  processed,  add  it 

* to  the  list.  Return  the  expanded  list. 

* 

* TODO:  Do  something  sensible  with  signatures  on  keys. 

*/ 

static  struct  RingKey  * 

mntDoSigCstruct  RingSig  const  *sig,  struct  RingKey  *list, 

word16  confidence,  word32  const  timenow,  int  const  level. 
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int  pass2) 

union  RingObject  *name/  *key; 
int  i ; 

byte  sigtype; 

assert(mntSigIsValid(timenow,  sig->tstamp,  sig->validity)); 

/*  Okay,  it  hasn't  expired,  check  that  we  have  a name  signature  */ 
name  = s i g - > u p ; 

if  ( ! OBJISNAME(name) ) { 

/*  aaa  Do  anything  here  with  signatures  on  keys?  */ 
return  list; 

> 


sigtype  = sig->type  8 0 x F 0 ; 
if  (sigtype  !=  PG P_S I GT Y P E_KE Y_G E N E R I C ) 
return  list; 
key  = name->n.up; 
assert(OBJISKEY(key)); 

/*  Do  not  add  confidence  from  a key  to  itself  */ 
if  (key  ==  s i g->by ) 
return  list; 

/ * 

* There  are  two  passes:  first  we  add  trust  from  keys  at  one  level 

* to  keys  on  the  next  level,  then  we  add  trust  from  keys  at 

* that  level  to  each  other.  Pass2  is  a flag  controlling  which 

* we  do. 

* Oh,  names  which  we  have  no  confidence  in  as  introducers 

* get  their  certainty  added  from  all  levels,  since  they  cannot 

* participate  in  cycles.  This  is  done  during  pass  1. 

* So,  during  pass  1: 

* - Ignore  names  on  keys  that  we  have  already  recorded  that  are 

* at  levels  less  than  the  current  one. 

* And  during  pass  2: 

* - Ignore  names  other  than  ones  at  the  specified  level  on  keys 

* that  *are*  trusted.  (On  keys  that  are  not  will  get  added 

* next  iteration). 

*/ 


i = NAMELEVEL(8name->n) ; 
if  (!pass2)  { 

/ * Pass  1 */ 
if  ( ! i ) 


> else 


> 


NAMESETLEVEL(8name->n,  level); 
else  if  (i  < level  88  key->g. flags  8 KE Y F_TRUSTED ) 
return  list; 

/ * Pass  2 * / 

if  (i  ! = level  ||  ! ( k ey-> g . f l a g s 8 KE Y F_T RU S T E D ) ) 

return  list; 


/*  Okay,  now  add  the  confidence  if  needed.  Do  special 
checks  for  infinite  confidence  and  validity.  */ 

if  (confidence  ==  PG P_T R U S T_I N F I N I T E ) 

name->n  . va  l i d = PG P_T R U S T_I N F I N I T E ; 
else  if  ( name->n . va l i d !=  PG P_T RU S T_I N F I N I T E ) { 
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/* 


> 


> 


name->n. valid  +=  confidence; 

/ * 

* Saturate  on  overflow.  65535  is  reserved  for  "perfect". 

* 65534  is  2.5164  * 10A-26,  2A-85. 

* / 

if  ( name->n  . va  l i d + 1 <=  confidence) 

name->n. valid  = (word16)  P G P_T  R U S T_M  A X ; 


/ * 

* Don't  add  keys  to  the  list  if: 

* - Already  on  list 

* - Key  is  revoked  (confidence  is  zero  then) 

* - Name  has  no  confidence 

* Currently,  disabled  keys  *are*  allowed  on  the  list, 

* to  participate  in  trust  transactions.  Disabling  only 

* affects  key  selection.  This  is  PGP  2.x  compatible. 

* 

* Once  a key  is  on  the  list,  only  one  more  round  of  adding 

* certainty  to  its  names  is  possible,  since  two  rounds  could 

* create  cycles  that  correcting  for  is  difficult.  Thus, 

* we  want  to  avoid  putting  things  on  the  list  unnecessarily, 

* but  prefer  to  weed  out  everything  possible  now. 

*/ 

if  ( key->g . f lags  & KEY  F_T  RUSTED  /*  Already  listed?  */ 

||  key->k.  trust  8 PGP_KEYTRUST F_REV0KED 

|j  key->k. trust  8 PG P_KE Y T R U S T F_D I S AB L E D */  /*PGP  2.x  compatible*/ 
||  ! n a me-> n . c o n f i d e n c e ) 

return  list; 

key->k.util  = (struct  RingKey  * ) list; 
key->g. flags  |=  K E Y F_T R U S T E D ; 
return  8key->k; 


/* 

* Add  confidence  to 

* the  "sigs"  list. 

* key  to  the  list. 

* 


each  name  signed  by  a valid  signature 
If  the  trust  passes  "thresh",  add  the 
Return  the  expanded  list. 


on 

resultant 


* Signatures  that  are  expired  or  have  been  superseded  are  weeded  out. 

* Note  that  a postdated  signature  does  not  supersede  one  dated  yesterday! 

* / 


static  struct  RingKey  * 

mntWalkSigList(struct  RingSig  const  *sigs,  struct  RingKey  *list, 

word16  confidence,  ringmask  const  mask,  word32  const  timenow, 
int  const  level,  int  pass2) 

{ 

struct  RingSig  const  * c u r ; 
while  (sigs)  { 

/*  Find  the  first  valid  checked  signature  under  the  mask.  * / 
if  ( ! ( s i gs->t rust  8 PG P_S I GT R U S T F_C H E C KE D ) 

||  !(sigs->mask  8 mask) 

||  ! mnt S i g I sVa l i d ( t i menow,  s i g s -> t s t a mp , s i g s-> va l i d i ty ) ) 

{ 

sigs  = sigs->nextby; 
continue; 

> 

/*  The  first  candidate  signature  */ 
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cur  = sigs; 


/ * 

* Search  all  other  signatures  by  this  key  on  the  same  object 

* for  the  most  recent  valid  signature,  which  is  the  only 

* one  which  is  accorded  any  weight.  We  use  the  fact  that 

* after  r i n g Poo  l L i s t S i g s By  places  all  signatures  on 

* the  same  object  together  in  the  sigsby  list. 

* / 

while  ((sigs  = sigs->nextby)  !=  NULL  & & sigs->up  ==  cur->up) 

C 

/* 


> 


* So  now  that  the  signature  at  the  front  of  the  sigs 

* list  is  on  the  same  thing  as  "cusrig",  consider 

* replacing  cur,  if  the  new  signature  is  is 

* checked  good,  valid,  under  the  right  mask,  and 

* more  recent  than  cur. 

■ k 

* Compute  the  age  using  unsigned  arithmetic  and 

* compare  the  ages,  so  postdated  signatures  will 

* result  in  an  age  that  appears  extremely  old  due 

* to  wrapping  mod  UINT_MAX  and  will  not  displace 

* valid  signatures. 

* / 

if  (sigs->trust  & PG P_S I G T R U S T F_C H E C K E D 
SS  sigs->mask  S mask 

& & timenow  - cur->tstamp  > timenow  - sigs->tstamp 
&&  mnt S i g I sVa l i d ( t i menow,  s i g s -> t s t amp , 

sigs->validity)) 

cur  = sigs; 


/*  Do  the  trust  computations  on  the  resultant  signature.  */ 
list  = mntDoSig(cur,  list,  confidence,  timenow,  level,  p a s s 2 ) ; 

> 

return  list; 


/ * 

* Walk  a list  of  keys  (linked  through  the  util  field),  adding 

* appropriate  trust  values  to  the  names  the  key  has  signed. 

*/ 


static  struct  RingKey  const  * 

mn t L i s t ( s t r u c t RingKey  const  *list,  ringmask 
word32  const  timenow,  unsigned  const 


struct  RingKey  * n e w l i s t ; 
struct  RingKey  *cur; 
word16  confidence; 


const  mask, 
level) 


the 


/*  Do  first  pass,  adding  trust  from  old  list  to  new  things  */ 
for  (newlist  = NULL;  list;  list  = list  — >uti  l)  { 
assert ( l i st->f  lags  & KE Y F_T R U S T E D ) ; 
confidence  = calctrust(list,  mask); 
if  ( ! confidence) 
continue; 

newlist  = mn t W a l k S i g L i s t ( S l i s t -> s i g s by-> s , newlist,  confidence, 

mask,  timenow,  level,  0); 


> 
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/ * 

* Do  second  pass,  adding  trust  from  new  list  to  itself. 

* The  overall  confidence  for  each  key  must  be  calculated 

* before  the  second  pass  begins  to  avoid  artificially  high 

* confidence  values  caused  by  loops.  Using  a new  field 

* 1 l i s t -> c o n f i d e n c e ' increases  the  size  of  each  key  object 

* by  2 bytes  (35)5)  can  we  avoid  this?) 

* / 

for  (cur  = newlist;  cur;  cur  = cur->util)  ( 
assert ( cur->f  lags  & KE Y F_T R U S TE D ) ; 
cur->conf  idence  = calctrustCcur,  mask); 

} 

for  (cur  = newlist;  cur;  cur  = cur->util)  { 
if  ( ! cur->conf idence) 
continue; 

newlist  = mntWalkSigList(&cur->sigsby->s,  newlist, 

cur->conf idence, 

mask,  timenow,  level,  1); 

> 

return  newlist; 

} 

# e n d i f / * ! OLDTRUST  * / 

/* 

* Return  1 if  nl  should  be  listed  before  n2;  0 if  they're 

* equivalent  and  the  relative  order  should  be  unchanged,  and  -1 

* if  it  should  be  the  other  way  around. 

* 

* All  non-names  should  be  before  all  names;  non-names  are  left  in 

* their  original  order. 

*/ 

static  i n t 

mn t C ompa reName s ( un i on  RingObject  const  *n1,  union  RingObject  const  *n2, 
word32  const  timenow) 

{ 

word32  t 1 , t 2 ; 
word32  age; 

union  RingObject  const  * s i g ; 
i n t i ; 

/*  Test  0:  non-names  always  come  first  */ 
if  (iOBJISNAME(nl)) 

return  0 B J I S N A M E ( n 2 ) ? 1 : 0; 

if  ( ! OB J I SNAME  ( n2  ) ) 
return  -1; 


/*  Test  1:  more  trusted  */ 
i = (n1->n. trust  & PG P_N A M E T R U S T MASK)  - 


( n2->n  . 

trust 

s 

P G P_N  A M E T R U S T_M  ASK) ; 

i f 

( i ) 

return 

i > 0 

9 

1 : -It- 

/* 

Test 

2 : more 

recent 

self -signature  * / 

/* 

Find 

age  of 

most 

recent  self-sig  on  namel 

tl 

= t i 

menow; 

for  (sig  = n1->g.down;  sig;  sig  = sig->g.next)  f 

if  ( ! 0 B J I S S I G ( s i g ) ||  sig->s.by  !=  n1->g.up) 
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continue; 

/ * Not  a self-sig  * / 

i f 

( ( s i g->  s . trust  S 

PGP_SIGTRUSTF_CHECKED)  ==  0) 

continue; 

/*  Not  valid  */ 

age 

= timenow  - sig 

->s  . tstamp; 

i f 

(age  > tl) 

continue; 

/*  Too  old  or  postdated  */ 

i f 

( (unsigned) (age 

/ 86400)  > s i g->s . va l i d i ty-1 u ) 

continue; 

/*  expired  */ 

1 1 

= age; 

J 

/ * 

Fi 

nd 

age 

of  most  recent 

self-sig  on  name2  */ 

1 2 

= 

timenow; 

for 

( 

s i g 

= 

n2->g . down;  sig; 

sig  = si g->g . next ) ( 

i f 

( lOBJISSIG(sig) 

||  sig->s.by  !=  n1->g.up) 

continue; 

/ * Not  a self-sig  */ 

i f 

((sig->s. trust  & 

PGP_SIGTRUSTF_CHECKED)  ==  0) 

continue; 

/ * Not  valid  */ 

age 

= timenow  - sig 

->s. tstamp; 

i f 

(age  > tl) 

continue; 

/*  Too  old  or  postdated  */ 

i f 

( (unsigned)  (age 

/ 86400)  > s i g->s . va l i d i ty-1 u ) 

continue; 

/ * expired  * / 

1 2 

= age; 

J 

i f 

( 1 1 ! 

= 1 2 ) 

return  ( t 1 < t2  ? 1 

: -1); 

OLDTRUST 

/ * 

Test 

3 : 

lower  certificat 

ion  depth  * / 

if  (NAMELEVEL(&n1->n)  !=  N A M E L E V E L ( & n 2 -> n ) ) 
return  ((unsigned)NAMELEVEL(&n1->n) 


1 u < 


(unsigned)NAMELEVEL(&n2->n)  - 1u)  ? 1 : -1; 


tt  e L s e 


/*  Test  4:  more  trust  accumulated  */ 
if  (n1->n. trustva l !=  n 2 -> n . t r u s t v a l ) 

return  n 1 -> n . t r u s t va l > n2->n.trustval  ? 1 


/*  Test  3:  More  certainty  */ 
if  (n1->n. valid  !=  n2->n. valid) 

return  n1->n. valid  > n2->n. valid  ? 1 

/*  Test  4:  lower  certification  depth  */ 
if  (NAMELEVEL(&n1->n)  !=  N A M E L E V E L ( & n 2 -> n ) ) 
return  ((unsigned)NAMELEVEL(Sn1->n) 
(unsi gned)NAMELEVEL(Sn2->n) 


-1 ; 


1u  < 

1 u)  ? 1 


U e n d i f 


> 

/ * 


/*  Okay,  give  up  - declare  'em  equal  */ 
return  0 ; 


★ 

Sort 

the 

names  in  the  gi 

★ 

This 

may 

result  in  some 

★ 

-1- 

k e y r i 

ngs 

is  returned. 

X 

★ 

This 

i s a 

selection  sort 

goodness"  measure. 
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★ for  the  small  n we  have  here  (5  names  on  a key  is  pretty  unusual!), 

★ and  it  makes  figuring  out  which  keyrings  need  dirtying  much  easier. 

★ 

* The  technique  is  perhaps  not  entirely  obvious,  so  I'll  explain  it. 

* Selection  sort  involves  searching  the  unsorted  list  for  the  object  (name) 

* that  should  go  first  (referred  to  as  the  best  element  in  the  code),  and 

* then  removing  it  and  placing  it  at  the  end  of  the  (initially  empty) 

* sorted  new  list.  We  keep  track  of  the  union  of  the  masks  of  the  objects 

* that  the  best  object  skips  in  front  of.  When  we  reach  the  end  of  the 

* unsorted  list,  and  the  best  pointer  (and  the  bestmask)  is  known  for 

* sure,  all  keyrings  which  the  best  object  is  in  and  have  been  skipped 

* over  (i.e.  bestmask  & best->mask)  are  dirty. 

* / 

static  ringmask 

mntSortNameLi st ( uni  on  RingObject  **objp,  word32  const  timenow) 

{ 

union  RingObject  *newhead,  **newtail; 
union  RingObject  *cur,  **curp; 
union  RingObject  *best,  **bestp; 
ringmask  curmask,  bestmask; 
ringmask  dirtymask  = 0 ; 

newtail  = Snewhead; 

/★  Loop  until  unsorted  list  is  empty  ★ / 
while  ( *ob  j p ) { 

/ ★ Default  best  is  head  of  list  ★ / 
bestp  = objp; 
best  = * b e s t p ; 
bestmask  = 0; 

/★  Search  rest  of  list  for  a better  name  ★ / 
curp  = &best->g . next; 
curmask  = best->g .mask; 
while  ((cur  = * c u r p ) !=  0)  { 

if  ( mn t Compa r eName s ( be s t , cur,  timenow)  < 0)  { 
bestp  = curp; 
best  = cur; 
bestmask  = curmask; 

> 

curmask  |=  cur->g .mask; 
curp  = &cur->g.next; 

} 

★bestp  = best->g.next; 

dirtymask  |=  bestmask  S b e s t -> g . ma s k ; 

★newtail  = best; 
newtail  = 8best->g.next; 

> 

★objp  = newhead; 

★newtail  = NULL; 
return  dirtymask; 


/ ★ 

* Sort  the  names  of  each  key  under  the  given  mask  with  the  mntSortNameLi st 

* function.  The  mask  applies  only  to  the  keys;  all  names  are  sorted, 

* even  if  they  don't  fall  under  the  mask.  And  any  keyrings  may  be  dirtied 

* by  this  operation. 
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*/ 

static  void 

m n t S o r t N a m e s ( s t r u c t RingSet  const  *set,  word32  const  timenow) 
{ 

union  RingObject  * k e y ; 
ringmask  dirtymask  = 0 ; 


/* 

tor 


> 


Sort  all  the  keys  * / 

(key  = set->pool->keys;  key;  key  = key->g.next) 
assert(OBJISKEYCkey)); 
it  (key->g.mask  & set->mask) 

dirtymask  |=  mn t S o r t N a me L i s t ( & k e y-> g 


{ 


. down. 


timenow)  ; 


/*  Deal  with  the  dirtymask  */ 
ringPoolMarkDi rty(set->pool,  di rtymask); 


/ * 

* Add  the  "interesting"  objects  under  the  given  parent  to  the  destmask. 

* An  signature  is  interesting  it  it's  by  the  given  key  or  by  a trusted 

* introducer.  A name  is  interesting  it  its  trust  is  above  a given  threshold. 

* Anything  else  (the  only  real  choice  is  a secret)  is  by  detinition 

* interesting. 

* / 


ft  i t OLDTRUST 
static  void 

mn t Ma r k I n t e r e s t i ng  ( un i on  RingObject  *obj,  union  RingObject  const  *key, 
int  thresh,  ringmask  srcmask,  ringmask  destmask) 

{ 


tor  (obj  = obj->g.down;  obj;obj  = obj->g.next)  { 
if  ( ! ( ob j ->g . ma s k & srcmask)) 
continue; 

s w i t c h ( r i ngOb j e c t Ty pe ( ob j ) ) { 
case  R I N G T Y P E_S I G : 

if  (obj->s.by  ==  key 

||  (obj->s.by->g. flags  & KEY  F_T  RUSTED 

&&  (obj->s .by->k. trust  & PG P_KE Y T R U S T_M A S K ) 
>=  P G P_KE  Y T R U S T_M  ARGINAL) ) 
break; 
continue; 

case  R I N G T Y P E_N  A M E : 

if  (obj->n.trustval  >=  thresh) 
break; 
continue; 
default: 

break; 


> 


} 


obj->g.mask  |=  destmask; 
if  ( ! OBJISBOKobj  ) ) 

mn t M a r k I n t e r e s t i n g ( o b j , key,  thresh, 

srcmask,  destmask); 


#else 

static  void 

mntMarklnteresti ng(union  RingObject  *obj,  union  RingObject  const  *key, 

word16  thresh,  ringmask  srcmask,  ringmask  destmask) 


{ 
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> 

# e n d i f 


for 


> 


(obj  = obj->g.down;  obj;obj  = obj->g.next)  { 
if  ( ! ( o b j -> g . ma s k & srcmask)  ) 
continue; 

s w i t c h ( r i ng 0 b j e c t Ty pe ( o b j ) ) f 
case  R I N G T Y P E_S I G : 

if  (obj->s.by  = = key 

||  (obj->s.by->g. flags  & KEY  F_T  RUSTED 
&S  ( ob j -> s . by-> k . c o n f i d e n c e > 0))) 
break; 
continue; 

case  R I N G T Y P E_N  A M E : 

if  ( o b j -> n . v a l i d >=  thresh) 
break; 
continue; 
default: 

break; 

} 

obj->g.mask  |=  destmask  ; 
if  (lOBJISBOT(obj)) 

mn t Ma r k I n t e r e s t i n g ( o b j , key,  thresh, 

srcmask,  destmask); 


/* 

* Run  the  maintenance  pass  on  the  keyring.  At  the  end,  any  keys  which 

* are  flagged  with  KEY  F_T  RUSTED  but  still  have  P G P_KE Y T R U S T_U N D E F I N E D 

* to  have  their  trusts  updated.  Returns  the  number  of  such  keys,  or 

* <0  on  error.  (Currently  impossible.) 

* / 


i n t 

ringMnt(struct  RingSet  const  *set,  struct  RingSet  *dest,  word32  const  t 
{ 


# i f 


struct  RingKey  const  *list 
union  RingObject  *key,  *ch 
struct  RingSig  *sig; 
unsigned  level;  / * Trust  l 
unsigned  t; 

unsigned  long  count;  / * 
ringmask  mask  = set->mask; 
ringmask  changemask  = 0; 


i l d ; 

evel  and  certification  depth  */ 

Count  of  keys  needing  trust  assigned 
/*  Keyrings  with  altered  trust 


! OLDTRUST 


word16  validity; 
union  RingObject  * o b j ; 

# e l s e 

int  trustCPG  P_K  E Y T R U S T_M  ASK  + ID; 
int  thresh; 


/* 

* Set  up  the  trust  table.  The  non-zero  entries  are  1/partials 

* 1/completes,  and  1,  all  scaled  by  c omp l e t e s * pa r t i a l s , except 

* that  completes  or  partials  set  to  0 means  "infinite". 

*/ 

for  (t  = 0;  t < sizeof(trust)/sizeof(*trust);  t + + ) 
trustCt]  = 0; 

trustCPG  P_K  E Y T R U S T_M  ARGINALD  = 1; 
trustCPG  P_K  E Y T R U S T_C  OMPLETED  = 1; 
trustCPG  P_K  E Y T R U S T_U  LTIMATED  = 1; 


need 

i m e n o w ) 


*/ 
* / 
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# e nd  i f 


if  ( set->poo  L->num_ma  rg  i na  L s ) -C 

trustCPG  P_K  E Y T R U S T_C  OMPLETE]  = 
trustCPG  P_K  E Y T R U S T_U  LTIMATE]  = 

> else  { 

trustCPG  P_K  E Y T R U S T_M  ARGINAL3  = 

> 

if  ( s e t -> poo l -> n um_c omp l e t e s ) f 

trustCPG  P_K  E Y T R 1)  S T_M  ARGINAL]  = 
trustCPG  P_K  E Y T R U S T_U  LTIMATEJ  * 

> else  -C 

trustCPG  P_K  EYTRUST_COMPLETE]  = 

} 

thresh  = t r u s t C PG P_K E Y T R U S T_U LT I M A T E J ; 


set->pool->nu  m_m  arginals; 
set->pool->nu  m_m  arginals; 

0; 


set->pool ->  n um_c  omp l e t e s ; 
set->pool ->  n um_c  omp l e t e s ; 

0; 


assertC  ! dest  ||  set->pool  ==  dest->pool); 
assertddest  | | RINGSETISMUTABLE(dest)  ) ; 

/ * 

* Preprocessing:  reset  all  name  trusts  to  0,  and  initialize  list 

* of  trusted  keys  to  the  axiomatic  ones. 

*/ 

list  = 0 ; 

for  (key  = set->pool->keys;  key;  key  = key->g . next ) C 
assert(OBJISKEYCkey) ); 
if  ( ( k e y-> g . ma s k S mask)  ==  0) 
continue; 


#if  OLDTRUST 

# e l s e 

# e n d i f 


key->g.  flags  &=  ~ KE Y F_T R U S T E D ; 

for  (child  = key->k.down;  child;  child  = child->g.next)  ( 
if  ( c h i l d->g  . ma s k S mask  &&  OB J I S N A M E ( c h i l d ) ) t 


child->n.trustval  = 0; 
chi  ld->n. valid  = 0; 


> 


NAMESETLEVEL(Schi  ld->n,  0); 


> 


/ * 

* Find  each  key's  revoked  status  - find 

* the  most  important  self-signature. 

* / 

s i g = 0 ; 

for  (child  = key->g.down;  child;  child  = child->g.next)  { 


/ * 

* Ignore  sigs  by  others,  unchecked  sigs, 

* postdated  sigs,  and  expired  sigs. 

* aaa  T0D0:  change  the  CHECKED  and  TRIED  bits 

* For  untried  revocation  sigs,  accept  them  if  key's 

* trust  bits  already  show  it  as  revoked.  PGP  2 does 

* not  store  trust  packets  on  revocation  signatures. 


*/ 


if  ( ! ( c h i l d->g . ma s k & mask) 

||  lOBJISSIG(child) 

||  child->s.by  !=  key 

||  ! ( c h i ld->s  . t r us t & P G P_S I GT R U S T F_C H E C KE D ) / * a a a * / 

||  (!  (chi  ld->s . trust  & PG P_S I G T R U S T F_T R I E D ) && 

(key->k.  trust  & PG P_K E Y T R U S T F_R E V0 KE D ) ) 
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| | !mntSigIsValid(timenow,  child->s.tstamp, 

chi L d->  s . validity)) 

continue; 

/*  Any  compromise  certificate  wins,  period.  */ 
if  (chi  Ld->s  . type  ==  PG P_S I G T Y P E_KE Y_C OM P R 0 M I S E ) { 

sig  = &child->s; 
break; 

} 

/*  Among  others,  choose  the  most  recent  */ 
if  ( ! s i g || 

timenow  - sig->tstamp  > timenow  - c h i L d-> s . t s t a mp ) 
sig  = &child->s; 

> 

/*  Revocation  is  a function  of  compromise  certificates  */ 
if  (sig  &&  sig->type  ==  PG P_S I G T Y P E_KE Y_C 0 M P ROM  I S E ) 

level  = key->k.  trust  | PG P_KE Y T R U S T F_R E VOKE D ; 

else 

level  = key->k. trust  & ~ PG P_KE Y T R U S T F_R E VO KE D ; 

if  ( k ey-> k . t r u s t !=  level)  { 

key->k.  trust  = (byte)  level; 

key->g. flags  |=  R I N G OB J F_T R U S T C H AN G E D ; 

changemask  |=  key->g.mask; 

> 


/* 
i f 


/* 

ft  i f OLDTRUST 
U e n d i f 

) 

C 

ft i f PRINT_PROGRESS 
# e nd  i f 


Search  for  axiomatic  keys  at  root  of  graph  */ 
(key->g.mask  & mask 

S&  key->k. trust  & PGP_KE YTRUST F_BUCKSTOP 
&&  ! (key->k.  trust  & PGP_KE YTRUST F_REV0KED ) 

&&  ! (key->k.  trust  S PG P_KE Y T R U S T F_D I S AB L E D ) */ 

&&  t rust l key->k  . t rust  & PG  P_K  E Y T R U S T_M  ASK]  !=  0 


r i n g Key P r i n t ( s t d o u t , "Axiomatic  key:  ",  set. 


k e y ) ; 


ft i f iOLDTRUST 


ft e nd i f / * 

> 


IOLDTRUST  */ 
> 


key->k.util  = (struct  RingKey  * ) l i s t ; 

list  = &key->k; 

key->g. flags  |=  KE Y F_T RUSTED; 


for 


> 


(child  = key->g.down;child;child  = chi  l d - > g . next) 
i f (OBJ  ISNAME ( ch i Id)  ) 

c h i l d->n . va  l i d = (word16) 

PGP_TRUST_IN FINITE; 


{ 


/*  The  actual  trust  computation  */ 


r i ng Po o l L i s t S i g s By ( s e t -> poo  l ) ; /*  Canonicalize  these  pointers  */ 

/*  Propagate  the  trust  upwards  */ 
t = ( u n s i g n ed ) s e t -> poo l -> c e r t d e p t h ; 
for  (level  = 1;  list  &&  level  < t;  level++)  { 
ft  i f PRINT  PROGRESS 
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# e nd  i f 

#if  OLDTRUST 
ft  else 
tie  nd  i f 

> 


printf ("\nProcessing  certification  Level  %d\n",  level); 


list  - mntListClist,  trust,  thresh,  mask,  timenow,  level); 
list  = mntListClist,  mask,  timenow,  level); 


U if 


/*  Postprocessing:  set  the  various  trust  bytes,  */ 
count  = 0; 

OLDTRUST 


for 


(key  = set->pool->keys;  key;  key  = key->g.next)  { 
if  ( ! ( key->g . ma s k & mask)) 
continue; 

/*  Set  the  key  trust  bytes  */ 
t = key->k.  trust; 

if  (t  & P G P_K  EYTRUSTF_REVOKED)  { 

level  = P G P_K  E Y T R U S T_N  EVER; 

> 


else  if 
} 

else  if 


> 


( ! ( key->k  . f lags  & KE Y F_T R U S T E D ) ) { 
level  = PG  P_K  E Y T R U S T_U  NDEFINED; 


((level  = ( t & P G P_K  E Y T R U S T_M  ASK))  = = 

P G P_K  E Y T R U S T UNDEFINED) 


/*  Key  in  need  of  a trust  decision  */ 
count++; 

/*  Record  the  key  as  interesting  */ 
if  (dest)  L 

key->g.mask  |=  dest->mask; 

mn t M a r k I n t e r e s t i n g ( k e y , key,  thresh, 

mask,  dest->mask) 


> 


L 


t = level  | ( key->k  . t rust  & ~ PG P_KE Y T R U S T_M A S K ) ; 

if  ( k ey-> k . t r u s t !=  t)  L 
k ey->  k . trust  = t; 

key->g. flags  |=  R I N G OB J F_T RU S T C H A N G E D ; 
changemask  |=  key->g.mask; 

} 

key->g. flags  |=  R I N G OB J F_T R U S T ; 

/*  Set  the  signature  trusts  to  match  the  key  */ 
for  (sig  = &key->k.sigsby->s;  sig;  sig  = sig->nextby)  { 
if  (!(sig->mask  S mask)) 
continue; 

/*  Trust  is  either  key's,  or  NEVER  if  it's  a bad  sig  */ 
t = sig->trust  & ~ PG P_KE YT R U S T_M A S K; 
if  (si g->trust  & PG P_S I G T R U S T F_C H E C KE D ) 
t | = level; 

else 

t |=  P G P_K  E Y T R U S T_N  EVER; 
if  (sig->trust  !=  t) 

{ 

s i g->t  rust  = t ; 

sig->flags  |=  R I NGOB J F_T R U S T C H A N G E D ; 
changemask  |=  sig->mask; 

> 
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sig->flags  |=  R I NG 0 B J F_T RU S T ; 

> 

/*  Update  each  name's  trust  byte  */ 

for  (child  = key->k.down;  child;  child  = c h i l d->g  . n e x t ) C 
if  (!  (chi  ld->g .mask  & mask)  ||  ! OB J I S N AM E ( c h i l d ) ) 

continue; 

t = chi  ld->n . trust  & ~ P G P_N  A M E T R U S T_M  ASK; 
if  ( c h i l d-> n . t r u s t v a l >=  thresh) 

t |=  PG  P_N  A M E T R U S T_C  OMPLETE; 
else  if  (2  * c h i l d-> n . t r u s t va l >=  thresh) 
t |=  P G P_N  A M E T R U S T_M  ARGINAL; 

else 

t |=  P G P_N  A M E T R U S T_U  NTRUSTED; 

if  (child->n. trust  !=  t)  f 
child->n. trust  = t; 

chi  ld->g . f lags  |=  R I NG OB J F_T R U S T C H A NG E D ; 
changemask  |=  chi l d - > g . mask; 

> 

child->g.  flags  |=  R I N G OB J F_T R U S T ; 

> 

> 

#e  Ise  /*  ! OLDTRUST  */ 

/*  Note:  For  the  new  trust  model,  we  need  to  find  keys  that 
have  interesting  names,  as  trust  is  no  longer  assigned  to 
the  key,  but  to  each  name.  */ 

for  (key  = s e t->poo  l -> key s ; key;  key  = key->g.next)  f 
if  ( ! ( key->g . ma s k S mask)) 
continue; 

/*  Set  the  key  trust  bytes.  The  overall  confidence 
value  must  be  calculated  ( k . c o n f i d e n c e contains 
the  first-pass  confidence  value  prior  to  this  point)  */ 

key->k. confidence  = calctrust(&key->k,  mask); 

t = key->k. trust; 

if  (t  & PGP_KE YTRUSTF_REVOKED 

||  ! ( key->k  . f lags  & KE Y F_T R U S T E D ) ) { 

key->k. confidence  = 0; 

> else  if  ( key-> k . c o n f i d e n c e ==  0)  f 

/*  If  at  least  one  name  has  undefined  confidence, 
mark  the  key  as  interesting.  */ 

for  (obj  = key->k.down;  obj;  obj  = obj->g.next)  ( 
if  (OBJ  ISNAME (ob j ) && 

obj->n.confidence  = = PG  P_N  E W T R U S T_U  NDEFINED)  i 
count++; 

/ * Record  the  key  as  interesting  */ 
if  ( d e s t ) { 

key->g.mask  |=  dest->mask; 
mn  t Ma  r k I n t e r e s t i ng  ( k ey  , key,  0, 
mask,  dest->mask); 

> 

break; 

> 
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> 


> / * end  for  * / 


Level  = key->k.  trust  & P G P_K E Y T R U S T_M A S K ; 

/*  Set  the  signature  trusts  to  match  the  key  */ 
for  (sig  = &key->k.sigsby->s;  sig;  sig  = sig->nextby)  t 
if  (!(sig->mask  & mask)) 
continue; 

/ * Trust  is  either  key's,  or  NEVER  if  it's  a bad  sig  * / 
t = sig->trust  & ~ PG  P_K  E Y T R U S T_M  ASK; 
if  (sig->trust  & P G P_S I G T R U S T F_C H E C KE D ) 
t | = level; 

e l s e 

t |=  P G P_K  E Y T R U S T_N  EVER; 
if  (sig->trust  !=  t) 

sig->trust  = t; 

sig->flags  |=  R I NGOB J F_T R U S T C H A NG E D ; 
changemask  |=  sig->mask; 

> 

sig->flags  |=  R I NG OB J F_T R U S T ; 

> 


/*  Update  each  name's  validity  byte  */ 

for  (child  = key->k.down;  child;  child  = child->g.next)  { 
if  (!(  chi  ld->g . mask  & mask)  ||  ! 0 B J I S N AM E ( c h i l d ) ) 

continue; 

if  ( c h i l d->n  . va  l i d = = PG P_T R U S T_I N F I N I T E ) 
validity  = PG P_N E WT R U S T_I N F I N I T E ; 

else  { 


validity  = child->n. valid  >>  T R U S T_C E R T S H I F T ; 
if  (validity  > PGP_NEWTRUST_MAX ) 

validity  = PGP_NEWTRUST_MAX; 

> 

if  (validity  !=  child->n. validity)  { 

child->n. validity  = (byte)  validity; 
child->g. flags  |=  R I NG OB J F_T R U S T C H A N G E D ; 
changemask  |=  chi l d - > g . mask; 

> 


/*  Convert  back  to  old  KEYLEGIT  values.  */ 
if  (validity  >=  s e t -> po o l -> t h r e s h o l d ) 

level  = P G P_N  A M E T R U S T_C  OMPLETE; 
else  if  (validity  >=  s e t -> poo l -> t h r e s h o l d / 2 ) 
level  = P G P_N  A M E T R U S T_M  ARGINAL; 

else 


level  = P G P_N  A M E T R U S T_U  NTRUSTED; 
t = level  | (child->n. trust  S ~ P G P_N AM E T RU S T_M A S K ) ; 
if  (t  ! = child->n. trust)  f 
child->n. trust  = t; 

child->g. flags  |=  R I N G 0 B J F_T R U S T C H A N G E D ; 
changemask  |=  chi  l d - > g . mask; 

> 


/*  Reset  n. valid  with  adjusted  value.  */ 
if  ( c h i l d->n . va l i d i ty  ==  PG P_N E WT R U S T_I N F I N I T E ) 
chi  ld->n. valid  = PG P_T R U S T_I N F I N I T E ; 

else 


c h i l d->n . valid  = 
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#end  i f 


> 

/* 


chi  ld->n. validity  <<  T RU S T_C E R T S H I F T ; 
chi  Ld  — >g.  flags  |=  R I NGOB J F_TRUST; 


/*  Rebuild  the  hash  table  */ 
ringPoolHash(set->pool); 

/*  Mark  all  keyrings  under  "changemask"  as  having  had  trust  change  */ 
ringPoolMarkTrustChanged(set->pool,  changemask); 

/*  Sort  the  names  333  do  we  want  this?  */ 
mntSortNames(set,  timenow); 

/*  Et  voila,  we're  done!  Return  number  of  trust  decisions  needed.  */ 
/*  (Saturate  on  overflow  if  16-bit  ints.)  */ 
return  count  > INT_MAX  ? INT_MAX  : (int)count; 


* Keyring  checking  code. 
*/ 


/ * 

* 

Count  the 

number 

* 

The  return 

value 

★ 

will  be  ca 

lied  by 

* 

NOTE  : this 

tries 

★ 

should  not 

die  if 

* / 

i n t 

r i n g Po o l C h e c k C ou n t ( s t r u c t RingSet  const  *sigset,  struct  RingSet  const  *keyset, 
int  allflag) 

{ 

ri  ngmask  sigmask  = sigset->mask; 
ringmask  keymask  = k e y s e t ->ma s k ; 
union  RingObject  const  * k e y ; 
struct  RingSig  const  * s i g ; 
unsigned  long  count  = 0; 

a s s e r t ( k e y s e t -> p o o l ==  s i g s e t - > p o o l ) ; 
ringPooll_istSigsBy(sigset->pool); 

for  (key  = sigset->pool->keys;  key;  key  = key->g.next)  { 
assert(OBJISKEY(key)); 

if  ( ( key-> g . ma s k & keymask)  ==  0 | | key->g. flags  & KEYF_ERR0R) 

continue;  / * Skip  dummy  keys  * / 

for  (sig  = &key->k.sigsby->s;  sig;  sig  = sig->nextby)  { 

/ * 

* Reasons  why  a signature  might  not  be  checked: 

* - Already  tested  and  not  allflag 

* - Not  in  sigmask 

* / 

if  ((sig->mask  & sigmask)  !=  0 
&&  (allflag 

| | ! (si g->trust&PGP_SIGTRUSTF_CHECKED_TRIED) ) ) 

count++; 
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> 


return  count  > I N T_M  A X ? I N T_M  A X : (int)count; 

} 

/ * 

* Set  the  signature  trust  to  the  given  value.  Returns  the  bitmask  of 

* changed  keyrings. 

*/ 

static  ringmask 

setSigTrustCstruct  RingSig  *sig,  byte  trust) 

{ 

if  (sig->trust  ==  trust) 
return  0; 

sig->trust  = trust; 

sig->flags  |=  R I N GOB J F_T R U ST C H A NG E D ; 
return  sig->mask; 

} 


/ * 
* 
* 
* 
* 
* 
* 
* 
* 


Check  the  signatures  on  a keyring.  Checks  unchecked  signatures, 
or  all  signatures  if  allflag  is  true. 


Checks  signatures  in 


" s i g s e t " 


if  they  are  made  by  keys 


in  "keyset". 


If  func  is  non-null,  calls  it  with  each  checked  signature,  after 
checking.  This  is  for  progress  indications. 


* Question:  should  signatures  be  checked  in  order  of  the  key  they're 

* on,  or  the  key  they're  by?  Should  this  be  guaranteed?  For  now,  use 

* the  2.x  order. 

* / 
i n t 

r i ng Poo l C h e c k ( s t r u c t RingSet  const  *sigset,  struct  RingSet  const  *keyset, 
int  allflag,  void  (*func)  (void  *,  struct  Ringlterator  *,  int), 
void  * a r g ) 


struct  Ringlterator  *i ter  = NULL; 
union  RingObject  *obj,  * k e y ; 

int  sp  = 0;  / * Iterator  level  (stack  pointer)  * / 

union  RingObject  *hashedCRINGMAXDEPTHD; 
struct  PgpHashContext  *hc; 

struct  PgpHashContext  * h c s t a c kC R I NGMAX D E PTH ] ; 

struct  PgpHash  const  *h,  *hnew; 

byte  const  *buf,  *extrabuf; 

struct  PgpPubKey  *pub; 

s i z e_t  l e n ; 

unsigned  extralen; 

ringmask  changemask  = 0;  / * Sets  that  have  had  trust  changed 

byte  tmpbufC3H; 

byte  t;  /*  Trust  on  current  signature  */ 

int  i ; 

union  RingObject  *name; 

assert(sigset->pool  ==  keyset->pool); 

for  (i  = 0;  i < R I N G M A X D E PTH ; i++)  { 

hashedCiT  = (union  RingObject  *)0; 
hcstackCiT  = (struct  PgpHashContext  * ) 0 ; 


★ / 
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iter  = ringlterCreate(sigset); 
if  (liter) 

return  P G P E R R_N 0 M E M ; 
h = (struct  PgpHash  const  * ) 0 ; 

while  ( ( sp  = r i n g 1 1 e r N e x 1 0 b j e c t An y w h e r e ( i t e r ) ) > 0)  { 

obj  = r i ng  1 1 e r C u r r e n t Ob j e c t ( i t e r , ( u n s i g n e d ) s p ) ; 

if  ( ! OBJ  ISSIG(obj ) ) 
continue; 
t = ob  j - > s . trust; 

if  (latlflag  &&  (t  S PG P_S I GT R U S T F_C H E C KE D_T R I E D ) ) 
continue; 

/*  If  the  superior  object  is  a name,  reset  the 
WARNONLY  flag.  */ 

name  = ringIterCurrentObject(iter, 

ringIterCurrentLevel(iter)-1  ); 

if  ( OB J I SNAME ( name  ) && 

( name->n  . t rust  & P G P_N A M E T R U S T F_W A R N 0 N L Y ) ) { 
name->n  . t rust  &=  ~ P G P_N A M E T R U S T F_W A R N 0 N L Y ; 
changemask  |=  name->g.mask; 

> 

/*  We  now  have  a signature  to  check  - clear  the  bits  */ 
t & = ~ PG  P_S IGTRUSTF_CHECKE  D_T  R I E D ; 

/*  See  if  we  have  the  key  */ 

key  = ringSigMaker(sigset,  obj,  keyset); 

if  ( ! key ) ( 

/ * Check  fails  * / 

changemask  |=  setSigTrust(Sobj->s,  t); 
continue; 

> 

/*  Some  reasons  that  we  might  not  be  able  to  check  it  */ 
if  (ob j->g . f lags  S S I G F_E  R R 0 R 

||  key->g. flags  S KEY  F_E  R R 0 R 

||  ( (obj ->g  . f lags  & S I G F_N0N F I V E ) SS  sp  ==  2) 

||  (hnew  = pg p H a s h By N umb e r ( ob j -> s . h a s h a l g ) ) ==  0) 

{ 

ringObjectRelease(key); 
goto  uncheckable; 

> 

/*  Get  the  key  that  made  the  signature  */ 

pub  = ringKeyPubKey(keyset,  key,  PG P_PKU S E_S I G N ) ; 

ringObjectRelease(key); 

if  ( ! pub ) { 

i = ringSetError(keyset)->error; 

/ * 333  ViaCrypt  self-signs  encryption-only  keys 
(as  they're  R S A , it's  possible),  but  PGP  3 
doesn't  tike  this.  Ignore  this  type  of 
signature.  * / 

if  ( ( i >=  P G P E R R_K  E Y_M I N &&  i <=  P G P E R R_K E Y_M A X ) || 
i ==  PGPERR  PUBKEY  UNIMP) 
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> 


goto  uncheckable; 

goto  fatal;  / * I/O  or  memory  error  * / 


/*  Okay,  "hnew"  is  the  current  hash.  Do  checking.  */ 
i = 0; 
for  ( ; ; ) { 

obj  = r i ng  1 1 e r C u r r e n t Ob j e c t ( i t e r , ++i); 
he  = hcstackCi-IH; 
if  (he  &&  hc->hash  !=  hnew)  { 
pgpHashDestroy(hc); 
he  = 0 ; 

> 

if  ( ! he)  { 

he  = pg p H a s h C r e a t e ( h n e w ) ; 
if  ( ! he  ) 

goto  nomem; 
hcstackCi-1]  = he; 

hashedCi-1]  = (union  RingObject  * ) 0 ; 

> else  if  ( h a s h e d C i -1  ] ==  obj)  { 

/*  Right  hash,  right  object  */ 
continue; 

> 


buf  = (byte  const  *)ringFetchObject(sigset,  obj,  Slen); 
if  ( ! bu  f ) 

goto  fatal; 


if  ( i 

if  ( i 
else 


= = sp ) 

break;  / * We've  hit  the  signature  * / 
= = 1 ) 

pgpHashlnit(hc); 
pgpHashCopy(hc,  hcstackCi-2]); 


/*  We  use  this  format  even  for  subkeys  */ 
if  (OBJISKEY(obj))  { 

trnpbufCOD  = PKTB  Y T E_BU  I L D ( PKTB  Y T E_PU  BKE  Y , 1); 
tmpbuflll]  = ( by  te  ) ( l en>>8  ) ; 
tmpbufC2]  = (byte)len; 
pgpHashl)pdate(hc,  tmpbuf,  3); 

> else  ( 

/*  Not  a signature,  this  must  be  a name  */ 
assert(i  = = 2); 
assert(OBJISNAME(obj  ) ); 

> 

pg pH  a s h U pda t e ( h c , buf,  len); 
hashedCi-ID  = obj; 

> 

/* 

* Okay,  "obj"  is  the  signature  again,  "he"  is  the 

* appropriate  hash  context,  and  the  signature  has 

* been  fetched. 

*/ 


extrabuf  = ringSigParseExtra(buf,  len,  Sextralen); 


/ * 
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* extralen  !=  5 Legal  only  if  sig  is  on  key  directly, 

* or  it  is  a new-f ormat  EXTENDED  type. 

* / 

i = -1;  / * flag  error  on  func  call  below  * / 

if  (sp  ==  2 ||  extralen  ==  5 || 

(extralen  > 5 && 

extrabuf [extra l e n- 5 ] & PG P_S I G T Y P E F_E X T E N D E D ) ) i 
/*  Hash  in  extra  bytes  for  signature  */ 
pgpHa s h Copy ( h c , h c s t a c k C s p-2  ] ) ; 
pgpHashUpdate(hc,  extrabuf,  extralen) ; 


i = pgpSigCheckBufCbuf,  len,  pub,  pgpHashFinal(hc)); 
if  (i  ==  P G P E R R_N  0 M E M ) 

goto  nomem;  / * Fatal  error  * / 

/*  aaa  TODO:  use  more  error  info  */ 
if  ( i ==  1 ) 

t |=  PGP_SIGTRUSTF_CHECKED; 
t |=  P G P_S IGTRUSTF_TRIED; 

> 

pgpPubKeyDestroy(pub) ; 

uncheckable: 


changemask  |=  setSigTrust(&obj->s,  t); 
if  (func) 

func(arg,  iter,  i); 

> 

ringlterDestroy(iter) ; 
iter  = NULL; 


for  (sp  = 0;  sp  < (int)(sizeof(hcstack)/sizeof(*hcstack));  sp++) 
pgpHashDestroy(hcstackCspH); 


# i f 0 

/*  Set  the  trustchanged  bits  under  the  mask  */ 
ringPoolMarkTrustChanged(ring,  changemask); 

# e n d i f 

ringlterDestroy  (iter); 
return  0; 


nomem : 


fatal: 


> 


i = P G P E R R_N  0 M E M ; 
ringSimpleErr(sigset->pool,  i); 

if  (iter) 

ringlterDestroy(iter); 

if  (pub) 

pgpPubKeyDestroy(pub); 

for  (sp  = 0;  sp  < (int)(sizeof(hcstack)/sizeof(*hcstack));  sp++) 
pgpHashDestroy(hcstackCsp]); 
if  (iter) 

ringlterDestroy  (iter); 
return  i ; 


/*  Update  the  hash  context  with  the  data  in 
int  ringHashObj  (struct  P g p H a s h C o n t e x t *hc, 

struct  RingSet  const  *set) 


f 


si ze_t  objlen; 
byte  const  *objbuf; 


the  object.  */ 
union  RingObject 


* o b j , 
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byte  tmpbufC3]; 


i f (!hc  ||  !obj  ||  ! set) 

return  P G P E R R_B A D P A R A M ; 

objbuf  = (byte  const  *)ringFetchObject(set,  obj,  Sobjlen); 
if  (lobjbuf) 

return  ringSetError(set)->error; 

/*  We  use  this  format  even  for  subkeys  */ 
if  (OBJ ISKEYCobj ) ) { 

tmpbufCOJ  = PKTB YTE_BU I LD ( PKTB YTE_PUBKE Y,  1); 
tmpbufCID  = (byte) (obj l e n > > 8 ) ; 
tmpbufC2]  = (byte)obj  Len; 
pgpHashUpdate(hc,  tmpbuf,  3 ) ; 

> 

pgpHashl)pdate(hc,  objbuf,  obj  len); 
return  0; 


/ * 

* Sign  the  specified  object  obj,  along  with  its  parents. 

* Should  be  member  of  RingSet  dest,  which  may  be  mutable  or  immutable. 

* Place  signature  into  sig  buffer. 

* sig  buffer  should  be  at  least  pg pMa k e S i g Ma x S i z e ( s p e c ) bytes  long. 

* Returns  size  of  sig  in  bytes  on  success,  negative  on  error. 

*/ 


i n t 

r i ngSi gnOb j (byte  *sig,  struct 
struct  PgpSigSpec 


RingSet  *dest,  union  RingObject  *obj, 
*spec,  struct  Pg p Ra nd om C on t e x t const  *rc) 


struct  PgpHashContext  * h c ; 

union  RingObject  *parentsCRINGMAXDEPTH]; 

i n t len; 

int  level; 

int  retval; 


/ * Initialize  hash  * / 

he  = pgpHashCreate(pgpSigSpecHash(spec)); 
i f ( h c = = NULL ) 

return  P G P E R R_B A D_H A S H N U M ; 

/*  Trace  object's  parents  up  to  top  level  */ 
level  = 0 ; 
for  ( ; ; ) t 

assert  (level  < RINGMAXDEPTH); 
parentsl  level  + +]  = obj; 
if  (OBJ  IST0P(ob j ) ) 
break; 

obj  = obj->g.up; 

> 

/*  Hash  downwards  from  top  to  object  */ 
while  (--level  >=  0)  { 

retval  = ringHashObj  (he,  parentsl  level],  dest); 
if  (retval)  { 

pgpHashDestroy  (he); 
return  retval; 

> 

> 
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Len  = pgpMakeSig  (sig, 
pgpHashDestroy(hc) ; 
return  len; 


spec,  re,  he) 


/***********  DYNAMIC  KEY  EVALUATION  FOR  NON-TRUSTED  KEY  SOURCES  *********/ 


/*  Dynamic  evaluation  functions.  This  is  a bottom-up  algorithm  rather 
than  the  top-down  algorithm  used  by  the  static  evaluation  functions. 
To  evaluate  a name,  its  signatures  must  be  evaluated,  which  in  turn 
require  evaluation  of  the  signing  keys  names.  Thus,  the  algorithm 


is  recursive, 
conditions  are 


The  recursion 
detected: 


terminates  when  one  of  the  following 


i s 
i s 


The  key  to  which  the  name 
The  key  to  which  the  name 
The  signature  is  bad 
The  signature  is  retired 
The  signing  key  is  axiomatic 
The  signing  key  is  revoked 
The  signing  key  has  expired 
A certification  loop  is  detected 
Cert  depth  is  exceeded 


attached 

attached 


i s 
i s 


axiomatic 

revoked 


Certification  loops  are  detected  by  maintaining  a stack  that  represents 
the  certification  path  currently  being  evaluated.  If  the  key  we're 
looking  at  is  already  on  the  stack,  then  it's  a loop.  Loops  are  handled 
in  a better  manner  than  the  static  top-down  algorithm  (which  sometimes 
discards  perfectly  good  signatures),  resulting  in  more  accurate  results. 

Objects  from  untrusted  keyrings  (keyfiles)  do  not  have  the  R I N G 0 B J F_T R U S T 


b i t 

set. 

When  we 

compute 

the  validity  of  such  an  object. 

the 

R I NGOB J F 

_T  RUSTCHANGED  bit 

is  set 

a s 

a record  that  this  has 

been  done . 

aaa 

T0D0 

: Optimize 

aaa 

XXX 

aaa 

XXX 

This  code 

is  buggy 

! 1 1 

does 

not  compute  the  right 

answer  ! 

aaa 

XXX 

Let  " X - > Y " 

mean  " X 

signs 

Y"  . 

Consider  A->B->C->E, 

LU 

A 

1 

O 

A 

1 

GO 

A 

1 

< 

aaa 

XXX 

If  A is  perfectly 

valid 

and 

all  signers  are  90%  valid. 

aaa 

XXX 

then 

* / 

static  word16 

r i n g M n 1 1 n t V a l i d a t e N a m e (struct  RingSet  *set,  union  RingObject  *name, 

int  depth); 

/*  aaa  NOTE:  This  is  not  thread-safe  */ 

static  union  RingObject  *keystackC10D;  / * max  certdepth  ==  10  * / 
static  int  keystac  k_p  tr  = 0 ; 

# i f OLDTRUST 

static  word16  trustCPG  P_KE  Y T R U S T_M  ASK  + ID; 

static  word16  thresh; 

static  RingPool  *trustpool  = NULL; 

static  void 

ri  ngMnt  Ini tTrust  (struct  RingSet  const  *set) 
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unsigned  t ; 

/*  Set  up  trust  table  once  only,  unless  pool  changes  */ 

if  (trustpool  ==  set->pool) 
return; 

set->pool ; 

simple  scoring  system.  Multiply  the  number  of  completes 
by  the  number  of  marginals  required.  This  gives  the 
' score.  Divide  the  total  by  the  number  of  completes  to 
'score'  for  a complete,  and  by  the  number  of  marginals  to 
'score'  for  a marginal. 

t < sizeof(trust)/sizeof(*trust);  t + + ) 
trustCt]  = 0; 

trustCPG  P_KE  Y T R U S T_M  ARGINAL]  = 1; 
trustCPG  P_K  EYTRUST_COMPLETE]  = 1; 
trustCPG  P_K  E Y T R U S T_U  LTIMATE]  = 1; 
if  ( s e t -> p o o l -> n um_ma r g i n a l s ) { 

t rust  C PGP_KEYTRU ST_C0MP LET E ] 
t rust  CPGP_KEYTRUST_ULTI MATE] 

> else  { 

trustCPG  P_K  E Y T R 1)  S T_M  ARGINAL]  = 0; 

> 

i f 


tru 

s t poo  l = 

/* 

* 

This  is  a 

★ 

r e q u i red 

★ 

'ultimate 

★ 

give  the 

★ 

give  the 

*/ 

for 

(t  = 0; 

set->pool->nu  m_m  a r g i n a l s ; 
set->poo l ->  n um_ma r g i na l s ; 


( s e t -> po o l -> n um_c omp l e t e s ) { 

t rust CPGP_KEYTRUST_MARG INAL] 
trustCPG  P_K  E Y T R 1)  S T_U  LTIMATE] 

> else  C 

trustCPGP  KEYTRUST  COMPLETE] 


set->pool ->  n um_c  ompletes; 

: s e t -> poo l -> n um_c ompletes; 


= 0; 

> 

thresh  = t ru s t C PG P_KE YT R U ST_U LTIMATE]; 


# end  i f 


/★  Check  various  attributes  of 
Ensure  all  sigs  attached  to 


key:  revocation  status,  axiomatic, 
the  key  have  been  checked  */ 


expi red  . 


static  void 
ringMntlntCheckKey 

{ 


(struct  RingSet  const  * s e t , union  RingObject 
int  *revoked,  int  *axiomatic,  int  *expi red) 


union  RingObject  ★ o b j , * o b j 2 ; 
ringmask  mask  = set->mask; 
struct  RingSet  *tmpset; 


* ke y , 


assert  (set); 

assert  (key  &&  OBJISKEY  (key)); 

assert  (revoked  SS  axiomatic  &&  expired); 

★revoked  = 0;  *axiomatic  = 0;  *expired  = 0; 


if  ( key-> k . t s t amp  > 0 SS  k e y-> k . v a l i d i t y > 0 && 

(time_t)  ( k e y-> k . t s t a mp  + 

(key->k. validity  * 24  * 3600))  < time  ((time_t  *)  0)) 

★expired  = 1; 

if  ( key->k . t rust  S PG P_KE Y T R U S T F_BU C KS TO P ) 

/★  Must  be  verified  by  passphrase  check,  not  by  simply  looking 
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for  a secret  key.  So,  key  must  be  on  a Local  ring  and 
must  have  the  buckstop  bit  set.  ★ / 

★axiomatic  = 1; 


/*  Ensure  all  sigs  have  been  checked  for  this  key.  Copy  the 
key  to  a temporary  set  and  pass  it  to  r i n g Poo L C h e c k */ 


# if  0 


# e nd  i f 


tmpset  = ringSetCreate  (set->pool); 
assert  (tmpset); 

for  (obj  = key->k.down;  obj;  obj  = obj->g.next)  { 
i f (OBJISBOT  (obj  ) ) 

ringSetAddObject  (tmpset,  obj); 

else  f 


> 


> 


for  (obj2  = obj->g.down;  obj2;  obj 2 = obj2->g.next) 
ringSetAddObject  (tmpset,  o b j 2 ) ; 


ringSetFreeze  (tmpset); 


> 


int  count  = 0; 

fprintf  (stdout,  "Checking  key:\n"); 
ringKeyPrint  (stdout,  set,  key,  0); 
if  ( *ax i oma  t i c ) 

fprintf  (stdout,  "AXIOMATIC  K E Y \ n " ) ; 
if  ((count  = r i n g Poo L C h e c k C o un t (tmpset,  set,  0))  > 0) 
fprintf  (stdout,  "Checking  %d  signatures.  . .\n", 
count); 


ringPooLCheck  (tmpset,  set,  0,  NULL,  NULL); 
ringSetDestroy  (tmpset); 
ringGarbageCoLLect  (set->pool); 


} 


for 


> 


(obj  = 
i f 


> 


key->k.down;  obj;  obj  = obj->g.next)  { 

(mask  & obj->g.mask  S&  0BJISSIG  (obj))  { 

if  ( ob j ->s . type  ==  PG P_S I G T Y P E_KE Y_C OM P ROM  I S E && 
obj->s.by  ==  key  && 

obj->s. trust  & PGP_SIGTRUSTF_CHECKED) 
★revoked  = 1; 


/*  Check  that  the  sig  is  good.  Ensure  that  it  has  been  checked,  that 
it  has  not  expired,  that  it  a key  signature,  that  it  has  not  been 
superseded,  and  that  is  has  not  been  retired.  Expiration  or  revocation 
of  the  signing  key  is  checked  elsewhere. 

★ / 


static  int 

r i n g M n t G o od S i g (struct  RingSet  const  *set,  union  RingObject  *sig) 

union  RingObject  *sig2; 

(void)  set; 

assert  (sig  SS  OBJISSIG  (sig)); 

if  (!  (si g->s . trust  S PG P_S I G T R U S T F_C H E C KE D ) || 

! mn t S i g I s Va  l i d (time  (0),  s i g-> s . t s t a mp , s i g-> s . va l i d i t y ) || 
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s i g->s .type  !=  PG P_S I G T Y P E_KE Y_G E N E R I C ) 
return  0; 

for  ( s i g 2 = sig->s.up->g.down;  s i g 2 ; s i g 2 = sig2->s.next)  { 
if  (sig2->s.by  = = sig->s.by  & & 

s i g2->s . t rust  S PG P_S I G T R U S T F_C H E C KE D && 

( s i g 2-> s . t s t amp  > s i g -> s . t s t amp  || 
sig2->s.type  ==  PG P_S I G T Y P E_KE Y_U I D_R E VO KE ) ) 
return  0; 

> 

return  1;  / * good  * / 

> 

tfdefine  N0_RECURSI0N  1 

/*  Validate  a signature.  May  be  necessary  to  recursively  validate  the 
names  attached  to  the  signing  key.  */ 


static  word16 

r i n g Mn 1 1 n t V a l i d a t e S i g (struct  RingSet  *set,  union  RingObject  *sig, 
{ 


union 

RingObject 

* k e y 

= sig->s.by; 

i n t i ; 

int  revoked  = 0, 

axiomatic  = 0,  expi 

union 

RingObject 

★ name 

= NULL; 

ft  i f ! 

NO. 

_R  ECURSI0N 

w o r d 1 6 

validity  = 

0; 

w o r d 1 6 

b e s t_t  rust 

= 0; 

ft  i f ! 

0LDTRUST 

w o r d 1 6 

confidence 

= o. 

trust  = 0; 

wo  r d 1 6 

be  s t_v a l i d i t y = 

0; 

#end  i 

f 

ft  end  i 

f 

i n t depth) 


assert  (set); 

assert  (OBJISKEY  (key)); 

if  (depth  > s e t -> po o l -> c e r t d e p t h ) 

return  0;  / * exceeded  cert  depth  * / 

# i f 0 

fprintf  (stdout,  "Validating  sig,  depth  = %d\n",  depth); 

ft  e n d i f 


/*  Check  the  stack  for  a certification  loop  */ 
for  (i  = 0;  i < k ey s t a c k_p t r ; i++) 
if  (key  ==  keystackCi]) 

return  0;  /*  certification  loop  detected 

if  ( key->g .mask  ==  0) 

return  0;  /*  dummy  key  */ 

ringMntlntCheckKey  (set,  key,  Srevoked,  Saxiomatic,  Sexpired); 
if  (revoked  ||  expired) 
return  0; 
if  (axiomatic) 

return  0; 

#if  0LDTRUST 


ft  e n d i f 


if  ( ( key->k  . t rust  S PG P_KE Y T R U S T_M A S K ) <=  P G P_KE Y T R U S T_N E V E R ) 
return  0; 


*/ 
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# if  N 0_R  ECURSION 

/*  If  a full  dynamic  validation  is  not  required,  simply 
get  the  confidence  value  from  the  pre-computed  name 
validities.  For  oldtrust,  we  must  check  for  at  least  one 
valid  name,  and  then  return  the  trust  in  the  key  as  a 
"score"  * / 

# i f OLDTRUST 

for  (name  = key->g.down;  name;  name  = name->n.next)  { 
if  (OBJISNAME  (name)  SS 

(name->n  . trust  & P G P_N  A M E T R U S T_M  ASK)  > 

P G P_N  A M E T R U S T_U  NTRUSTED) 

return  trustlkey->k. trust  & P G P_K  E Y T R U S T MASK]; 

} 

return  0 ; 

//else 

return  calctrust  (&key->k,  set->mask); 

#end  i f 

//else  /*  ! N 0_R ECURSION  */ 


/*  Recurse  down  (or  up,  whichever  you  prefer)  and  dynamically 
validate  the  signing  key.  * / 


for  (name 
i f 

#if  OLDTRUST 

/* 


key->k.down;  name;  name  = name->g.next)  { 
(10BJISNAME  (name)) 
continue; 

If  the  total  "score"  for  a name  exceeds  thresh, 
then  we  consider  the  key  to  be  valid  and  can 
return  its  trust  as  a "score"  * / 


validity  - ringMntlntValidateName  (set,  name,  depth); 
if  (validity  >=  thresh)  /*  scored  a winner!  */ 

return  trustCkey->k. trust  S P G P_K  E Y T R U S T MASK]; 
//else  /*  ! OLDTRUST  */  “ 

/ * Get  fhe  validity  of  the  name,  and  combine  with  the 
confidence  to  get  overall  trust  in  the  name. 

Keep  track  of  the  'best'  as  this  will  be  returned  as 
the  trust  in  the  signing  key.  */ 


if  (name->n  . confidence  ==  PG P_N E WT R U S T_I N F I N I T E ) 
confidence  = PG P_T R U S T_I N F I N I T E ; 
else  if  (name->n. confidence  ==  PG P_N E WT R U S T_UN D E F I N E D ) 
confidence  = 0; 

else 


confidence  - name->n. confidence  <<  TRUST_CERTSHIFT; 


/*  Don't  bother  validating  name  if  its  confidence  is  0, 
as  it  won't  contribute  to  the  confidence  in  the  sig  */ 


if  (confidence  > 0)  { 

validity  = ringMntlntValidateName  (set,  name,  depth); 
trust  = mergetrust  (confidence,  validity); 
if  (validity  > best_validity  j | 

(validity  ==  be s t_v a l i d i t y && 
trust  > b e s t_t  rust))  { 

bes t_va l i d i ty  = validity; 
best_trust  = trust; 

} 
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> 

#endi  f 

> 

return  best_trust; 

#endi  f 

> 


/*  Internal  name  validation  function, 
name.  We  can  stop  early  if  we  hit 

static  word16 

r i ngMn t I n t Va l i da t eName  (struct  RingSet 
{ 

union  RingObject  *obj,  * k e y ; 
word16  validity  = 0,  v = 0; 
ringmask  mask  = set->mask; 


Check  all  the  signatures  on  the 
nfinite  validity.  * / 


* s e t , union  RingObject  *name,  int  depth) 


ft  i f 0 
//end  i f 


assert  (set); 

assert  (OBJISNAME  (name)); 
key  = name->n.up; 

fprintf  (stdout,  "Validating  name,  depth  = %d\n",  depth); 


key s t a c k C key s t a c k_p t r ++H  = key; 


/*  push  key  on  the  stack  */ 


# i f OLDTRUST 


//else 


/*  Combine  the  trust  in  each  signature  to  get  the  validity  of 
the  name.  Must  be  careful  to  check  for  overflow,  and  need 
special  handling  for  infinite  trust.  */ 

validity  = 0; 

for  (obj  = name->n.down;  obj;  obj  = obj->g.next)  f 
assert  (OBJISSIG  (obj)); 

if  (mask  S obj->g.mask  &&  obj->s.by  !=  key)  { 
if  (ringMntGoodSig  (set,  obj))  ( 

v = r i ngMn 1 1 n t Va  l i da t e S i g (set,  obj, 

depth  + In- 


validity +=  v;  /*  add  in  "score"  for  sig  */ 
if  (validity  >=  thresh) 

break;  /*  name  is  valid  */ 

if  (v  ==  PGP_TRUST_INFINITE)  t 
validity  = v; 

break;  /*  can't  do  better  than  this!  */ 

> 

else  if  (validity  < PGP_TRUST_MAX ) { 
validity  +=  v; 
if  (validity  + 1 <=  v) 

validity  = PG P_T R U S T_M AX ; 

} 


# e nd  i f 


> 

> 

k e y s t a c k_p  t r 
return  validity; 


/*  pop  key  off  the  stack  */ 
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/*  Validate  a name  from  an  untrusted  keyfile.  Externally  visible.  */ 


void 

ri  ngMntVa l i dateName  (struct  RingSet  const  *set,  union  RingObject  *name) 
{ 

word16  validity  = 0; 
struct  RingSet  *allkeys; 

int  axiomatic  = 0,  revoked  = 0,  expired  = 0; 


assert  (set); 

assert  (name  & & OBJISNAME  (name)); 

if  (name->g.f  lags  & ( R I NG OB J F_T R U S T | R I N G 0 B J F_T R U S T C H A N G E D ) ) 
return;  /*  already  done  */ 


if  (!(name->g. flags 

/ * Here's  a 
copy  the 
union  of 


& R I N G 0 B J F_T  RUSTCHANGED) ) { 

real  cheat.  We  copy  the  set  and  then 
allocmask  from  the  parent  pool  for  an  instant 
all  keys  in  the  pool.  */ 


# i f OLDTRUST 


# e l s e 


allkeys  = ringSetCopy  (set); 
assert  (allkeys); 
ringSetFreeze  (allkeys); 

allkeys->mask  = ringAllocMask  (set->pool,  NULL); 

r i ng Mn 1 1 n t C h e c kKe y (allkeys,  name->n.up,  Srevoked,  Saxiomatic, 

&expi red ) ; 


ringMntlnitTrust  (allkeys); 
if  (revoked) 

validity  = P G P_N A M E T R U S T_U N T R U S T E D ; 
else  if  (axiomatic) 

validity  = PG P_N AM ET R U S T_C 0M PL ET E ; 

else  ( 

validity  = ringMntlntValidateName  (allkeys,  name,  0); 
if  (validity  >=  thresh) 

validity  = PG P_N AM E T R U S T_C 0M P L E T E ; 
else  if  (validity  * 2 > = thresh) 

validity  = PG P_N AM E T R U S T_M A RG I N A L ; 

else 

validity  = PG P_N AM E T R U S T_U N T RU S T E D ; 

> 

name->n  . t rus t = ( n ame-> n . t r u s t & ~ PG P_N AM E T R U S T_M A S K ) | 

validity; 


name->n. valid  = 0; 
i f (revoked ) 

name->n . valid  = 0; 
else  if  (axiomatic) 

name->n. valid  = P G P_T  RUS  T_I NFINITE; 

else 

name->n . valid  = ringMntlntValidateName 

(allkeys,  name,  0); 

if  ( name->n .valid  ==  PG P_T R U S T_I N F I N I T E ) { 

name->n. validity  = P G P_N  E W T R U S T_I NFINITE; 

> else  ( 

validity  = name->n  . va  l i d >>  T RU S T_C E RT S H I F T ; 
na me-> n . va l i d i t y = (validity  > PGP_NEWTRUST_MAX ) ? 

PGP_NEWTRUST_MAX  : (byte)  validity; 
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# e nd  i f 


y 


y 


y 

name->g.  flags  |=  R I N G 0 B J F_T RU S T C H A NG E D ; 
ringSetDestroy  ( a l l keys); 


/*  Validate  a key  from  an  untrusted  keyfile.  Externally  visible.  */ 
void 

r i n g M n t V a l i d a t e Ke y (struct  RingSet  const  *set,  union  RingObject  *key) 

{ 

union  RingObject  * n a m e ; 

int  revoked  = 0,  axiomatic  = 0,  expired  = 0; 
assert  (set); 

assert  (key  &&  OBJISKEY  (key)); 


> 


if  ( ! ( key->g  . f lags  S ( R I N G OB J F_T R U S T | R I N G 0 B J F_T R U S T C H A N G E D ) ) ) { 

ringMntlntCheckKey  (set,  key,  Srevoked,  Saxiomatic,  S e x p i r e d ) ; 
if  (revoked ) 

key->k. trust  |=  PG P_KE Y T R U S T F_R E VO KE D ; 
key->g. flags  |=  R I N G OB J F_T R U S T C H A NG E D ; 

> 


for  (name 
i f 


> 


key->k.down;  name;  name  = name->n.next)  { 
r i ng Ob j e c t Ty pe  (name)  ==  R I N G T Y P E_N AM E ) 
ringMntValidateName  (set,  name); 
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ringmnt.h 

/ * 

* $Id:  ringmnt.h,v  1.12  1996/11/12  02:17:49  mhw  Exp  $ 

* / 

# i f n d e f PG P_R I NG MN T_H 
//define  P G P_R I N G M N T_H 

//include  " pg p / u s u a L s . h " 

/* 

* Opaque  types 
*/ 

struct  Ringlterator; 

//ifndef  T Y P E_R I N G I T E R A TO R 
//define  T Y P E_R  I N G I T E R A T 0 R 1 
typedef  struct  Ringlterator  Ringlterator; 
ft  end  i f 

struct  RingPool; 

# i f n d e f T Y P E_R I NG POO L 
//define  T Y P E_R  I N G POO  L 1 

typedef  struct  RingPool.  RingPool; 
ft  e n d i f 

struct  RingSet; 
ft  ifndef  T Y P E_R  I N G S E T 
//define  T Y P E_R  I N G S E T 1 
typedef  struct  RingSet  RingSet; 

//end  i f 

union  RingObject; 

//ifndef  T Y P E_R  I NGOB  J E C T 
//define  T Y P E_R  I N G 0 B J E C T 1 
typedef  union  RingObject  RingObject ; 
ft  e nd  i f 

struct  PgpHashContext; 

//ifndef  T Y P E_P  G P H A S H C 0 N T E X T 
//define  T Y P E_P  G P H A S H C 0 N T E X T 1 

typedef  struct  PgpHashContext  PgpHashContext; 

//end  i f 

struct  PgpRandomContext; 

//ifndef  TYPE_PGPRANDOMCONTEXT 
//define  T Y P E_P  G P R A N D 0 M C 0 N T E X T 1 

typedef  struct  PgpRandomContext  PgpRandomContext; 
ft  e n d i f 

struct  PgpSigSpec; 

//ifndef  T Y P E_PG  P S I G S P E C 

//define  T Y P E_PG  P S I G S P E C 1 

typedef  struct  PgpSigSpec  PgpSigSpec; 

//end  i f 

w o r d 1 6 ringKeyCalcTrustCstruct  RingSet  const  *set,  union  RingObject  *key); 
int  ri ngMnt (struct  RingSet  const  *set,  struct  RingSet  *dest, 
word32  const  timenow); 

int  ringPoolCheckCountCstruct  RingSet  const  *si gset. 
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struct  RingSet  const  *keyset,  int  allflag)  ; 
int  ringPoolChecklstruct  RingSet  const  *sigset,  struct  RingSet  const  *keyset, 

int  allflag, 

void  ( * f u n c ) (void  *,  struct  Ringlterator  *,  int), 
void  * a r g ) ; 

int  ringHashObj  (struct  Pg p H a s h C o n t e x t *hc,  union  RingObject  *obj, 

struct  RingSet  const  * s e t ) ; 

int  ringSignObj(byte  *sig,  struct  RingSet  * d e s t , union  RingObject  * o b j , 
struct  PgpSigSpec  *spec,  struct  PgpRandomContext  const  *rc); 


void 

ringMntValidateName  (struct  RingSet  const  *set,  union  RingObject  *name); 
void 

ringMntValidateKey  (struct  RingSet  const  *set,  union  RingObject  *key); 
#endif  /*  P G P_R I N G M N T H */ 


763 


lib/ pgp/keys/ ringpars.c 


ringpars.c 


/ * 

* ringpars.c  - parse  structures  from  a keyring.  Validates  its 

* inpout  very  carefully,  for  use  by  ringopen.c. 

* Also  includes  routines  to  "unparse"  and  assemble  keyring  packets 

* 

* Written  by  Colin  Plumb. 

* 

* $ I d : ringpars.c, v 1.22  1996/11/12  02:17:50  mhw  Exp  $ 

* / 


# i f d e f HAVE  C0NFIG_H 


//include 

" c o n f i g . h " 

# e n d i f 

//include 

<assert  . h> 

# i n c l u d e 

<string.h> 

//include 

"ri  ngpars . h" 

//include 

"ringpriv.h"  /* 

U i n c l ud  e 

"pgp/hash  . h" 

//include 

"pgp/usuals.h" 

//include 

"pgp/keyspec.h" 

# i n c l ude 

"pgp/pgper r . h" 

//include 

"pgp/pubkey.h" 

# i f n d e f 

NULL 

//define 

NULL  0 

For  ringHashBuf,  pgpFingerprint20HashBuf 


# e n d i f 


*/ 


//ifndef  PGPVERSI0N_2 
//define  PGPVERSI0N_2  2 
# e nd  i f 

//  i f n d e f KN 0 W N_P G P_V E R S I 0 N 

//define  KN 0 W N_P G P_V E R S I 0 N ( x ) ( ( x ) == P G P V E R S I 0 N_2  ||  ( x ) = = P G P V E R S I 0 N_2_6 ) 

//end  i f 

/ * 

* Read  a key  from  the  buffer  and  extract  vital  statistics. 

* If  the  KeylD  cannot  be  determined,  a fake  keylD  with  a 32-bit  CRC 

* stuffed  in  the  middle  is  created.  This  is  designed  to  assist 

* matching  of  bad  keys. 

* 

* A key  is: 

* 0 Version:  1 byte 

* 1 Timestamp:  4 bytes 

* 5 Validity:  2 bytes 

* 7 Algorithm:  1 byte 

* l A l g o r i t h m- s pe c i f i c portionH 

* 8 Some  MP  number  from  which  we  can  extract  key  ID:  modulus,  etc. 

* [Other  a l g o r i t h m- s p e c i f i c fields] 

* [with  possible  extra  data  if  it's  a secret  key] 

* 

* If  "secretf"  is  set,  additional  data  is  allowed  at  the  end  of  the 

* packet.  If  it  is  clear,  additional  data  results  in  PGPERR_KEY_LONG . 

* (The  format  of  the  extra  data  is  not  checked.) 

*/ 

i n t 

r i n g Ke y Pa r s e ( by t e const  *buf,  si ze_t  len,  byte  *pkalg,  byte  keyIDC8], 

word16  *keybits,  word32  *tstamp,  word16  *validity,  int  secretf) 
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unsigned  mien,  elen; 
i n t err; 

/*  Defaults  in  case  of  error  ★ / 
if  (keylD) 

memsetCkeylD,  0,  8 ) ; 
if  (keybits) 

★keybits  = 0; 
if  (tstamp) 

★tstamp  = 0 ; 
if  (validity) 

★validity  = 0; 
if  (pkalg) 

★pkalg  = 0; 


i f ( l e n < 1 ) 

goto  f a k e i d_s h o r t ; 

if  ( ! KN  0 W N_P  G P_V  ERSIONCbufCO]) ) { 
err  = PG P E R R_KE Y_V E R S I ON ; 
goto  fakeid; 

> 

if  ( l e n < 5 ) 

goto  f a k e i d_s h o r t ; 


# i f 0 


Send  i f 


if  (tstamp) 

★ tstamp  = ( w o r d 3 2 ) ( ( u n s i g n e d ) bu f 1 1 D <<  8 | bufC2])  <<  16  | 

( ( u n s i g n ed  ) b u f C 3 ] <<  8 | bufC4]); 

if  ( len  < 7) 

goto  f a k e i d_s h o r t ; 
if  (validity) 

★ validity  = ( uns i gned ) buf C 5 3 <<  8 | bufC6D; 

if  (len  < 8 ) 

goto  f a k e i d_s h o r t ; 
if  (pkalg) 

★ pkalg  = b u f C 7 ] ; 

if  (bufC7:  ! = PG  P_PKA  LG_R  S A 88 

bu  f C 7 ] ! = PG  P_PKA  LG_R  S A_E  N C 88  bufC7]  !=  P G P_P  K A L G_R  S A_S I G ) { 

err  = PG P E R R_KE Y_PK A LG ; 
goto  fakeid; 

> 

if  (len  < 10) 

goto  f a k e i d_s h o r t ; 


/*  Get  bytes  in  modulus  */ 

mien  = (unsigned)bufC8D  <<  8 | bufC9II; 

if  (keybits) 

★keybits  = (word16)mlen; 


if  (mien  88  len  > 10  88  bufLIOD  >>  ((mlen-1)87)  !=  1)  { 

err  = PG P E R R_KE Y_M0 D M P I ; 
goto  fakeid; 

> 

mien  = (mien  + 7)  / 8; 
if  (len  < 10  + mien) 

goto  f a k e i d_s h o r t ; 
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if  (Len  < 12  + mien) 

return  PG P E R R_KE Y_S H 0 R T ; 

if  (bufC7II  ==  P G P_P  K A LG_R  S A || 

buf[7D  ==  P G P_P  K A L G_R  S A_E  N C | | bufC7:  ==  P G P_P K A L G_R S A_S I G ) { 

/ * Read  keylD  * / 
if  (keylD)  { 

memcpy(keyID,  buf  + 10  + mien  - 8 , 8 ) ; 
if  (mien  < 8) 

memset(keyID,  0,  8 - mien); 

} 

/*  Sanity  checks  on  the  exponent  */ 

elen  = (unsigned)bufC10+mlen]  <<  8 | bufCII+mlenO; 

if  (elen  &&  len  > 12+mlen  &&  bufC12+mlen]  >>  ((elen-1)&7)  !=  1) 

return  PG P E R R_KE Y_E X PM P I ; 
elen  = (elen  + 7)  / 8; 

if  (len  < 1 2 + m l en  + e l en  ) 

return  PG P E R R_KE Y_S H 0 RT ; 
i f ( (buf CIO  + mlen-1 1 & 1 ) ==  0) 

return  PG P E R R_KE Y_M0 D E V E N ; 
if  ((bufC12+mlen+elen-1]  & 1)  ==  0) 
return  P G P E R R_KE Y_E X P E V E N ; 
if  (len  > 12  + mlen  + elen  &&  ! secretf ) 

return  PG P E R R_KE Y_L0 NG ; 

> else  if  (keylD)  t 

/ * 

* Non-RSA  keys  use  newer  keylD  algorithm. 

* Low  bits  of  f i n g e r p r i n t 2 0 hash  of  key,  but  we  can't 

* use  that  function  directly  as  key  is  not  assembled  yet. 

* / 

byte  hashC2O0; 
if  (secretf) 

len  = ringKeyParsePublicPrefix(buf,  len); 
err  = pgpFingerprint20HashBuf(buf,  len,  hash); 
if  (err  < 0) 

return  err; 

assert  (err  ==  sizeof(hash)); 
m em c py ( k e y I D , h a s h + s i z e o f ( h a s h ) -8  , 8); 

> 

return  0; 

f a ke i d_s  h o r t : 

err  = PGPERR_KEY_SHORT; 

f a k e i d : 

/* 

* We  couldn't  read  a KeylD.  Create  a bogus  one. 

* The  low  32  bits  are  0 (which  really  stands  out  in  a 

* keyring  listing  and  is  impossible  in  the  usual  case), 

* but  the  high  32  bits  are  a CRC  of  the  packet,  to  reduce 

* reports  of  keylD  collisions. 

* / 

if  (keylD)  { 

word32  fake  = ringHashBuf(buf,  len); 
keylDCOl  = (byte) (fake  >>  24); 
keylDCI]  = (byte) (fake  >>  16); 
keyIDC2]  = (byte)  (fake  >>  8); 
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keyIDC33  = (byte)fake; 

> 

return  err; 

> 

/*  Extract  the  modulus  from  a key  and  return  it  (buffer  & length)  */ 
byte  const  * 

ringKeyParseModulus(byte  const  *buf,  size_t  len,  unsigned  *lenp) 

{ 

unsigned  msize; 

* l e n p = 0 ; 

if  (len  < 10  ||  ! KN0WN_PGP_VERS ION ( buf COO ) || 

( bu  f C 7 ] ! = P G P_P K A LG_R  S A && 

bufC73  ! = P G P_P  K A L G_R  S A_E  N C SS  bufC7D  !=  P G P_P K A L G_R S A_S I G ) ) 
return  0; 

/*  Get  bytes  in  modulus  */ 

msize  = (unsigned)bufC8]  <<  8 | b u f C 9 D ; 

msize  = (msize  + 7)  / 8; 

* l e n p = msize; 
return  buf  + 10; 


/*  Extract  the  exponent  from  a key  and  return  it  (buffer  & length)  */ 
byte  const  * 

ri ngKeyParseExponent (byte  const  *buf,  size_t  len,  unsigned  *lenp) 

{ 

unsigned  size; 

* l e n p = 0 ; 

if  (len  < 12  ||  ! KN 0 W N_PG P_V E R S I 0 N ( bu f L 0 D ) || 

( bu  f C 7 0 ! = P G P_P K A LG_R  S A && 

b u f C 7 0 ! = PGP_PKALG_RS A_ENC  &8  bufC7]  !=  P G P_P  K A L G_R  S A_S I G ) ) 

return  NULL; 


/*  Get  bytes  in  modulus  */ 
size  = ( uns i gned ) buf L80  <<  8 
size  = (size  + 7)  / 8; 

| buf Z91; 

if  (len  < 12  + 

return 

size) 

NULL; 

/ * Skip  modulus 
size  +=  10; 
buf  + = size; 
len  -=  size; 

★ / 

/*  Get  bytes  in  exponent  */ 
size  = ( u n s i g n e d ) b u f C 0 ] <<  8 | 

size  = (size  + 7)  / 8; 

buf Cl  3; 

if  (len  < 2 + size) 
return  NULL; 

*lenp  = size; 
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return  but  + 2 ; 

> 

byte  const  * 

r i ng S i g Pa r s e E x t ra ( by t e const  *buf,  size_t  Len,  unsigned  *lenp) 

{ 

if  (Len  < 2 ||  ! KN  0 W N_P  G P_V  ERSION(bufCOD)  ||  Len  < 2u  + bufCI]) 

{ 

* L e n p = 0 ; 

return  NULL;  / * Too  short  or  bad  version  * / 

> 

*Lenp  = bufCIII; 
return  buf+2; 

> 

/*  Extract  the  R S A integer  from  a sig  and  return  it  (buffer  S Length)  */ 
byte  const  * 

ringSigParseInteger(byte  const  *buf,  size_t  Len,  unsigned  *lenp) 

{ 

unsigned  size; 

* L e n p = 0 ; 

if  (Len  < 2 ||  i KN 0 W N_PG P_V E R S I 0 N ( b u f C 0 ] ) ) 

return  NULL;  / * Too  short  or  bad  version  * / 

if  (Len  < 16u  + buf  C 1 ] ) 

return  NULL;  / * Too  short  * / 

/*  Skip  forward  to  PK  aLgorithm  */ 

Len  -=  10  + b u f C 1 ] ; 
buf  +=  10  + b u f C 1 ] ; 
if  (bufCO:  ! = PG  P_PKA  LG_R  S A && 

bufCO]  ! = PG  P_PKA  LG_R  S A_E  N C &&  bufCO]  !=  PG P_PKA LG_R S A SIG) 


return  NULL; 

/* 

Not 

R S A */ 

/ * Get 
size  = 
size  = 

bytes  in  modulus 
(unsigned)bufC4] 
(size  + 7)  / 8; 

V 
* V 

8 1 

buf C5]; 

if  (Len 

< 6 + size) 
return  NULL; 

* L e n p = 
return 

size; 
buf  + 6 ; 

/* 

* HeLper  function  for  r i n g P o o L A d d P h y s . 

* 

* Read  a signature  from  the  fiLe,  positioned  just  after  the  header. 

* "Len"  is  the  Length  of  the  signature  packet.  Leaves  the  fiLe 

* pointed  after  the  Length. 

-k 

* A signature  is: 

* 0 Version:  1 byte 

* 1 Length  of  foLLowing  material:  1 byte  (must  be  5!) 

* 2 Signature  type:  1 byte 

* 3 Timestamp:  4 bytes 

* 7 KeylD:  8 bytes 
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* 15  Public-key  algorithm:  1 byte 

* 16  Hash  algorithm:  1 byte 

* 17  First  2 bytes  of  hash:  2 bytes 

* 19  MPI  of  signature  (header) 

* 21  MPI  of  signature  (data) 

* 

* This  reads  up  to  the  keylD  (15  bytes)  into  a buffer, 

* then  sets  up  the  various  fields. 

* / 
i n t 

r i ngS i gPa r se ( by t e const  *buf,  size_t  len,  byte  *pkalg,  byte  keyIDC8], 
word32  *tstamp,  word16  *validity,  byte  *type,  byte  *hashalg, 
byte  *extra  len) 

{ 

unsigned  l;  / * extralen  * / 

unsigned  t; 
byte  alg; 


/* 

Default  settings  in 

case  of  error 

i f 

( pka  l g ) 

★pkalg  = 0; 

i f 

( k e y I D ) 

memset ( keylD, 

0,  8); 

i f 

(tstamp) 

★tstamp  = 0; 

i f 

(validity) 

★validity  = 0; 

i f 

(type) 

★type  = 255; 

i f 

(hashalg) 

★hashalg  = 255 

F 

i f 

(extralen) 

★extralen  = 0; 

i f 

(len  < 1 ) 

return  PGPERR_ 

S IG_SH0RT; 

i f 

( ! KNOWN_PGP_VERSION(buf COD) ) 

return  PGPERR_ 

S I G_V  E R S I 0 N ; 

i f 

(len  < 2 ) 

return  PGPERR_ 

S IG_SH0RT; 

l = 

buf Cl  3; 

i f 

(extralen) 

★extralen  = (byte)l; 

i f 

( l >=  1 ) { 

if  (len  < 3) 

return  PG P E R R_S I G_S H 0 R T ; 
if  ( type ) 

★ type  = b u f C 2 ] ; 
if  (l  >=  5 &&  tstamp)  { 

if  (len  < 7) 

return  PG P E R R_S I G_S H 0 RT; 

★ tstamp  = ( w o r d 3 2 ) ( ( u n s i g n ed  ) b u f C 3 II  < < 8 | b u f C 4 1 ) <<  16  | 

( (unsi gned)bufC53<<8  | b u f C 6 D ); 

> 

if  (l  >=  7 &&  validity)  { 
if  (len  < 9) 

return  PG P E R R_S I G_S H 0 RT ; 

★tstamp  = (word16)bufC7]<<8  | bufL8]; 

} 
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#i  f 0 


# e n d i f 


> 


> 

if  (! extra  Len  SS  L !=  5) 

return  PG P E R R_S I G_E XT R A L E N ; 
if  (Len  < 1+10) 

return  P G P E R R_S I G_S H 0 R T ; 
if  (keylD) 

memcpy(keyID,  buf  + 7,  8 ) ; 
if  (Len  < L + 1 1 ) 

return  PG P E R R_S I G_S H 0 R T ; 
aLg  = bufCL  + 10]  ; 
if  ( p k a L g ) 

* p k a L g = aLg; 

if  (bufCL  + 10]  ! = PG  P_P  K A LG_R  S A && 

bufCL  + 10]  ! = P G P_P  K A L G_R  S A_E  N C &&  bufCL  + 100  !=  P G P_P K A L G_R S A_S I G ) 
return  P G P E R R_S I G_P K A L G ; 

if  (Len  < L+12) 

return  P G P E R R_S I G_S H 0 R T ; 
if  ( h a s h a L g ) 

* h a s h a L g = bufCL+11]; 
if  (Len  < L+16) 

return  P G P E R R_S I G_S H 0 R T ; 
t = (unsigned)bufCL+14]  <<  8 | bufCL+15]; 
if  (t  & 8 Len  > L + 16  &&  bufCL  + 16]  >>  ( (t-1  )&7)  !=  1) 

return  PG P E R R_S I G_M P I ; 

L +=  16  + (t+7)/8; 

if  (aLg  ==  P G P_P  K A L G_R  S A || 

aLg  ==  P G P_P  K A LG_R  S A_E  N C ||  aLg  ==  PG P_PKA LG_R S A_S I G ) { 
if  (Len  ! = L ) 

return  Len  < L ? P G P E R R_S I G_S H 0 R T : PGPERR  SIG  LONG; 

> ~ 

return  0; 


/* 

* Return  the  Length  of  the  prefix  of  a secret  key  which  is  a pubLic  key, 

* or  0 if  it  can't  be  determined.  A key's  prefix  is: 

* 0 1 - Version 

* 1 4 - Creation  time 

* 5 2 - Vaidity  period  (days) 

* 7 1 - ALgorithm 

* 8 ? - A L g o r i t hm-s pe c i f i c parameters 

* / 

s i z e_t 

ringKeyParsePubLi cPrefix(byte  const  *buf,  size_t  Len) 
f 

s i z e_t  size; 

/*  Check  version  bytes  */ 

if  ( ! KN0WN_PGP_VERSI0N(buf [0])  ||  Len  < 8) 
return  0; 

size  = pgpPubKeyPref i xS i ze ( buf C 70,  buf+8,  Len-3); 
if  (size) 

size  + = 8 ; 
return  size; 

} 


i n t 

ringKeyParseFingerprint16(byte  const  *kbuf,  size_t  kLen,  byte  * f i ng e r p r i n t ) 


770 


lib/pgp/keys/ ringpars.c 


struct  PgpHash  const  * h ; 
struct  PgpHashContext  * h c ; 
byte  const  * b u f ; 
unsigned  ten; 


h = pg p H a s h By N umb e r ( PG P_H A S H_M D 5 ) ; 
if  ( ! h ) 

return  P G P E R R_B A D_H A S H N U M ; 
he  = pgpHashCreate(h); 
if  ( ! he  ) 

return  PG P E R R_N0M E M ; 


buf  = ringKeyParseModulusCkbuf,  klen,  & l e n ) ; 
if  ( ! bu  f ) 

goto  error; 

pgpHashUpdateChc,  buf,  ten); 


buf  = ringKeyParseExponentCkbuf,  klen,  8 L e n ) ; 
if  ( ! b u f ) 

goto  error; 

pgpHashUpdate(hc,  buf,  ten); 


buf  = pgpHashFinal(hc); 

memepy ( f i ngerpri nt,  buf,  h->hashsize); 
pgpHashDestroy(hc); 


error: 


> 


return  h->hashsize;  / * Success  * / 

pgpHashDestroy(hc); 
memsetCf ingerprint,  0,  16); 

return  ringKeyParse( kbuf , klen,  NULL,  NULL,  NULL,  NULL,  NULL,  0); 
/*  Pkalg  KeylD  Key b i t T s t ampVa L i d */ 


/*  Return  the  size  which  will  be  used  to  create  the  key  prefix  buffer  */ 
s i z e_t 

r i ngKey Bu f f e r Le ng t h ( s t ru c t PgpKeySpec  const  *ks,  byte  pkalg) 

i 

(void)ks; 

(void)pkalg; 

return  8;  / * version(1)  + timestamp(4)+validity(2)+pkalg(1)  * / 

> 


/*  Create  the  key  prefix  buffer  */ 
i n t 

r i ngKeyToBuf f e r ( by t e *buf,  struct  PgpKeySpec  const  *ks,  byte  pkalg) 

{ 

word32  tstamp; 
word16  validity; 


bu  f C 0 ] = 
tstamp  = 
bufCI]  = 
bu  f C 2 D = 
b u f C 3 D = 
bu  f L 4 3 = 
validity 


pgpKeySpecVersion(ks); 
pgpKeySpecCreation(ks); 
(byte)  (tstamp>>24); 

(byte)  (tstamp>>16); 

(byte)  (tstamp>>  8); 
(byte)(tstamp  ); 

= pgpKeySpecValidity(ks); 
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bufC5H  = ( by t e ) ( v a L i d i t y >> 8 ) ; 
bufC6]  = ( by t e ) ( va L i d i ty  ); 
bu  f [ 7 2 = pkalg; 
return  0 ; 

> 

/*  Return  the  size  of  a prefix  buffer  for  a secret  key  */ 
s i z e_t 

ri ngSecBuf f erLength (struct  PgpKeySpec  const  *ks,  byte  pkalg) 

{ 

return  ringKeyBufferLengthCks,  pkalg); 

> 

/*  Create  the  prefix  buffer  for  a secret  key  */ 
i n t 

r i ngSecToBuf f er ( by t e *buf,  struct  PgpKeySpec  const  *ks,  byte  pkalg) 
return  ringKeyToBufferCbuf,  ks,  pkalg); 

> 
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ringpars.h 

/ * 

* $ I d : ringpars.h, v 1.1  0 1 996/1  1 /1  2 02:1  7:50  mhw  Exp  $ 

* / 

tfifndef  R I N G P A R S_H 
//define  R I N G P A R S_H 

^include  <stddef.h>  /*  For  si ze_t  */ 

//incLude  "pgp/usuals  . h" 
struct  PgpKeySpec; 

int  r i n g Key  Pa r s e ( by t e const  *buf,  si ze_t  ten,  byte  *pkaLg,  byte  keyIDH83, 
word16  *keybits,  word32  *tstamp,  word16  * v a L i d i t y , int  secretf); 
si ze_t  r i ng Key P a r s e P u b L i c P r e f i x ( by t e const  *buf,  si ze_t  Len); 

byte  const  *ringKeyParseModuLus(byte  const  *buf,  si ze_t  Len,  unsigned  *Lenp); 
byte  const  *ringKeyParseExponent(byte  const  *buf,  si ze_t  Len,  unsigned  *Lenp); 

int  ringKeyParseFingerprint16(byte  const  *kbuf,size_t  kLen,  byte  *fingerprint); 
int  r i ng S i g Pa r s e ( by t e const  *buf,  size_t  Len,  byte  *pkaLg,  byte  keyIDC8D, 
word32  *tstamp,  word16  *vaLidity,  byte  *type,  byte  *hashaLg, 
byte  *extra  Len); 

byte  const  *ringSigParseExtra(byte  const  *buf,  si ze_t  Len,  unsigned  *Lenp); 
byte  const  *ringSigParseInteger(byte  const  *buf,  si ze_t  Len,  unsigned  *Lenp); 

si ze_t  ringKeyBufferLengthCstruct  PgpKeySpec  const  *ks,  byte  pkaLg); 
int  ringKeyToBufferCbyte  * b u f , struct  PgpKeySpec  const  *ks,  byte  pkaLg); 
size_t  ringSecBufferLengthCstruct  PgpKeySpec  const  *ks,  byte  pkaLg); 
int  ringSecToBuff erCbyte  * b u f , struct  PgpKeySpec  const  *ks,  byte  pkaLg); 

# e n d i f /*  R I N G P A R S_H  */ 
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ringpkt.c 


/ * 

* Low-Level  keyring  packet  handling  routines. 

* 

* Written  by  Colin  Plumb. 

* 


* $Id:  ringpkt.c, v 1.15.2.1  1996/11/14  04:09:28  cbertsch  Exp  $ 
*/ 


#ifdef  HAVE  CONFIG  H 


//include 
ft  e n d i f 

" c on  f i g . h " 

ft  i n c l ud  e 

<assert  . h> 

//include 

< s t d i o . h > 

//include 

<string.h> 

//include 

"pktbyte. h" 

//include 

"ringpkt.h" 

tt  i n c l u d e 

"pgp/pgperr  . h" 

//include 

" pgp/usua  l s . h " 

ft  i n c l u d e 

"pgp/pgpfi  le.h 

ft  i f n d e f 

NULL 

//define 
ft  e n d i f 

NULL  0 

For  memsetO 


and  memcmpO 


*/ 


#ifdef  DEADCODE 

char  const  * const  p a c k e t_t y p e C 1 6 0 = C 
"0:  Unknown  packet  type", 

"1:  Public-key  encrypted  packet", 

"2:  Signature  packet", 

"3:  Unknown  packet  type", 

"4:  Unknown  packet  type", 

"5:  Secret  key", 

"6:  Public  key", 

"7:  Unknown  packet  type", 

"8:  Compressed  packet", 

"9:  C o n v e n t i o n a l - k e y encrypted", 

"A:  Unknown  packet  type", 

"B:  Literal  packet", 

"C:  Trust  packet", 

"D:  Key  name  packet", 

"E:  Comment  packet", 

"F:  Unknown  packet  type" 

>; 

tt  e n d i f 
/* 

* Returns  packet  byte,  0 on  normal  EOF,  or  error  code  < 0. 

* / 
i n t 

p k t B y t e G e t ( s t r u c t PgpFile  *f,  word32  *lenp,  word32  *posp) 

{ 

byte  pktbyte, - 
byte  buf4C40; 
word32  len  = 0; 

if  ( po  s p ) C 

* p o s p = pgpFileTell(f); 
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> 


if  (*posp  ==  (word32)-1) 

return  PG P E R R_KE Y I 0_F T E L L ; 


if  ( pg p F i L e R e a d ( & p k t by t e , 1,  f)  i=  1) 

return  pg p F i l e E r r o r ( f ) ? PG P E R R_KE Y I 0_R E A D I NG  : 0; 

if  ( I S_0  LD_PKTBYTE(pktbyte) ) { 

swi tch(PKTBYTE_LLEN(pktbyte) ) { 
case  3 : 

*Lenp  = -(word32)1; 
return  pktbyte; 
case  2 : 

if  ( pg p F i L e R e a d ( bu f 4 , 4,  f)  !=  4) 
goto  error; 

ten  = ( w o rd 32 ) bu f 4 C 0 ] < < 2 4 | ( w o r d 3 2 ) bu f 4 H 1 ] < < 1 6 | 

(word32)buf4C2]<<8  | (word32)buf4E3D; 

break; 
case  1 : 

if  ( pg p F i L e R e a d ( bu f 4 , 2,  f)  !=  2) 
goto  error; 

Len  = (word32)buf4C03<<8  | (word32)buf4C13; 

break; 
case  0 : 

if  ( p g p F i L e R e a d ( bu f 4 , 1,  f)  !=  1) 
goto  error; 

Len  = (word32)buf4C0D; 
break; 

} 

> else  if  ( I S_NEW_PKTB YTE ( pktbyte  ) ) t 

if  (pgpFiLeRead(buf4,  1,  f)  !=  1) 
goto  error; 

Len  = Cword32)buf4C0]; 
if  (Len  < OxcO)  { 

/*  Len  is  the  Length  */ 

> eLse  if  ((Len  & OxeO)  ==  OxcO)  { 

Len  & = 0 x 3 f ; 

if  ( pg p F i L e R e a d ( b u f 4 , 1,  f)  !=  1) 
goto  error; 

Len  = (Len  <<  8)  + (word32)buf4COO  + 192; 

> eLse  f 

/*  Indeterminate  Length,  can't  handLe  that  yet  */ 
return  PG P E R R_K E Y I 0_B A D PKT ; 

> 

> eLse 

return  P G P E R R_K  E Y I 0_B  ADPKT; 

*Lenp  = Len; 
return  (int)pktbyte; 


error: 

if  (IpgpFiLeError(f)) 

return  PG P E R R_KE Y I 0_E 0 F ; 
pgpFi LeCLearError(f); 
return  P G P E R R_K E Y I 0_R E A D I N G ; 

> 

/ * 

* Returns  the  packet  byte  actuaLLy  written,  whose  LLen  fieLd  may  be  greater 
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* than  the  one  passed  in,  but  will  not  be  less,  or  error  code  < 0. 

★ / 
i n t 

pk t By t ePu t ( s t rue t PgpFile  * f , byte  pktbyte,  word32  ten) 

{ 

byte  bu  f 4 [ 4 D ; 
unsigned  lien; 


i f 


( I S_0  L D_P  KT  B YTE(pktbyte))  { 

/*  "Promote"  packet  byte  lien  field  */ 
/*  if  necessary  to  accomodate  length  */ 
if  ( len  ==  Oxf f f f f f f ) { 


> else 

> else 

> 


pktbyte  |=  3 ; 
if  (len  > Oxf f f f ) { 
if  (! (pktbyte  & 2)) 

pktbyte  = (pktbyte  S ~3) 
if  (len  > Oxff)  { 
if  ((pktbyte  S 3)  ==  0) 
pktbyte  |=  1 ; 


2; 


if  ( pgp F i l eW r i t e ( &pk t by t e , 1,  f)  !=  1) 
return  P G P E R R_K  E Y I 0_W  R I T I N G ; 

s w i t c h ( p k t by t e & 3 ) { 
case  3 : 

/*  no  length  field  */ 
break; 
case  2 : 

b u f 4 E 0 II  = (byte)(len  >>  2 4); 
b u f 4 C 1 ] = (byte)(len  >>  16); 
b u f 4 [ 2 ] = (byte)(len  >>  8); 

buf4C3D  = (byte)(len  ); 

if  (pgpFi leWrite(buf4,  4,  f)  !=  4) 

return  PG P E R R_KE Y I 0_W R I T I N G ; 

break; 
case  1 : 

b u f 4 [ 0 ] = (byte) ( len  >>  8); 

b u f 4 C 1 ] = (byte)(len  ); 

if  (pgpFi leWrite(buf4,  2,  f)  !=  2) 

return  PG P E R R_KE Y I 0_W R I T I N G ; 

break; 
case  0 : 

buf4C0]  = (byte)len; 

if  (pgpFi leWri te(buf4,  1,  f)  !=  1) 

return  PG P E R R_K E Y I 0_W R I T I N G ; 

break; 

> 

> else  { 

assert ( I S_N E W_P KT B Y T E ( p k t b y t e ) ) ; 
buf4C0]  = (byte)pktbyte; 
if  ( P KT  L E N_0  N E_B  YTE(len))  { 

buf4Ci:  = P KT  L E N_1 BYTE(len); 

lien  = 2 ; 

> else  { 

buf4C1]  = P K T L E N_B  YTE0(  len); 
bu  f 4 [ 2 ] = PKTLEN_BYTE1 ( len); 
lien  = 3 ; 

> 
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if  ( pg p F i l e W r i t e ( buf 4 , lien,  f)  !=  lien) 
return  PG P E R R_KE Y I 0_W R I T I N G ; 

> 

return  pktbyte; 

> 

/* 

* Compare  data  from  a file  to  a supplied  buffer,  returning  < 0 

* on  a read  error,  0 on  equal,  and  1 on  unequal. 

* / 
i n t 

f i l e U n e q u a l Bu f ( s t r u c t PgpFile  *f,  char  const  *buf,  si ze_t  len) 

{ 

char  buf2C2563; 
s i z e_t  amount; 

while  (len)  f 

amount  = len  < sizeof(buf2)  ? len  : sizeof(buf2); 
amount  = pgpFileRead(buf2,  amount,  f); 
if  (lamount) 

return  pg p F i l e E r r o r ( f ) ? PG P E R R_KE Y I 0_R E A D I NG 

: P G P E R R_K  E Y I 0_E  0 F ; 
if  (memcmp(buf,  buf2,  amount)  !=  0) 
return  1 ; 

len  -=  amount; 
buf  + = amount; 

> 

return  0;  /*  Match  */ 

> 
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ringpkt.h 


/ * 

* Low-level  pa c k e t - h a nd l i n g routines  for  keyring  management. 

* 

* $ I d : ringpkt.h, v 1.6  1 996/1  1 /1  2 02:1  7:50  mhw  Exp  $ 

* / 

//ifndef  RING  PKT_H 
//define  RING  P KT_H 

//include  " p g p / u s u a l s . h " 

struct  PgpFile; 

#ifdef  DEADCODE 

extern  char  const  * const  packet_typeC160; 

//end  i f /*  DEADCODE  */ 


int  p k t By t e G e t ( s t r u c t PgpFile  *f,  word32  *lenp,  word32  *posp), 
int  p k t By t e Pu t ( s t r u c t PgpFile  *f,  byte  pktbyte,  word32  len); 
int  f i l e U n eq u a l Bu f ( s t r u c t PgpFile  *f,  char  const  *buf,  size_t 

//endif  /*  RINGPKT  H */ 


len); 
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ringpriv.c 


/ * 


* Private  helper  functions  for  keyring  manipulation. 

* 


* Written  by  Colin  Plumb. 


* 

* $ I d : 

ri ngpri v . c,v  1.32 

* / 

ft  i f HAVE. 

_C  0 N F I G_H 

^include 

" c o n f i g . h " 

# e nd  i f 

#include 

<assert  . h> 

# i n c l u d e 

<errno.h> 

//include 

<string.h> 

//include 

< s t d i o . h > 

# i n c l ude 

"pktbyte . h" 

//include 

"ringpriv.h" 

# i n c l ud  e 

"ringread.h" 

//include 

"trustpkt.h" 

//include 

"pgp/hash.h" 

//include 

"pgp/pgpenv.  h" 

//include 

"pgp/pgperr  . h" 

//include 

"pgp/sigspec.h" 

# i n c l u d e 

"pgp/trust.h" 

ft  i n c l u d e 

"pgp/usuals.h" 

ft  i f n d e f 

NULL 

//define 

NULL  0 

# e nd i f 

.1  1996/11/14  04:09:28  cbertsch  Exp  $ 


/ * For  ringFilePurgefrouble  * / 


/*  for  PGP  SIGTYPE  */ 


//define  PG P_T R U S T_D E C A D E_I N T E R N A L ( P G P_T R U S T_D E C A D E >>  6) 
//define  PG P_T R U S T_0 C T A V E_I N T E R N A L ( P G P_T R U S T_0 C T A V E >>  6) 

/* 

* Small  helpers  to  report  errors 
*/ 

/*  Report  an  general  I/O  error  */ 
void 

ringErrlstruct  RingFile  *file,  word32  pos,  int  code) 

{ 

struct  Ri ngError  *err  = &file->set.pool->e; 

err->f  = file; 
err->f pos  = pos; 
err->error  = code; 
err->syserrno  = errno; 

> 


/*  Report  a non-I/0  error  */ 
void 

ringSimpleErrlstruct  RingPool  * p o o l , int  code) 
{ 

pool->e.f  = (struct  RingFile  * ) N U L L ; 
pool->e.fpos  = (word32)-1; 
pool->e. error  = code; 
pool->e.syserrno  = errno; 

> 


779 


lib/ pgp/keys/ ringpriv.c 


/*  Report  an  allocation  failure  (called  from  many  places)  */ 
void 

ringAl locErr(struct  RingPool  *pool) 

{ 

ringSimpleErrCpool,  PGPER  R_N  0 M E M ) ; 

> 

/ * 

* Hash  a string  of  bytes.  Uses  the  CRC-32  polynomial,  preset 

* to  -1,  non-invert.  Used  to  reduce  userlD  collisions  and  to 

* create  a fake  keylD  for  unparseable  keys. 

* 

* CRC-32  polynomial  in  little-endian  order: 

* 1+x+xA2+xA4+xA5+xA7+xA8+xA10+xA11+xA12+xA16+xA22+xA23+xA26+xA32 

* 1 1 2 2 2 3 

*048260482 

* = 111011011011100010000011001000001 

*=  edb88320 

* = 0xedb88320 

* / 

//define  CRCP0LY  0xedb88320 
w o r d 3 2 

r i n g H a s h Bu f ( by t e const  *buf,  size_t  len) 

{ 

word32  crc; 
i nt  i , j ; 

static  w o r d 3 2 crctableE2560; 

if  ( ! c r c t a b l e C 2 5 5 ] ) ( 

/*  c r c t a b l e II 0 0 is  already  0 */ 
crctableC128]  = crc  = CRCP0LY; 
i = 6 4; 
d o C 

crc  = crc>>1  A (crc  & 1 ? CRCP0LY  : 0 ) ; 

for  (j  = 0;  j < 256;  j +=  2 * i ) 

c r c t a b l e [ i + j D = crc  A crctableCj]; 

> while  (i  >>=  1); 

> 

crc  = Oxffffffff; 
while  (len  — ) 

crc  = (crc  >>  8)  A crctableKcrc  A *buf  + +)  & 2 5 5 3 ; 
return  crc; 

> 

/ * 

* Return  the  index  of  the  least  significant  bit  in  the  given  mask, 

* or  -1  if  the  mask  is  all  0.  This  uses  (almost)  no  branches, 

* so  should  be  nice  and  fast  on  modern  processors. 

* 

* Oh,  how  does  it  *work*,  you  ask?  I do  confess  that  this  uses 

* two  evil  bit-twiddling  tricks.  The  first  is  one  to  get  a mask 

* of  the  l e a s t - s i g n i f i c a n t set  bit  in  few  instructions. 

* Consider  a binary  number  x,  be  it  11010000  or  00101111. 

* Then  think  about  the  form  of  x-1,  11001111  or  00101110. 

* Notice  that  the  only  difference  is  that  some  l e a s t -s i g n i f i c a n t 

* bits  have  been  complemented.  The  bits  complemented  are 

* those  up  to  and  including  the  l e a s t - s i g n i f i c a n t set  bit. 
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* (x  + 1 does  the  same  with  *c  Lear*  bits).  So  ANDing  the  two 

* results  in  a number  like  the  original,  only  without  the 

* least-significant  set  bit.  XORing  them  produces  a mask 

* with  a number  of  least-significant  bits  set,  depending  on 

* the  least-significant  set  bit,  00011111  or  00000001. 

* 

* Other  tricks:  x & (x-1)  returns  x,  but  with  the  least-significant 

* bit  cleared.  Twos  complement  negation  is  -x  = ~x+1  = ~(x-1), 

* so  x & -x  = x 8 ~(x-1)  returns  only  the  l e a s t -s i g n i f i c a n t bit 

* set  in  x . 


* All  we  need  is  a routine  to  count  the  bits,  and  we're  done. 

* This  is  the  *second*  trick.  Consider  an  8-bit  word: 

* +-+-+-+-+-+-+-+-+ 

* |a|b|c|d|e|f|g|h| 

* +-+-+-+-+-+-+-+-+ 

* Now  copy  this  word,  shift  one  copy  down  one  bit,  and  AND  both 

* copies  with  0x55  (01010101),  to  produce  even  and  odd  bits: 


* 

* 

★ 

* 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

* 


I I b I I d | | f | | h | | | a | | c | | e | |g| 

+-+-+-+-+-+-+-+-+ 
Then  add  the  words  together: 
+-+-+-+-+-+-+-+-+ 

| a + b | c + d | e + f | g + h | 

Note  that  each  two-bit  field  contains 
bits  set  in  that  part  of  the  original 
+-+-+-+-+-+-+-+-+  +-+-+-+-+-+-+-+-+ 
I | c + d | | g + h | + | | a + b | | e + f | 

+-+-+-+-+-+-+-+-+  +-+-+-+-+-+-+-+-+ 
and  once  more  produces: 
+-+-+-+-+-+-+-+-+  +-+-+_+_+_+_+_+_+ 
I I e + f + g + h | + | | a + b + c + d | 

+-+-+-+-+-+-+-+-+  +-+-+-+-+-+-+-+-+ 


(the  blank  squares  are 


a count  of  the  number 
word.  Repeating  this 
+-+-+-+-+-+-+-+-+ 

= | a + b + c + d | e + f + g + h | 
+-+-+-+-+-+-+-+-+ 

+-+-+-+-+-+-+-+-+ 

= | a + b + c + d + e + f + g + h | 
+-+-+-+-+-+-+-+-+ 


zero) 


o f 

produces : 


* Ther  masking  is  needed  so  that  fields  don't  overflow  into 

* adjacent  fields.  Once  the  fields  have  gotten  wide  enough, 

* some  of  it  can  be  reduced  or  eliminated.  In  the  last  step, 

* ab+c+d  and  e+f+g+h  are  both  at  most  4 (binary  100)  and 

* their  sum  is  at  most  8 (binary  1000),  which  still  fits  into  a 

* 4-bit  field,  so  it  is  possible  to  not  mask  the  inputs  to 

* the  addition.  It's  still  necessary  to  mask  the  output,  though, 

* since  the  next  step  (adding  up  to  a maximum  of  16)  won't 

* fit  into  a 4-bit  field.  Once  you  have  an  8-bit  field,  though, 

* you  can  stop  masking  until  the  very  end  unless  you  have  a 

* 256-bit  word. 


* / 


i n t 

r i n g L s B i t F i nd ( r i n g ma s k mask) 

{ 

if  ( ! ma  s k ) 

return  - 1 ; 

mask  A=  mask-1;  / * Number  of  bits  set  is  position  of  Isbit  + 1 * / 
tt  if  RINGMASKBITS  > 32 

mask  = (mask  & 0x5555555555555555)  + (mask  >>  1 & 0x5555555555555555); 

mask  = (mask  8 0x3333333333333333)  + (mask  >>  2 & 0x3333333333333333); 

mask  = (mask  + (mask  >>  4))  8 0x0F0F0F0F0F0F0F0F; 
mask  +=  mask  >>  8; 

mask  + = mask  >>  16; 
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mask  +=  mask  >>  3 2; 
return  (intHmask  8 2 5 5 5 — 1 ; 


# e L i f RINGMASKBITS  > 


mask 

mask 

mask 

mask 

mask 


= (mask 
= (mask 
= (mask 
+=  mask 
+=  mask 


1 6 

& 0x55555555)  + (mask  >>  1 & 
8 0x33333333)  + (mask  >>  2 & 


0x55555555); 

0x33333333); 


+ (mask 

>>  8; 

> > 16; 


>>  4)  ) & OxOFOFOFOF; 


return  (intHmask  & 2 5 5 ) — 1 ; 


# e L i f RINGMASKBITS  > 8 


//else 


mask 

= 

(mask 

8 

0x5555)  + (mask 

>> 

1 

8 

0x5555); 

mask 

(mask 

& 

0x3333)  + (mask 

>> 

2 

8 

0x5333); 

mask 

= 

(mask 

+ 

(mask  >>  4))  8 

0x0  F0  F 

f 

mask 

+ = 

mask 

>> 

8; 

return 

(intHmask  & 2 5 5 ) — 1 ; 

mask 

- 

(mask 

& 

0x5555)  + (mask 

>> 

1 

8 

0x5555); 

mask 

= 

(mask 

8 

0x3333)  + (mask 

>> 

2 

8 

0x5333  ) ; 

mask 

= 

(mask 

+ 

(mask  >>  4))  8 

0 x 0 F 

r 

return 

(int) (mask  - 1); 

# e n d i 
> 


Return  the  mask  of  bits  which  are  actually 
given  RingSet,  if  non-null.  I.e.  the  mask 


if  that  RingSet 
included  on  the 
poo  l ->  f i lemask. 


were  discarded.  RingFile  structures  are  not 
sets  list,  so  they  are  accounted  for  in  the 


/* 

* 

* 

* 

* 

* 

★ / 

ringmask 

r i n g A l l o c Ma s k ( s t r u c t RingPool  const  *pool, 
{ 

struct  RingSet  const  * s e t ; 
ringmask  mask  = p o o l - > f i lemask; 


in  use,  excepting 
which  would  be  in 


the 

use 


struct  RingSet  const  *set0) 


set->next) 


for  (set  = pool->sets;  set;  set 
mask  |=  set->mask; 

if  (setO)  /*  setO  may  or  may  not  be  on  the  sets  list  */ 

mask  8 = ~set0->mask; 
return  mask; 


/*  Helper  function  for  r i n g G a r b a g e C o l l e c t */ 
ringmask 

ringClearMask(struct  RingPool  *pool,  union  RingObject  **objp,  ringmask  mask) 
{ 

union  RingObject  *robj; 
ringmask  omask; 
ringmask  remmask  = 0; 

while  ((robj  = *objp)  !=  (union  RingObject  *)0)  f 
omask  = robj->g.mask  8 = mask; 
if  ( !0BJISB0T(robj  ) ) 

remmask  |=  r i ngC  l ea rMask( poo  l , &robj->g.down,  mask); 
if  (omask  ==  MEMRINGMASK)  { 

/*  Delete  the  object  */ 
assert(  ! robj->g.down); 

*objp  = r o b j -> g . n e x t ; 
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> 


r i n g F r e e Ob j e c t ( poo L , robj); 

> else  { 

/*  Skip  to  next  object  */ 
remmask  |=  omask; 
objp  = &robj->g.next; 

> 

> 

return  remmask; 


/ * 

* Reclaim  all  unused  bits  and  delete  any  unreferenced  memory  objects. 
*/ 
i n t 

r i n g G a r b a g e C o l l e c t ( s t r u c t RingPool  *pool) 

{ 

ringmask  mask; 


} 


mask  = r i ng A l l o c Ma s k ( poo  l , (struct  RingSet  const  *)NULL); 
if  (mask  !=  p o o l -> a l l o c m a s k ) ( 
pool->al locmask  = mask; 

mask  = ringClearMask(pool,  &pool->keys,  mask); 
if  ( ! (mask  & M E M R I N GM A S K ) ) { 

memPoolEmpty(Spool->fi lesCMEMRINGBIT]. strings); 
memPoolEmpty(&pool->files[MEMRINGBIT].fpos); 
return  1;  / * Something  freed  * / 

> 

> 


return  0; 


/*  Nothing  freed  */ 


/*  Remove  a single  key  from  its  hash  chain  */ 
static  void 

r i ng G a r ba g e H a c k Ke y ( s t r u c t RingPool  *pool,  struct  RingKey  *key) 
{ 

struct  RingKey  * * k e y p ; 

keyp  = &pool->hashtableCkey->keyID[ODD; 

while  (*keyp  !=  key)  { 
assert(*keyp); 
keyp  = &(*keyp)->util; 

> 

*keyp  = key->util; 

> 

/*  Remove  a single  signature  from  its  sigsby  list  */ 
static  void 

r i ng G a r ba g e H a c k S i g ( s t r u c t RingSig  *sig) 

{ 

struct  RingKey  *key; 
struct  RingSig  **sigp; 

key  = &sig->by->k; 
assert(KEYISKEY(key)); 

/ * 

* This  could  be  one  loop  but  for  type  rules,  sigh... 
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> 


* The  problem  doesn't  happen  often,  fortunately. 

* (The  single  loop  can  be  expressed  in  C using  the 

* cheat  sigp  = (struct  RingSig  **)&key->sigsby;  but 

* while  that's  portable  in  practice,  we  eschew  it 

* for  the  sake  of  ANSI  C purity.) 

* / 

if  ( & k ey-> s i g s by-> s ==  sig)  { 

key->sigsby  = (union  RingObject  *)sig->nextby; 

} else  { 

sigp  = &key->sigsby->s.nextby; 
while  ( * s i g p !=  sig) 

sigp  = &(*sigp)->nextby; 

★sigp  = sig->nextby; 

> 


/ * 

* Delete  a single  object  from  the  global  pool  if  it  is  an  unreferenced 

* memory  object. 

* / 


void 

r i ng G a r ba g e C o l l e c t Ob j e c t ( s t r u c t RingPool  *pool,  union  RingObject  *robj) 

{ 

union  RingObject  ★ * o b j p ; 

if  ( rob j ->g . mask  ==  MEMRINGMASK)  { 
assertt ! robj->g.down); 

objp  = OBJISTOP(robj)  ? &pool->keys  : &robj->g.up->g.down; 
while  (*objp  !=  robj)  { 
assert(*objp); 
objp  = &(*objp)->g.next; 

> 

★objp  = robj->g.next; 
if  ( OB J I SKE Y ( rob j ) ) 

ringGarbageHackKey(pool,  &robj->k); 
else  if  (OBJISSIG(robj)) 

ringGarbageHackSig(&robj->s); 
ringFreeObject(pool,  robj); 

> 


} 


i n t 

r i n g B i t A l l o c ( s t r u c t RingPool  *pool) 

{ 

ri  ngmask  mask; 


> 


/*  Allocate  a new  bit  */ 
mask  = ~pool->allocmask; 
if  (!mask)  i 

/*  Wups,  out  of  bits  - try  something  before  dying 
ringGarbageCol lect(pool); 
mask  = "pool->a l locmask; 
if  (!mask)  { 

ringSimpleErr(pool,  P G P E R R_N 0_K E Y B I T S ) ; 
return  PG P E R R_N 0_K E Y B I T S ; 

> 

> 


return  ringLsBitFind(mask); 


*/ 
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/* 


* Allocate  and  deallocate  useful  structures. 

* Note  the  interesting  shenanigans  used  to  allocate 

* a structure  the  alignment  of  an  enclosing  union,  ensuring 

* that  even  on  a ma x i ma  l l y-p e r v e r s e ANSI  C implementation, 

* it  is  safe  to  cast  the  returned  structure  pointer  to  a union 

* pointer. 

* / 


union  RingObject  * 

r i ng Ne wOb j e c t ( s t r u c t RingPool  *pool,  int  objtype) 


union 

/ * How 

static 

static 

static 

static 

static 

static 


> ; 


RingObject  * r o b j ; 

to  initialize  each  object  to  empty  * / 
struct  RingKey  const  nullkey  = NULLRINGKEY; 
struct  RingSec  const  nullsec  = NULLRINGSEC; 
struct  RingName  const  nullname  = N U L L R I NG N AM E ; 
struct  RingSig  const  nullsig  = NULLRINGSIG; 
struct  RingUnk  const  nullunk  = NULLRINGUNK; 
void  const  * n u l l ob j s l R I N G T Y P E_M AX ] = { 

Snullkey,  Snullsec,  Snullname,  Snullsig,  Snul  lunk 


size  t 


> ; 


const  si zesERINGTYPE_MAX] 
sizeof (struct  RingKey), 
sizeof (struct  RingName), 
s i z eo f ( s t r u c t RingUnk) 


= { 

si zeof (struct  RingSec), 
sizeof (struct  RingSig) 


/ 


/*  Object  types  are  1-based  */ 
assert(objtype  > 0 ) ; 
assert(objtype  <=  R I N G T Y P E_M  AX); 


> 


robj  = pool->freeobjsCobj type-1 ]; 
if  (robj)  f 

pool->freeobjsCobjtype-1  ] = robj->g.next; 

> else  { 


robj  = (union  RingObject  *) 

memPoolAl  loc(Spool->structs 
alignof(union 


if  ( ! r o b j ) f 

ringAl locErr(pool  ); 
return  NULL; 


, sizes[objtype-1D 
RingObject)); 


> 


/ 


> 


memcpy( robj , nullobjsLobjtype-1],  sizesCobjtype-1D); 
assert(ringObjectType(robj)  ==  objtype); 
return  robj; 


/ * 

* Free  an  object.  This  does  not  do  any  cleanup  with  any  pointers  in  the 

* object. 

*/ 

void 

r i ng F reeOb j e c t ( s t r u c t RingPool  *pool,  union  RingObject  *obj) 

{ 

int  type  = r i n g 0 b j e c t Ty pe ( o b j ) ; 


assert(type  > 0); 
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assert(type  <=  R I N G T Y P E_M  AX); 

obj->g.next  = pool->freeobjsCtype-1J; 
po o L -> f r e e o b j s C t y p e- 1 3 = obj; 

> 

/ * 

* Remove  an  object  from  its  parent  and  free  it.  This  does  not  do 

* anything  with  the  object's  FilePos  list. 

*/ 

void 

r i n g R em 0 b j e c t ( s t r u c t RingPool  *pool,  union  RingObject  *obj) 

{ 

union  RingObject  **objp; 

assertC iOBJISTOP(obj)); 
objp  = &obj->g.up->g.down; 

/*  Unlink  the  object  from  its  parent  */ 
while  (*objp  !=  obj)  { 
assert(*objp); 
objp  = &(*objp)->g.next; 

} 

*objp  = obj->g.next; 
ringFreeObjectCpool,  obj); 

> 

/ * 

* Rebuild  the  pool's  hash  table  from  scratch, 

* inserting  all  keys  and  subkeys. 

*/ 

void 

ringPoolHashCstruct  RingPool  *pool) 

{ 

union  RingObject  *key,  *subkey; 
i n t i ; 


> 


for  (i  = 0;  i < 256;  i + + ) 

pool->hashtableCi]  = NULL; 


for 


> 


(key  = pool->keys;  key;  key  = key->g.next)  { 
assert(OBJISKEYCkey)); 

RINGPOOLHASHKEY (pool,  key); 

for  (subkey  = key->g.down;  subkey;  subkey  = 
if  ( OB J I SKE Y ( subkey ) ) 

R I NGPOOLHASHKEY ( poo l , key); 


> 


subkey->g.next) 


{ 


/* 

* Find  a key  given  a keyID. 

★ 

* ViaCrypt  added  pkalgs  2 and  3 which  are 

* completely  distinguish  beterrn  them,  so 
*/ 

union  RingObject  * 

r i ngPoo  l F i ndKey ( s t rue t RingPool  const  *poo 
{ 


limited  RSA,  but  doesn't 
this  doesn't  either.  Sigh. 


, byte  pkalg,  byte  const  keyID[8T) 
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> 


struct  RingKey  * k e y ; 

i f ((pkalg  | 1)  ==  3) 

pka  Lg  = 1 ; 

for  (key  = pool->hashtableCkeyIDC03D;  key;  key  = k e y - > u t i l ) { 
if  ( memcmp ( key  I D , key->keyID,  8)  ==  0)  { 
if  (pkalg  = = key->pkalg) 
break; 

/*  Cope  with  ViaCrypt's  things  */ 
if  (pkalg  ==  1 &&  (key->pkalg  | 1)  ==  3) 

break; 

> 

> 


return  (union  RingObject  * ) k e y ; 


/* 

* Ensure  that  each  key's  list  of  the  signatures  by  it  is 

* valid.  This  also  establishes  the  extra  invariant  (used  in 

* ringmnt.c)  that  all  signatures  by  one  key  on  another  object 

* are  adjacent  on  that  key's  sigsby  list. 

*/ 

void 

r i ngPoo l Li s t S i gsBy ( s t rue t RingPool  *pool) 

{ 

union  RingObject  * k e y , * n , * s ; 

/*  Initialize  sigsby  lists  to  null  */ 
for  (key  = pool->keys;  key;  key  = key->g.next)  { 
assert(OBJISKEY(key)); 
key->k. sigsby  = NULL; 

> 

/*  Install  every  sig  on  a sigsby  list  */ 
for  (key  = pool->keys;  key;  key  = key->g.next)  { 
for  (n  = key->k.down;  n;  n = n->g.next)  { 
i f (OBJ  ISSIG(n) ) { 

n->s . nextby  = &n->s.by->k.sigsby->s; 
n->s.by->k. sigsby  = n; 

> else  for  (s  = n->g.down;  s;  s = s->g.next)  C 
i f (OBJ  ISSIG(s) ) C 

s->s.  nextby  = 8 s -> s . by-> k . s i g s by-> s ; 
s->s.by->k. sigsby  = s; 


/ * 

* Return  the  mask  of  RingFiles  that  are  "better"  (higher  priority 

* for  fetching)  than  *any*  home  of  the  specified  object. 

* / 

static  ringmask 

r i ngOb j Be t t e rs ( un i on  RingObject  const  *obj,  struct  RingPool  const  *pool) 
{ 
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ringmask  better  = pool->filemask; 

ringmask  mask  = obj->g.mask  S pool->filemask; 

i n t bit; 

assert(mask); 

do  £ 

bit  = ringLsBitFind(mask); 
better  &=  pool->filesCbit3.higherpri; 
> while  (mask  & = mask-1); 

return  better; 


/ * 

* Find  the  best  Secret  which  is  a descendant  of  the  given  key, 

* in  the  given  set. 

* / 

union  RingObject  * 

r i n g Be s t S e c ( s t r u c t RingSet  const  *set,  union  RingObject  const  *key) 
£ 

ringmask  mask  = set->mask; 

ringmask  better  = ( r i ngmask) ' ( r i ngmask ) 0; 
union  RingObject  *obj,  *best  = 0; 

assert(OBJISKEY(key)  ) ; 

for  (obj  = key->g.down;  obj;  obj  = obj->g.next)  £ 
it  (obj->g.mask  & better 
&&  obj->g.mask  & mask 
&&  OB J I SSEC ( ob j ) ) £ 

best  = obj; 

better  = r i n g 0 b j B e 1 1 e r s ( o b j , set->pool); 

> 

> 

return  best; 

> 


Return  TRUE  it 
Assumes  subkey 
created  or  added  to  the  keyring, 
we  are  considering  adding  a key. 
the  doubt  in  that  case  as  we  aren 


/ * 

* 
ic 
k 
k 
* 

* / 
i n t 

ringSubkeyValidCstruct 
£ 

union  RingObject 
union  RingObject 


the  specitied  subkey  has  a valid  sig  from  the  main  key. 
sigs  are  always  tried,  which  should  happen  when  they  are 

The  only  time  this  isn't  true  is  when 
We  will  give  the  sig  the  benefit  of 
t using  it  yet. 


RingSet  const  *set,  union  RingObject  *subkey) 

*s  i g ; 

* k e y ; 


assert(OBJISSUBKEY(subkey)); 
assert(subkey->g.mask  & set->mask); 
key  = subkey->g.up; 
assert(OBJISTOPKEYCkey)); 

for  (sig  = subkey->g.down;  sig;  sig  = sig->g.next)  £ 

if  ( OB J I S S I G ( s i g ) &&  (sig->g.mask  & set->mask)  && 
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> 


> 

> 

return  0; 


r i ngS i gMa ke r ( se t , sig,  set)=  = key  SS 

r i ngS i gType ( se t , sig)  ==  P G P_S I G T Y P E_KE Y_S U B K E Y ) { 
if  ( ! ri ngSi gTri ed( set,  sig)) 

return  1;  / * could  check  it  here...  * / 
if  ( r i n g S i g C h e c k ed ( s e t , sig)) 
return  1; 


void 

r i n g P u r g e C a c h e d N a m e ( s t r u c t RingName  *name,  ringmask  mask) 
{ 

assert(NAMEISNAMECname)); 


> 


i f 


> 


( N AME  I S C A C H E D ( name ) SS  (mask  >>  (name->f  lags  S N AM E F_F I L E M A S K ) ) S 1) 
/*  Replace  buffer  with  a hash  of  it  */ 

name->name. hash  = ringHashBuf((byte  const  *)name->name.ptr, 

name->len); 

NAMECLEARCACHED(name) ; 


/* 

* This  function  is  called  by  the  MemPool  code  when  it  runs  out  of  memory. 

* We  try  to  free  up  more  memory  by  purging  the  uids  from  cache. 

* Returns  zero  if  it  was  unable  to  make  more  memory  available; 

* non-zero  if  it  might  be  useful  to  retry  an  allocation. 

*/ 

static  int 

r i ng Pu rg eU i d C a c h e ( vo i d *arg) 

{ 

struct  RingPool  *pool  = (struct  RingPool  *)arg; 
union  RingObject  *k,  * n ; 
int  i ; 


/* 


* Quick  check  to  see  if  we  can  do  anything.  As  memory  gets 

* full,  the  full  walk  needed  to  clear  the  cache  gets  expensive, 

* so  avoid  it  unless  it  does  some  good. 

*/ 


i = 0; 
while 


> 


(memPoolIsEmpty(Spool->fi  lesCi]. strings))  { 
if  (++i  ==  MEMRINGBIT)  /*  Last  resort:  try 
return  ringGarbageCollect(pool); 


garbage  collect 


*/ 


/* 

* Okay,  we  have  something  cached  to  free;  replace  all  the 

* pointers  to  n o n-M E M R I N G B I T cached  named  with  hashes 

* of  the  names  and  then  deallocate  the  names. 

* / 

for  (k  = pool->keys;  k;  k = k->g.next)  { 
assert(OBJISKEY(k)); 

for  (n  = k->g.down;  n;  n = n->g.next)  { 
if  ( OB J I SNAME ( n ) ) 

ri ngPurgeCachedName(Sn->n, 
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> 


> 


> 


(ringmask)~MEMRINGMASK); 


/ * Free  the  pools  * / 

■for  (i  = 0;  i < MEMRINGBIT;  i++) 

memPoolEmpty(&pool->fi  lesCi  ] .strings); 

return  1;  / * We  freed  some  memory  * / 


/* 


* Helper  function  for 

ringPoolInit. 

*/ 

static  void 

r i ng F i l e I n i t ( s t r u c t Ri 

i 

ngPool  *pool,  struct 

fi l e->  s e t .pool 

= p o o l ; 

fi le->set .next 

= NULL; 

fi l e->  s e t .mask 

= o; 

file->set.type 

= R I N G S E T_F I L E ; 

RingFile  * f i l e ) 


f i l e - > f = NULL; 
f i le->destructor  = NULL; 
f i l e->a  rg  = NULL; 
memPoolInit(&fi  le->strings); 
memPoolInit(&file->troublepool); 

memPoolSetPurge(&file->troublepool,  ringPurgeUidCache,  (void  * ) p o o l ) ; 
file->trouble  = NULL; 

f i l e-> t r oub  l e t a i l = S f i l e-> t r ou b l e ; 
memPoolIni t ( & f i le->fpos); 

memPoolSetPurge(Sfile->fpos,  ringPurgeUidCache,  (void  *)pool); 
f i le->f reepos  = NULL; 
file->higherpri  = 0; 
file->flags  = 0; 


/ * 

* Initialize  a newly  allocated  struct  RingPool. 

*/ 

void 

r i ng Poo  l I n i t ( s t r u c t RingPool  *pool,  struct  PgpEnv  const  *env) 
i 

i n t i ; 


memPoolInit(&pool->structs); 

memP oo l S e t Pu r g e ( &poo  l -> s t r u c t s , ringPurgeUidCache,  (void  *)pool); 
pool->keys  = NULL; 

for  (i  = 0;  i < R I NGT Y PE_MAX ; i++) 
pool->freeobjsCi]  = NULL; 
poo  l->sets  = NULL; 
pool->f reesets  = NULL; 
pool->f reei ter  = NULL; 

pool->pktbuf  = NULL; 
pool->pktbuflen  = 0; 
pool->pktbufalloc  = 0; 
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/*  Reserve  last  keyring  for  memory  */ 
pool->al locmask  = MEMRINGMASK; 
poo  I -> f i l ema s k = MEMRINGMASK; 

pool->flags  = 0 ; 


# i f OLDTRUST 

if  ( e n v ) { 

i = pgpenvGetlnt (env, 
pool->certdepth  = i ; 
i = pgpenvGetlntlenv, 
pool->nu  m_m  arginals  = 
i = pgpenvGetlntlenv, 
p o o l -> n u m_c om p l e t e s = 

> else  { 

pool->certdepth  = 4; 
p o o l - > n um_m a r g i n a l s = 
p o o l -> n u m_c om p l e t e s = 

> 

//else 

if  (env)  { 

i = pgpenvGetlntlenv, 
pool->certdepth  = i ; 


PGPENV_CERT DEPTH,  NULL,  NULL); 

PGPENV_MARG INALS,  NULL,  NULL); 

( i < 0 ) ? 0 : (i  > 255)  ? 255  : i; 
PGPENV_COMPLETES,  NULL,  NULL); 

( i < 0 ) ? 0 : (i  > 255)  ? 255  : i; 


2; 

1; 


PG  P E N V_C  ERTDEPTH,  NULL,  NULL); 


/*  Compute  values  for  new  trust  settings  */ 
i = pgpenvGetlntlenv,  PG P E N V_T R U S T E D , NULL,  NULL); 
poo l -> t h r es ho  l d = (i  > PG P_N E WT R U S T_I N F I N I T E ) ? 

PGP_NEWTRUST_IN FINITE  : (i  < 0)  ? 0 : i; 

i = pgpenvGetlntlenv,  PG P E N V_M A R G I N A LS , NULL,  NULL); 
i = (i  < 1)  ? 0 : (pool->threshold+i-1)/i; 
pool->marginalconfidence  = i; 


i = pgpenvGetlntlenv,  PG P E N V_C OM P L E T E S , NULL,  NULL); 
i = (i  < 1)  ? 0 : (pool->threshold+i-1)/i; 
pool->completeconfidence  = i; 

> else  { 

pool->certdepth  = 4; 

pool->threshold  = 3 * P G P_T  R U S T_D  ECADE_INTERNAL; 
pool->marginalconfidence  = 3 * P G P_T  R U S T_D  E C A D E_I NTERNAL/2; 
poo l -> comp  l e t e conf i den c e = 3*PGP_TRUST  DECADE  INTERNAL- 

> ~ 

ft  e nd  i f 


> 


ringPoolClearErrorlpool); 

for  (i  = 0;  i < 256;  i++) 

pool->hashtableCi]  = NULL; 

for  (i  = 0;  i < R I N G M A S KB  I T S ; i++)  { 

ringFi  lelnitlpool,  Spool->fi l e s C i 3 ) ; 
pool->filesCi]. set. mask  = (ringmask)l  <<  i; 

> 

/*  Also  purge  strings  cache  if  needed  to  create  a new  object.  */ 

memPoolSetPurge(&pool->filesCMEMRINGBIT]. strings, 

r i ng Pu rg e U i d C a c h e , (void  *)pool); 
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/ * 

* Deallocate  everything  in  sight  on  a RingPool  preparatory  to 

* deallocating  it. 

* / 

void 

r i n g Po o l F i n i ( s t r u c t RingPool  *pool) 


{ 


struct  RingFile  * f i l e ; 
i n t bit; 

/ * 

* Do  this  first  part,  until  the  destructors  are  called, 

* "properly"  so  structures  aren't  dangling  undefined. 

* / 

for  (bit  = 0;  bit  <=  MEMRINGBIT;  b i t + + ) 

ringFi  LePurgeTrouble(&pool->fi  lestbitll); 

for  (bit  = 0;  bit  <=  MEMRINGBIT;  bit++)  { 
file  = &pool->filesCbit]; 
if  (f i le->destructor)  { 

f i l e-> d e s t r u c t o r ( f i l e , fi  le  — >f,  file->arg); 
f i le->destructor  = NULL; 

> 


> 


memPoolEmpty(Spool->structs); 

for  (bit  = 0;  bit  <=  MEMRINGBIT;  bit++)  { 
file  = &pool->filesCbit]; 
memPoolEmpty(&fi  le->strings)  ; 
memPoolEmpty(&fi  le->fpos); 

> 

/ * Nuke  the  lot  * / 
memset(pool,  0,  sizeof(*pool)); 

> 

/ * 

* This  is  defined  as  a macro. 

* 

* void 

* r i n g F i l e Ma r k D i r t y ( s t r u c t RingFile  *file) 

* { 

* fi le->flags  |=  R I NG F I LE F_D I RT Y ; 

* > 

* / 

/ * 

* Mark  every  file  under  a given  mask  as  dirty. 

*/ 

void 

r i ng Poo  l Ma r k D i r t y ( s t ru c t RingPool  *pool,  ringmask  mask) 

{ 

mask  & = pool->filemask; 
while  (mask)  { 

ringFi  leMarkDirty(pool->fi  les  + ringLsBitFind(mask)); 
mask  &=  mask-1; 

} 

> 
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void 

ringPoolMarkTrustChangedCstruct  RingPool  * p o o l , ringmask  mask) 


> 


mask  &=  pool->filemask; 
while  (mask)  { 

pool->-filesCringLsBitFind(mask)].  flags 
mask  S=  mask-1; 

> 


R I NG  F I LE  F_TRUSTC HANGED; 


/* 

* Do  a fingerprint20  (SHA-1)  hash  on  the  specified  buffer,  which 

* should  be  key  data.  We  prefix  it  with  the  type  and  length  bytes 

* for  compatibility  with  key  signature  hashes  (once  they  become  SHA 

* based).  Return  the  number  of  bytes  in  the  hash,  or  negative  on 

* error. 

*/ 

i n t 

pgpFi ngerpri nt20HashBuf (byte  const  *buf,  size_t  len,  byte  *hash) 

struct  PgpHash  const  * h ; 
struct  PgpHashContext  * h c ; 
byte  tmpbuf[3D; 
byte  const  * p ; 

h = pgpHashByNumber  ( P G P_H A S H_S H A ) ; 
if  ( ! h ) 

return  P G P E R R_B A D_H A S H N U M ; 
he  = pg pHa s h C r ea t e ( h ) ; 
if  ( ! h c ) 

return  PG P E R R_N0M E M ; 

/*  We  use  this  format  even  for  subkeys  */ 

tmpbufCO]  = PKTB YTE_BU I LD ( P KT B Y T E_P U B K E Y , 1); 

tmpbufCI D = (byte)  ( len>>8); 

tmpbufC2]  = (byte)len; 

pgpHashUpdate(hc,  tmpbuf,  3); 

pgpHa s h Upda t e ( h c , buf,  len); 

p = pgpHashFinal(hc); 

memcpy(hash,  p,  h - > h a s h s i z e ) ; 

pgpHashDestroy(hc); 

return  h->hashsize; 

> 
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ringpriv.h 

/ * 

* $ I d : ringpriv.h, v 1.33  1996/11/12  02:17:51  mhw  Exp  $ 

* / 

//  i f n d e f PG  P_R  I N G P R I V_H 
//define  PG P_R I NG P R I V_H 

//include  <stdio.h>  /*  For  size_t  */ 

^include  "ringpub.h" 

/ * Private  * / 

^include  "mempool.h" 

/ * 

* This  number  should  probably  be  increased  for  multiple  keyrings  and  GUIs. 

* At  the  moment,  it  is  low  to  help  memory  consumption. 

* / 

//  i f nd  e f RINGMASKBITS 
//define  RINGMASKBITS  8 
//end  i f 

//define  MEMRINGBIT  ( R I N G M A S KB  I T S - 1 ) 

U if  RINGMASKBITS  <=  8 
typedef  byte  ringmask; 

# e l i f RINGMASKBITS  <=  16 
typedef  word16  ringmask; 

//  e l i f RINGMASKBITS  <=  32 
typedef  word32  ringmask; 

//else 

//error  Invalid  RINGMASKBITS  value 

# e n d i f 

//define  MEMRINGMASK  ( ( r i n g m a s k ) 1 < < M E M R I N G B I T ) 

/*  PGP  version  information  */ 

//define  PGPVERSI0N_2  2 

# d e f i n e KN 0 W N_P G P_V E R S I 0 N ( x ) ( ( x ) = = P G P V E R S I 0 N_2  ||  (x)  ==  P G P V E R S I 0 N_2_6 ) 

/*  Position  in  a file  */ 
struct  FilePos  t 
union  { 

struct  FilePos  *next; 
void  *buf; 

> P t r ; 

word32  fpos; 

>; 

//define  NULLFILEPOS  f { (struct  FilePos  *)0  >,  (word32)0  > 

/ * 

* Since  C requires  in-order  allocation  of  structure  fields,  a poor  choice  of 

* field  order  can  cause  lots  of  holes  in  a structure  for  alignment  reasons. 

* E.g.  long/char/long/char/long/char/long/char  assuming  the  usual  4-byte 

* longs  aligned  on  4-byte  boundaries  requires  32  bytes  of  storage,  while 

* long/long/long/long/char/char/char/char  requires  only  20. 
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★ 

★ 

★ 

★ 

★ 

★ 


Storage  required  can 
the  structure  at  the 
and  filling  the  hole 
fields.  We  use  this 
l a r g e s t - 1 o-sma l l e s t o 
sma  l lest-to-largest . 


be  minimized  by  allocating  the  largest  fields  in 
ends,  against  the  aligned  edges  of  the  structure 
in  the  middle  with  progressively  less  aligned 
by  declaring  the  common  (generic)  fields  in 
rder,  then  the  type-specific  extensions  in 


/ 


* 

* The  sizes  listed 

* greatest  concern 

* / 


are  for  the  platform  where  memory  consumption  is  the 
- the  IBM  PC.  Other  platforms  aren't  quite  as  tight. 


struct  RingGeneric 

{ 

/*  0*/  union  RingObject  * n e x t , *down,  *up; 
/ * 1 2 * / struct  FilePos  pos; 

/ * 2 0 * / ringmask  mask; 

/ * 21*/  byte  flags; 

1*22*1 

>; 


/ * Generic  flags 
//define  RINGOBJ  F_ 

//  d e f i ne  RINGOBJ  F_ 

/* 

The  three  type 
76543210 

1 - Name  (n) 

01  - Signature 
001  - Key  (k) 

- T o p k e y 


* 

* 

* 

* 

* 

* 

* 

* 

* 

* 

*/ 

//define 
//  d e f i n e 
U d e f i n e 
tt  d e f i n e 
//define 


(apply  to  more  than  one  type)  */ 
TRUST  128 
TRUSTCHANGED  64 

bits  are  encoded  as  follows: 


(s) 


0010 
001  1 


- Subkey  (letter 
0001  - Secret  (We  use 
0000  - Unknown  keyring 
Changes  here  need  to  be 


RINGOBJ F_NAME  32 
RINGOBJ  F_S I G 16 
RINGOBJ  F_K  E Y 8 
RINGOBJ F_SUBKEY  12 
RINGOBJ  F_S  E C 4 


"B"  ) 

the  letter 
object 


/* 
/* 
/ * 
/ * 
/* 


for  this) 


/*  Combinations  of  type  flags  */ 


//define 

//define 

//define 

//define 

//define 
//define 
/ * Note 
//define 
//define 
//define 
//define 
//define 


RINGOBJ  F_N  S 
RINGOBJ  F_NSK 
RINGOBJ  F_N  S KB 
RINGOBJ  F NSKC 


ted 

t 0 

ring0bjectType(). 

I f 

1, 

lower  bits  are  used 

by  UID  */ 

I f 

1, 

this  is  a signature 

*/ 

I f 

1 , 

this  is  a key  * / 

I f 

both  bits  set,  this  is 

a subkey  * / 

If 

1 , 

this  is  a key's  secret  components  */ 

NAME 

1 

RINGOBJ  F_S I G ) 

(RINGOBJ  F_N  S | R I NG0B J F_KE Y ) 

( R I NG0B J F_NSK  | R I N G 0 B J F_S U B K E Y ) 
(RINGOBJ F_NSK  | R I N G 0 B J F_S E C ) 


OBJ ISNAME (ob j ) ( ( o b j ) -> g . f l a g s & R I N G 0B J F_N A M E ) 

OBJ ISSIG(obj  ) ( ( (obj  )->g  . f lags  & RINGOBJ  F_N  S ) ==  R I N G 0 B J F_S I G ) 

that  this  includes  top-level  keys  *and*  subkeys  */ 

0B J I S KE Y ( ob j ) (( (obj  )->g  . f lags  & R I N G 0 B J F_N S K ) ==  R I N G 0 B J F_KE Y ) 

0B J I S TO PKE Y ( ob j ) ( ( ( o b j ) - > g . f l a g s & R I N G 0 B J F_N S KB ) ==  R I N G 0 B J F_K E Y ) 

0B J I SS UBKE Y ( ob j ) ( ( ( o b j ) - > g . f l a g s & R I N G 0B J F_N S KB ) ==  R I N G 0 B J F_S U B K E Y ) 

0B J I S S E C ( ob j ) (( (obj )->g.  flags  8 R I N G 0 B J F_N S K C ) ==  R I N G 0 B J F_S E C ) 

OBJ  I SUNK(ob j ) (( (obj  )->g  . f lags  & R I N G 0 B J F_N S K C ) ==  0) 


/*  These  versions  are  for  assert(  ) macro  use  */ 

//define  NAME  I SNAME  ( name  ) ( ( n a m e ) - > f l a g s 8 R I N G 0 B J F_N  A M E ) 

//define  S I G I S S I G ( s i g ) ( ( ( s i g ) ->  f l a g s 8 RINGOBJ  F_N  S ) = = 


R I NG0B J F S I G ) 
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//define 

//define 

//define 


KEYISKEYC key)  ( ( ( k e y ) - > f L a g s & R I N G 0 B J F_N S K ) ==  R I N G 0 B J F_K E Y ) 
KEYISTOPKEYC key)  ( ( ( key  ) -> f l a g s & R I N GOB J F_N S KB ) ==  R I N G 0 B J F_K E Y ) 

KEYISSUBKEYC key)  ( ( ( k e y ) - > f L a g s & R I N G 0 B J F_N S KB ) ==  R I N G 0 B J F_S U B K E Y ) 


//define  OB  J F L AG  S_N  AM  E 
//define  OBJFLAGS_SIG 
//define  OB J F LAGS_KE Y 
//define  OB J F L A G S_S UB KE Y 
//define  OBJFLAGS_SEC 
//define  OBJ  FLAGS  UNK 


R I NGOB J F_N  AM  E 
R I NGOB J F_S I G 
RINGOBJ  F_KE  Y 
RINGOBJ  F_S  U B KE  Y 
RINGOBJ  F_S  E C 
0 


/*  Does  this  object's  up  pointer  point  to  a meaningful  parent?  */ 
//define  OBJISTOP  OBJISTOPKEY 

/*  Does  this  object's  down  pointer  point  to  a meaningful  child?  */ 
//define  OB J I S BO T ( o b j ) ( 0 B J I S S I G ( o b j ) | | 0 B J I S S E C ( o b j ) ) 


/*  Maximum  depth  of  nesting  in  a keyring  */ 
//define  RINGMAXDEPTH  3 


/*  A subkey  is  the  same,  but  the  "sigsby"  pointer  is  "up"  */ 
struct  RingKey 
{ 


union  RingObject  *next, 
struct  FilePos  pos; 
ringmask  mask; 
byte  flags; 

/ * 2 2 * / byte  trust; 

/*23*/  byte  pkalg; 

/ * 2 4*/  word16  validity; 
ft  i f ! OLDTRUST 


/ * 2 6 * / 

# e n d i f 

w o r d 1 6 

confidence; 

/ * 2 8 * / 

w o r d 1 6 

k e y b i ts; 

/ *30*  / 

w o r d 3 2 

tstamp; 

/ * 3 4 * / 

byte  keyIDH8]; 

/ * 4 2 * / 

/ *46*/ 

\ - 

struct 

RingKey  * u t i l ; 

*d  o w n , *sigsby; 


/*  Validity  period,  in  days  */ 
/*  A trust  value  temporary  */ 


ft  i f ! OLDTRUST 

#define  NULLRINGKEY  f (union  RingObject  *)0,  (union  RingObject  *)0,  \ 

(union  RingObject  *)0,  NULLFILEPOS,  (ringmask)O,  0 B J F L A G S_KE Y , \ 

0,  0,  (word16)0,  (word16)0,  (word16)0,  (word32)0,  \ 

{ 0,  0,  0,  0,  0,  0,  0,  0 >,  (struct  RingKey  *)0  > 

//define  N II  L L R I N G S l)  B K E Y i (union  RingObject  *)0,  (union  RingObject  *)0,  \ 

(union  RingObject  *)0,  NULLFILEPOS,  (ringmask)O,  0 B J F L A G S_S U B K E Y , \ 
0,  0,  (word16)0,  (word16)0,  (word16)0,  (word32)0,  \ 

( 0,  0,  0,  0,  0,  0,  0,  0 >,  (struct  RingKey  *)0  > 

//else 

//define  NULLRINGKEY  i (union  RingObject  *)0,  (union  RingObject  *)0,  \ 

(union  RingObject  *)0,  NULLFILEPOS,  (ringmask)O,  0 B J F L A G S_K E Y , \ 

0,  0,  (word16)0,  (word16)0,  (word32)0,  \ 

{ 0,  0,  0,  0,  0,  0,  0,  0 >,  (struct  RingKey  *)0  > 


//define  N U L LR I NG  S U BKE  Y t (union  RingObject  *)0,  (union  RingObject  *)0,  \ 

(union  RingObject  *)0,  NULLFILEPOS,  (ringmask)O,  0 B J F L A G S_S U B K E Y , \ 

0,  0,  (word16)0,  (word16)0,  (word32)0,  \ 

{ 0,  0,  0,  0,  0,  0,  0,  0 >,  (struct  RingKey  *)0  > 
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ft  e nd  i f 


/* 

The 

key 

has  some 

sort  of 

error 

*/ 

//define 

KEY  F_E  R R 0 R 1 

/ * 

The 

key 

is  a trusted  introducer,  used 

//define 

KEY  F_TRUSTED 

2 

/* 

★ 

3 3 3 

Who 

put  these 

here? 

They 

conflict 

★ 

ft  d e f 

i n e 

KEY  F_USE_ 

SIGN 

0x80 

★ 

# d e f 

i n e 

KEY  F_U  S E_ 

ENCRYPT 

0x40 

★ 

#d  e f 

i n e 

KEY  F_U  S E_ 

S I G N_E  N C R Y P T 

(KEYF 

*/ 

in  the  maintenance  pass.  */ 


USE  SIGN 


KEYF  USE  ENCRYPT) 


/ * 

★ 

This  is 

★ 

secret 

★ 

key.  T 

★ 

read  in 

★ 

(Option 

k 

secret 

used  to  record  information  about  the  locations  for  a key's 
components.  If  present,  it  is  always  the  FIRST  child  of  a 
his  is  a very  boring  structure,  as  there's  nothing  we  can 
about  the  encrypted  secret  componenets  without  the  passphrase. 
: have  multiples  of  these  for  different  encrypted  forms  of  the 
components?) 


* 

* 

* 

* / 

struct 

i 


The  FilePos  entries  on  this 
parent  R i ngKey ' s . 


are  a subset  of  the  entries  in  the 


/ * 2 2 * / 
/ * 2 4*  / 
/ *28*  / 
>; 


R i n g S e c 

union  RingObject  *next, 
struct  FilePos  pos; 
ringmask  mask; 
byte  flags; 


*down,  * u p ; 


wo  r d 3 2 hash; 


/*  Hash  of  secret  fr  matching  purposes  */ 


//define  NULLRINGSEC  C (union  RingObject  *)0,  (union  RingObject  *)0, 

(union  RingObject  *)0,  NULLFILEPOS,  (ringmask)O,  OBJFLAGS_SEC  > 


/ * 
★ 
★ 
* 


If  S E C F_V E R S I 0 N_B U G is  set,  then 
when  using  the  secret  key.  This 
that,  when  editing  a secret  key. 


★ 

with 

a versi 

o n 

byte  of  3 even 

i f 

★ 

of  2 . 

This 

has 

been  fixed  in 

2 . 

★ 

that 

we  need 

t 0 

kludge  a round 

i t 

*/ 

//define 


SECF  VERSION  BUG  1 


patch  the  version  byte  from  3 to  2 
is  to  fix  a bug  in  2.6  through  early  2 
would  write  out  the  edited  secret  key 
it  originally  had  a version  byte 
, but  it  is  common  enough  (due  to  2.6) 


#if  OLDTRUST 
struct  RingName 
{ 


/ * 2 2 * / 
/ * 2 3*  / 


union  RingObject  *next,  *down,  * u p ; 

struct  FilePos  pos; 

ringmask  mask; 

byte  flags; 

byte  trust; 

byte  f l a g s 2 ; 
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/ * 2 4*/  int  trustval; 

/ * 2 6 * / siz  e_t  len; 

/ *28*/  union  { 

char  const  * p t r ; 
w o r d 3 2 hash; 

> name; 

/ * 3 2 * / 

>; 


/*  If  cached,  pointer  to  string  */ 
/*  If  not  cached,  hash  code  */ 


//define  NULLRINGNAME  ( (union  RingObject  *)0,  (union  RingObject  *)0,  \ 

(union  RingObject  *)0,  NULLFILEPOS,  (ringmask)O,  0 B J F L A G S_N A M E , \ 
0,  0,  0,  (size_t)0,  ( (char  const  *)0  >> 


//else  /*  New  trust  */ 
struct  RingName 
£ 


union 

RingObject  *next 

struct 

FilePos  pos; 

ringmask  mask; 

byte 

flags; 

/ * 2 2 * / 

byte 

trust; 

/ * 2 3 * / 

byte 

va 

l i d i t y ; 

/ * 2 4 * / 

byte 

confidence; 

/ * 2 5 * / 

byte 

f l 

a g s 2 ; 

/ * 2 6 * / 

wo  r d 1 6 

valid; 

/ * 2 8 * / 

s i z e_ 

.t 

len; 

/ * 3 0 * / 

union 

{ 

char  const  *pt 

word32  hash; 

> name; 

/ *34* / 
>; 


★ / 

★ / 

/*  If  cached,  pointer  to  string  */ 
/*  If  not  cached,  hash  code  */ 


*down,  *up; 

/*  Stored  validity  */ 
/*  Stored  confidence 

/*  Computed  validity 


/ * 

★ 

The  i 

ntermediate  validity 

results 

are 

16  b 

★ 

This 

is  used  for  extra  precision 

(fraction 

★ 

This 

is  the  number  of  extra  preci 

s i on 

bits 

★ 

increases  the  upper  bound 

1 

< 

o 

o 

25  . ) 

*/ 

# d e 

fine 

TRUST  CERTSHIFT  6 

ts  wide  instead  of  8. 
bits)  and  extra  range. 
(4  more  range  bits 


//define  NULLRINGNAME  C (union  RingObject  *)0,  (union  RingObject  *)0,  \ 

(union  RingObject  *)0,  NULLFILEPOS,  (ringmask)O,  OB J F L AG S_N AM E , \ 
0,  0,  0,  0,  0,  (size_t)0,  { (char  const  *)0  >> 

Send i f 


/*  Access  the  flags2  field  */ 

//define  N A M E F 2_I S C A C H E D 128 
# d e f i n e NAME F2_NEWTRUST  64 
//define  N A M E F 2_L  E V E LM  A S K 31 

//define  N A M E I S C A C H E D ( n a m e ) ( ( n a m e ) ->  f l a g s 2 8 N A M E F 2_I  S C A C H E D ) 

//define  N AM  E S E T C A C H E D ( n a me  ) ( ( n a m e ) - > f l a g s 2 |=  N AM  E F 2_I  S C A C H E D ) 

//define  N A M E C L E A R C A C H E D ( n a m e ) ( ( n a m e ) ->  f l a g s 2 &=  ~ N A M E F 2_I  S C A C H E D ) 

/*  Has  new-style  trust  info  */ 

//define  N AM  E H A S N E WT  R U S T ( n a me  ) ( ( n a m e ) ->  f l a g s 2 & N AM  E F 2_N  E WT  R U S T ) 
//define  N AM  E S E T N E WT  R U S T ( n a me  ) ( ( n a m e ) ->  f l a g s 2 |=  N A M E F 2_N  E W T R U S T ) 

//define  N AM  E C L E A R N E WT  R U S T ( n a m e ) ( ( n a m e ) - > f l a g s 2 &=  ~ N A M E F 2_N  E W T R U S T ) 
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/*  Certification  depth  */ 

//define  N A M E L E V E L ( n a me  ) ( ( n a m e ) - > f l a g s 2 S N AM E F 2_L E V E LM A S K ) 

//define  N AM E S E T L E V E L ( n a me , l v ) \ 

( ( name ) ->f l ags2  = ( ( n a me ) -> f L a g s 2 & “NAME F2_LE VELMASK)  + tv) 
//define  NAME  F_F  I LEMASK  31 

//if  NAME  F_F  I LEMASK+1  < RINGMASKBITS 
//error  N A M E F_F  I L E M A S K is  too  small... 

# end  i f 


struct  RingSig 
{ 

union  RingObject  * n e x t , * b y , *up; 
struct  FilePos  pos; 
ringmask  mask; 
byte  flags; 

/ * Prefix  * / 

/ *22*/  byte  trust; 

/ * 2 3*/  byte  type; 

/ * 2 4 * / byte  hashalg; 

/ * 2 5 * / 

/ * 2 6 * / word16  validity;  / * Delete?  * / 

/ *28*/  word32  tstamp; 

/ *32*/  struct  RingSig  *nextby; 

/ * 3 6 * / 

>; 

//define  NULLRINGSIG  { (union  RingObject  *)0,  (union  RingObject  *)0,  \ 

(union  RingObject  *)0,  NULLFILEPOS,  (ringmask)O,  0 B J F L A G S_S I G , \ 

0,  0,  0,  (word16)0,  (word32)0,  (struct  RingSig  *)0  > 


/*  Signature  has  some  sort  of  parsing  error  */ 

//define  S I G F_E  R R 0 R 1 

/*  Extra  bytes  are  non-obvious  */ 

//define  SIGF_NONFIVE  2 

/*  This  can  be  derived  in  other  ways,  but  is  kept  around  for  convenience  */ 
//define  S I G F_K  E Y 4 

/ * 

* An  unknown  packet  in  a keyring.  "pktbyte"  is  the  type. 

* This  is  so  we  can  at  least  propagate  the  thing,  even  if  it's 

* incomprehensible. 

*/ 

struct  RingUnk 
C 

union  RingObject  *next,  *down,  *up; 
struct  FilePos  pos; 
ringmask  mask; 
byte  flags; 

/*  Prefix  */ 

/ *22*/  byte  trust; 

/ *23*/  byte  pktbyte; 

/ * 2 4*/  word32  hash; 

/ * 2 8 * / 

>; 


//define  NULLRINGUNK  { (union  RingObject  *)0,  (union  RingObject  *)0, 
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(union  RingObject  *)0,  NULLFILEPOS,  (ringmask)O,  0 B J F L A G S_U N K , 
0,  0,  (word32)0  > 


/* 

* 

* 

* 

*/ 

union  RingObject  C 


A generic  RingObject.  "obj->x.foo"  occurs  so  often  that  the  brevity 
of  the  one-letter  tags  has  advantages  in  clarity  that  override  any 
documentation  gains  from  greater  verbosity. 


struct 

struct 

struct 

struct 

struct 

struct 


RingGeneric 
RingKey  k ; 
RingSec  c ; 
RingName  n ; 
R i n g S i g s ; 
RingUnk  u ; 


g; 


/*  Note  this  odd  choice  of  letter  */ 


>; 


/ * 

* The  basic  c o l l e c t i o n - o f - k e y s type. 

* This  comes  in  two  flavours:  mutable  and  immutable. 

* A mutable  set  can  have  members  added  and  removed, 

* while  an  immutable  one  cannot. 

*/ 


struct 

struct 


>; 


RingPool; 

R i n g S e t ( 

struct  RingSet  *next; 
struct  RingPool  *pool; 
struct  RingError  err; 
ringmask  mask; 
char  type; 


# d e f i n e 

# d e f i n e 
//define 
//define 
//define 


R I N G S E T_M  U T A B L E 0 
RINGSET_IMMUTABLE  1 

R I N G S E T_I T E R A T 0 R 2 /*  Also  immutable  */ 

RINGSET_FILE  3 /*  Also  immutable  */ 

R I N G S E T_F  REE  4 /*  Free  flag  */ 


//define  R I N G S E T I S M U T A B L E ( s e t ) ( ! ( s e t ) ->  t y pe  ) 


struct  RingTrouble; 


/*  A file  that  holds  information  about  a file  */ 
struct  RingFile  ( 

struct  RingSet  set; 

struct  PgpFile  * f ; /*  File  handle  * / 

void  (*destructor)(struct  RingFile  *,  struct  PgpFile  *,  void  *) 
void  *arg; 

struct  MemPool  strings;  /*  Cache  of  name  strings  */ 
struct  MemPool  troublepool; 

struct  RingTrouble  const  *trouble,  **troubletail; 
struct  MemPool  fpos; 
struct  FilePos  *f reepos; 

ringmask  higherpri;  /*  see  r i n g F e t c h P a c k e t in  ringread.c  */ 

byte  flags; 

PgpVersion  version; 

>; 
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/*  Flags  kept  updated  about  a file  */ 

//define  R I N G F I L E F_D I R T Y 1 

//define  R I NG F I LE F_T R U S T C H ANG E D 2 


/ * The 
struct 


home  of  a lot  of  keys  */ 

R i ng  Poo  l { 

struct  MemPool  structs; 
union  RingObject  * k e y s ; 

union  RingObject  * f r e e o b j s [ R I NG T Y P E_M AX D ; 

struct  RingSet  *sets;  / * Dynamically  allocated 

struct  RingSet  *f reesets; 

struct  Ringlterator  *f reei ter; 

char  *pktbuf; 

s i ze_t  pktbuf  len; 

si ze_t  pktbufalloc; 

ringmask  allocmask;  / * Bits  in  use 

ringmask  filemask;  / * Bits  in  use 

w o r d 3 2 flags; 


sets  (not  1 


(cache)  * / 
for  files  * / 


struct  PgpEnv  const  * e n v ; 
int  certdepth; 

#if  OLDTRUST 

int  num_marginals; 
int  num_completes; 

//else 

/*  Translations  from  old  to  new  trust  models  */ 
byte  marginalconf idence; 
byte  completeconf idence; 
int  threshold; 

ft  e nd  i f 


/*  In  case  of  error,  the  following  is  set  */ 
struct  Ri ngError  e; 


/*  Some  large  items  go  at  the  end... 


struct  RingKey  *hashtableC256D; 
struct  RingFile  f i l e s [ R I N GM A S KB  I T S ] ; 


>; 

/*  Values  for  erraction 

*/ 

ft  d e f i n e 

A C T E R R_N  ONE 

0 

ft  d e f i n e 

A C T E R R_R  E A D 

1 

#d  e f i n e 

A C T E R R_W  RITE 

2 

ft  d e f i n e 

A C T E R R_S  E E K 

3 

ft  define 

A C T E R R_0  PEN 

4 

ft  d e f i n e 

A C T E R R_C  LOSE 

5 

ft  define 

A C TE  R R_F  LUSH 

6 

ft  d e f i n e 

A C T E R R_H  U G E 

7 

ft  d e f i n e 

A C T E R R_E  0 F 

ft  d e f i n e 

A C T E R R_B  ADPKTBYTE 

//define 

A C T E R R_W  R0NGPKTBYTE 

//define 

A C T E R R_W  R 0 N G L E N 

#def i ne 

A C T E R R_A  L L 0 C 

201 

/ * 

101 
102 
1 03 
1 04 


*/ 


* How  to  distinguish  starting  from  stopping? 


i l e s ! ) * / 
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* It's  NULL  pointers  either  way. 

* Ah,  wait!  "Level"  is  the  most  recent  Level. 

* It  it's  0,  start  the  ring.  It  it's  1,  and  the  stack  is  NULL, 

* we're  at  the  end.  Yes,  that  works! 

* 

* Okay,  so  it  works  Like  this: 

* The  stackCi]  array  holds  the  object  which  is  the  head  of  the 

* current  List,  the  Last  object  returned  at  Level  i+1. 

* The  Last  object  returned,  which  defines  the  maximum  depth  to 

* which  the  stack  is  valid,  is  at  "Level".  Stack  entries 

* up  to  level-1  are  valid. 

* If  a stack  entry  is  NULL,  is  is  the  last  entry  at  level-1, 

* and  indicates  that  the  list  at  this  level  is  finished. 

* Repeated  calls  will  keep  returning  NULL. 

* 

* If  asked  for  a level  one  greater  than  the  stored  level,  that's 

* a clue  to  start  at  the  beginning  of  the  list. 

* 

* stackC-1],  corresponding  to  a level  of  0,  is  implicitly  the 

* R i ngPoo  l . 

*/ 

struct  Ringlterator  { 

struct  RingSet  set; 

unsigned  level;  / * 1-based  * / 

union  RingObject  *stackCRINGMAXDEPTH]; 

>; 

void  ringErrCstruct  RingFile  * f i l e , w o r d 3 2 fpos,  int  code); 
void  ringSimpleErrlstruct  RingPool  *pool,  int  code); 
void  ringAl  locErrlstruct  RingPool  *pool  ) ; 


word32  r i n g H a s h B u f ( by t e const  *buf,  si ze_t  len); 
int  r i ng L s B i t F i nd ( r i ngma s k mask); 

ringmask  ringAl  locMasklstruct  RingPool  const  *pool,  struct  RingSet  const  *); 
ringmask 

ringClearMaskCstruct  RingPool  * p o o l , union  RingObject  **objp,  ringmask  mask); 
int  ringGarbageCollectlstruct  RingPool  *pool); 

void  ringGarbageCollectObjectlstruct  RingPool  *pool,  union  RingObject  * o b j ) ; 
int  ringBitAlloclstruct  RingPool  * p o o l ) ; 


/*  Mi 
union 

# d e f i 

# d e f i 

# d e f i 
U d e f i 

# d e f i 
void 
void 


sc  utility  functions  */ 

RingObject  *ringNewObject(struct  RingPool  * p o o l , int  objtype); 
ne  r i ngNewKey ( poo  l ) r i n g N e w 0 b j e c t ( p o o l , R I N G T Y P E_K E Y ) 
ne  ringNewSec(pool)  r i n g N e w 0 b j e c t ( p o o l , R I N G T Y P E_S E C ) 
ne  r i ngNewName ( poo  l ) r i n g N e w 0 b j e c t ( p o o l , R I N G T Y P E_N A M E ) 
ne  r i ngNewS i g ( poo  l ) r i n g N e w 0 b j e c t ( p o o l , R I N G T Y P E_S I G ) 
ne  r i n g N e w U n k ( poo  l ) r i n g N e w 0 b j e c t ( p o o l , R I NGTY PE_UNK ) 
ringFreeObjectlstruct  RingPool  * p o o l , union  RingObject  * o b j ) ; 
ri ngRemOb j ect ( st  ruct  RingPool  * p o o l , union  RingObject  * o b j ) ; 


/*  Insert  a single  key  into  the  pool's  hash  table  */ 

# d e f i n e R I N G POO LH A S H KE Y ( po o l , key)  \ 

( ( k ey  ) ->  k . u t i l = ( poo  l ) ->  h a s h t a b l e [ ( k ey  ) ->  k . k ey  I D II 0 ] 3 , \ 

( po  o l ) ->  h a s h t a b l e C ( k e y ) ->  k . k ey  I D C 0 II  ] = &(key)->k) 
void  ringPoolHashlstruct  RingPool  *pool); 
union  RingObject  * 

ringPoolFindKeyCstruct  RingPool  const  * p o o l , byte  pkalg,  byte  const  keyIDC8]); 
void  r i n g Poo l L i s t S i g s By ( s t r u c t RingPool  *pool); 

#define  r i n g F i l e M a r k D i r t y ( f i l e ) ( ( f i l e ) -> f l a g s |=  R I N G F I L E F_D I R T Y ) 
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void  ringPoolMarkDirtyCstruct  RingPool  * p o o l , ringmask  mask); 

void  ringPoolMarkTrustChangedCstruct  RingPool  *pool,  ringmask  mask); 

union  RingObject  * r i n g Be s t S e c ( s t r u c t RingSet  const  *set, 
union  RingObject  const  * k e y ) ; 

1 n t ringSubkeyValidCstruct  RingSet  const  * s e t , union  RingObject  *subkey); 
void  r i n g P u r g e C a c h e d N a m e ( s t r u c t RingName  *name,  ringmask  mask); 

/ * T o be  added:  a function  to  allocate  one  of  these  first!  * / 
void  ringPoolInitCstruct  RingPool  *pool,  struct  PgpEnv  const  *env); 
void  ringPoolFini (struct  RingPool  *pool); 

int  pgpFi ngerpr i nt20HashBuf (byte  const  *buf,  size_t  len,  byte  *hash); 
#endif  /*  PGP_RINGPRIV  H */ 
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ringpub.c 


/* 


* ringpub.c  - keyring  management  public  functions. 


* Written  by  Colin  Plumb. 


★ 

★ $ I d : 

ringpub.c, v 1. 

65 

* / 

#if  HAVE 

_C  0 N F I G_H 

//include 

" c o n f i g . h " 

//  e n d i f 

ft  i n c l u d e 

<assert . h> 

//include 

<ctype.h> 

/ 

//include 

"ringpriv.h" 

//include 

"ringpars.h" 

# i n c l u d e 

"trustpkt.h" 

//include 

"trust . h" 

//include 

" r i ngmnt  . h " 

//include 

"pgp/pgperr  . h 

1 1 

U i n c l ud  e 

"pgp/pubkey.h 

1 1 

//include 

"pgp/ringpub. 

h" 

//include 

"pgp/ringread 

. h" 

//include 

" pgp/ pgpmem  . h 

1 1 

# i f n d e f 

NULL 

/ * For  tolowerO  * / 


U define 
# e n d i f 


NULL  0 


/ * 

★ 

The  four  type  bits  are  encoded  as 

follows: 

★ 

76543210 

★ 

1 - Name  ( n ) 

* 

01  - Signature  (s) 

★ 

001  - Key  (k) 

★ 

0001  - Secret  (We  use  the  letter 

" c " for 

★ 

0000  - Unknown  keyring  object 

★ / 
i n t 

r i n 

g 0 b j e c t Ty p e ( u n i o n RingObject  const 

int  const  typesC16D  = { 

*ob  j ) 

this) 


>; 


R I N G T Y P E_U  N K , R I N G T Y P E_S E C , R I N G T Y P E_K E Y , R I N G T Y P E_K  E Y 
R I N G T Y P E_S I G , R I N G T Y P E_S I G , R I N G T Y P E_S I G , R I N G T Y P E_S I G 
R I N G T Y P E_N  A M E , R I N G T Y P E_N A M E , R I N G T Y P E_N A M E , R I N G T Y P E_ 
R I N G T Y P E_N  A M E , R I N G T Y P E_N A M E , R I N G T Y P E_N A M E , R I N G T Y P E_ 


assert  (obj); 

return  t y p e s E o b j - > g . f l a g s / R I N G 0 B J F_S E C & 15D; 


/ * 

* These  are  intended  to  track  reference  counts  for  swapping 

* pieces  of  keyring  out  of  memory,  but  are  currently  no-ops. 

* 

* They're  called  in  a few  places  in  the  code  as  placeholders,  but 

* that's  just  for  documentation  purposes. 


NAME  , 
NAME 
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* / 

void 

r i n g 0 b j e c t H o L d ( u n i o n RingObject  *obj) 

{ 

(void)obj; 

> 

void 

r i ngOb j e c t R e L ea s e ( un i on  RingObject  *obj) 

{ 

(void)obj; 

> 

struct  RingPool  * 

ringSetPooUstruct  RingSet  const  *set) 

{ 

if  ( ! s e t ) 

return  NULL; 
return  set->pool; 

} 

/ * 

* Return  errors  in  all  sorts  of  cases. 

* / 

struct  Ri  ngError  const  * 

ringPoolError(struct  RingPool  const  *pool) 

{ 

assert  (pool); 
return  &pool->e; 

> 

void 

ringPoolClearError(struct  RingPool  *pool) 
if  (pool)  { 

pool->e.f  = (struct  RingFile 
poo  l->e  . f pos  = (word32)-1; 
pool->e. error  = 0; 
pool->e.syserrno  = Ob- 


struct RingError  const  * 
ringSetError(struct  RingSet  const  *set) 
{ 

assert  (set); 
return  &set->pool->e; 

} 


void 

ringSetClearError(struct  RingSet  *set) 

{ 

if  (set) 


> 


ringPoolClearError(set->pool) 


* ) NULL 


struct  RingError  const  * 

ringIterError(struct  Ringlterator  const  *i ter) 

{ 
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assert  (iter); 

return  8i ter->set . pool->e; 


void 

ringlterClearErrorCstruct  Ringlterator  *i ter) 

{ 

if  (iter) 

ringPoolClearError(iter->set.pool); 


> 


struct  Ri  ngError  const  * 

ringFi LeError(struct  RingFile  const  *f) 
{ 

assert  ( f ) ; 

return  &f->set.pool->e; 

> 


void 

ringFi 

{ 


> 


eClearErrorfstruct  RingFile  *f) 
if  ( f ) 

ri ngPoolClearError(f->set  .pool  ); 


/ * 

* Is  the  object  a member  of  the  set? 

* Returns  the  level  of  the  object,  or  0 if  it  is  not. 

* / 
i n t 

ringSetlsMemberCstruct  RingSet  const  *set,  union  RingObject  const  *obj) 
{ 

int  level  = 1 ; 

while  (obj->g.mask  & set->mask)  ( 
i f (OBJ  IST0P(obj ) ) 

return  level; 
obj  = obj->g.up; 
level++; 

> 

return  0;  /*  Not  a member  of  the  iterator  */ 

> 


struct  RingSet  const  * 

ringIterSet(struct  Ringlterator  const  *i ter) 
{ 

if  (liter) 

return  NULL; 
return  &iter->set; 

> 


struct  RingSet  const  * 

ringFi leSet(struct  RingFile  const  *file) 
{ 

if  ( ! f i l e ) 

return  NULL; 
return  &file->set; 

> 
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PgpVersion 

r i ng F i L e Ve rs i on ( s t ru c t RingFile  const  *file) 

{ 

if  ( ! f i Le) 

return  0; 

return  f i le->version; 

} 

/ * 

* An  iterator  involves  a current  position  which  is  a stack,  with  an 

* accessible  stack-depth  value.  The  stack  depth  equals  the  level 

* of  the  last  r i n g I t e r N e x t 0 b j e c t call,  and  the  stack  entries 

* are  the  return  values.  If  a query  is  made  for  a level  which 

* is  greater  than  the  stack  depth,  the  first  entry  on  the  list 

* of  descendants  of  the  top  entry  on  the  stack  is  returned. 

* Only  the  h i g h e s t - l e v e l entry  may  be  NULL;  that  indicates  that  the 

* end  of  the  list  there  has  been  reached.  It  is  illegal  to 

* ask  for  descendants  of  a NULL  entry;  although  returning  NULL 

* is  another  reasonable  option,  the  usefulness  is  unclear  and  the 

* stricter  rule  has  the  advantage  of  catching  bugs  faster. 

* / 

/ * 

* Find  the  next  object  of  the  given  level  in  the  given  iterator. 

* Returns  <0  on  error,  0 if  there  is  no  object,  or  the  level  if 

* there  is  one. 

* / 
i nt 

ringlterNextObjectlstruct  Ringlterator  *iter,  unsigned  level) 

{ 

union  RingObject  * o b j ; 


assert(iter)  ; 
assert(level); 

assert ( i ter->set  . type  ==  R I NG S E T_I T E R A TO R ) ; 

/*  Get  the  head  of  the  list  to  search  */ 
if  (level  <=  iter->level)  { 

/*  Going  along  an  existing  level  */ 

i ter->level  = level; 

obj  = i t e r-> s t a c k C l e v e l - 1 D ; 

if  ( ! o b j ) 

return  0; 

a s s e r t ( ob j -> g . ma s k S i t e r-> s e t . ma s k ) ; 
obj  = obj->g.next; 

> else  { 

/*  Going  down  a level  */ 
assert(  level  = = iter->level+1); 


if  (level  > 1)  { 

obj  = i t e r-> s t a c k C l e ve  l -2  ] ; 
assert(obj  ); 

assert(obj->g.mask  & iter->set.mask); 
i f (OBJ ISB0T(ob j ) ) 
return  0; 

obj  = obj->g.down; 

> else  { 


> 


obj  = iter->set.pool->keys; 
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iter->level  = Level; 

} 

/*  Search  for  the  next  item  of  interest  */ 
while  (obj  &&  ! ( o b j - > g . m a s k & i ter->set . mask) ) 

obj  = obj->g.next; 

assertC  level  <=  R I N G M AX D E PT H ) ; 
iter->stackClevel-1]  = obj; 
return  obj  ? level  : 0 ; 


/* 

* More  complex  because  we  need 

* search  forwards  for  the  last 

* / 
i n t 

ringlterPrevObjectlstruct  Ri nglterator  *i ter,  unsigned  level) 

{ 

union  RingObject  * o b j , *f ound,  * target; 


to  find  the  head  of  the  enclosing  list 
matching  object  that's  not  the  target 


assert(iter); 
assert  ( leve  l ) ; 

assert ( i ter->set  . type  ==  RINGSET_ ITERATOR); 


/*  There's  nothing  before  the  beginning  of  a list  */ 
if  (level  > i ter-> l eve l ) ( 

assertClevel  ==  iter->level+1); 
return  0; 

> 

/*  The  thing  we  want  the  predecessor  of  */ 
target  = iter->stackClevel-1D; 


/*  The  head  of  the  list  to  search  along  */ 
if  (level  > 1)  T 

obj  = iter->stackClevel-2D; 
assert ( obj ) ; 

assert(obj->g.mask  & i ter->set .mask); 
obj  = obj->g.down; 

/*  obj  = iter->stackClevel-2II->g.down; 

> else  { 


> 


obj  = iter->set.pool->keys; 


* / 


/ * 

* Search  forward  along  the  list  until  we  hit  the  current 

* object,  kepping  track  of  the  last  object  in  the  desired 

* r i n g S e t . 

* / 

found  = NULL; 


while  (obj  !=  target)  { 
assert (obj  ); 

if  (obj->g.mask  & i ter->set .mask) 
found  = obj; 
obj  = obj->g.next; 

> 


and 

object. 
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if  ( ! found)  { 

/*  Hit  beginning  of  List,  set  up  as  beginning 
iter->level  = level-1; 
return  0 ; 

> 

iter->stackClevel-1H  = found; 
if  (OBJ  ISBOKf  ound)  ) { 

/*  Found  an  object,  but  no  children.  */ 
return  iter->level  = level; 

> else  { 

/*  An  object  with  children  - set  up  that  list 
assert ( level  <=  RINGMAXDEPTH); 
i ter->stackl  leve  l 1 = NULL; 
i ter->  l eve  l = level  + 1; 

> 

return  ( i nt ) leve  l ; 

> 

/*  The  level  of  the  most  recent  r i n g I t e r N e x t 0 b j e c t ( ) call  */ 
unsigned 

ringlterCurrentLeveKstruct  Ringlterator  const  *iter) 

C 

return  iter->level; 

} 

/ * 

* A trivial  little  function  that  just  returns  the  current  object 

* at  a given  level,  again. 

*/ 

union  RingObject  * 

ringlterCurrentObjectCstruct  Ringlterator  const  * i t e r , unsigned  level) 

assert(iter) ; 
assert(level); 

assert(iter->set.type  ==  RINGSE T_ ITERATOR) ; 

return  level  > iter->level  ? NULL  : i t e r - > s t a c k L l e v e l - 1 ] • 

> 

/* 

* Seek  to  the  next  object  at  the  deepest  level  possible. 

* 

* Equivalent  to: 

* i n t i ; 

* unsigned  l = ringIterCurrentLevel(iter)+1; 

* 

* while  (l  &&  !(i  = r i n g 1 1 e r N e x 1 0 b j e c t ( i t e r , l))) 

* — l ; 

* return  i; 

*/ 

i nt 

r i ng I t e r Ne x t Ob j e c t Any w h e r e ( s t r u c t Ringlterator  *iter) 

{ 

union  RingObject  *obj; 
unsigned  level  = iter->level; 
ringmask  mask  = iter->set  .mask; 

assert(iter); 


at  end  * / 
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assert ( i t er->set  .type  ==  R I N G S E T_I T E R A T 0 R ) ; 


/ * Find  first 
if  (llevel)  { 
level 
o b j = 

> else  ■( 

o b j = 


object  to  be  considered  */ 

= i; 

i ter->set . poo l - > k e y s ; 
i t e r->s tackl  leve l -1 ] ; 


if  ( ob  j ) f 

assert(obj->g.mask  S mask); 
if  (OBJISBOT(obj))  C 

obj  = obj->g.next; 

> else  f 

leve  1 + + ; 

obj  = obj->g.down; 


for  (;;)  f 

while  (obj)  ( 

if  (obj->g.mask  & mask)  ( 

iter->stackHlevel-1]  = obj; 
iter->level  = level; 
return  (int)level; 

} 

obj  = obj->g.next; 

} 

if  ( ! — level) 
break; 

obj  = iter->stackC  level-1]; 

assert (obj  ); 

obj  = obj->g.next; 

> 


/*  End  of  list,  no  luck  */ 
iter->stackCO]  = NULL; 
i ter->  l eve  l = 1; 
return  0; 


/*  Reset  the  iterator  to  the  beginning  of  the  given  level 
i n t 

ringIterRewind(struct  Ringlterator  * i t e r , unsigned  level) 
{ 

assert(  level  ); 

assert(iter->level  >=  level  - 1); 
i ter->level  = level-1; 
return  0; 

> 


*/ 


/*  Reset  the  iterator  to  the  end  of  the  given  level  */ 
i n t 

r i ng  1 1 e r F a s t F o r w a r d ( s t r u c t Ringlterator  *i ter,  unsigned  level) 
{ 

assert(level); 

assert ( level  <=  i ter->level  + 1); 
if  (level  > RINGMAXDEPTH) 
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Level  = RINGMAXDEPTH; 

else 

iter->stackClevel-1D  = NULL; 
iter->level  = Level; 
return  0; 


/ * 

* Seek  the  iterator  to  the  given  object,  state  as  if  it  just 

* returned  the  object.  Returns  the  Level  of  the  object,  or  <0 

* on  error. 

* / 
i n t 

ringlterSeekTolstruct  Ringlterator  *iter,  union  RingObject  *obj) 

union  RingObject  * p , *pp; 
i n t Level; 


> 


assert ( i ter->set . type  ==  R I NG S ET_I T E R ATO R ) ; 

if  ( ! ( ob j ->g . ma s k S i t e r -> s e t . ma s k ) ) 

return  0;  / * Not  a member  * / 

/ * A bit  ad-hoc;  there  is  a general  way.  * / 
if  (OBJISTOP(obj))  t 

iter->stackC0]  = obj; 
level  = 1 ; 

> else  { 

p = obj->g.up; 

assert(p->g.mask  & i ter->set . mask)  ; 
if  (OESJISTOP(p)  ) { 

iter->stackC0H  = p; 
iter->stackC1D  = obj; 
level  = 2 ; 

> else  { 

pp  = p - > g . u p ; 

assert(pp->g.mask  S iter->set.mask); 
assert(0BJIST0P(pp)); 
iter->stack[0]  = pp; 
iter->stackC1J  = p; 
iter->stackC2H  = obj; 
level  = 3 ; 

> 

> 

return  i ter->level  = level; 


static  void 

ringSetCountListCunion  RingObject 

unsigned  *counts. 


{ 


const  *obj 
unsigned 


, ringmask 
depth) 


mask. 


while 


(obj) 
i f 


{ 

(obj->g.mask  & mask)  { 
countsC0]++; 

if  (depth  &&  ! OBJ  ISBOKob  j ) ) { 

ringSetCountList(obj->g.down,  mask, 

counts+1,  depth-1); 

> 


> 
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obj  = obj->g.next; 


/ * 

* Count  the  number  of  objects  in  an  iterator  down  to  a given  depth. 

* / 
i n t 

ri ngSetCount ( struct  RingSet  const  *set,  unsigned  *counts,  unsigned  depth) 
{ 

unsigned  i = 0 ; 


for  (i  = 0;  i < depth;  i++) 
countsCil  = 0; 

if  (set  &&  set->mask  &&  depth  > 0) 

ringSetCountList(set->pool->keys,  set->mask,  counts,  depth-1 ); 
return  0; 


static  void 

ringSetCountTypesListCunion  RingObject  const  *obj,  ringmask 

unsigned  *counts,  unsigned  max) 


l 


i n t t ; 


mask. 


while  (obj)  { 

if  (obj->g.mask  & mask)  C 

t = ringObjectType(obj); 
if  ((unsigned)t  <=  max) 
countsCt-1 2 + + ; 
if  ( ! OBJ  ISBOKobj  ) ) 

ringSetCountTypesList(obj->g.down,  mask, 

counts,  max); 

> 

obj  = obj->g.next; 


/ * 

* Count  the  number  of  objects  in  an  iterator  of  various  types. 

*/ 
i nt 

r i n g S e t C o u n t Ty p e s ( s t r u c t RingSet  const  *set,  unsigned  *counts,  unsigned  max) 
{ 

unsigned  i = 0; 


> 


for  (i  = 0;  i < max;  i++) 
countsCil  = 0; 

if  (set  &&  set->mask  &&  max  > 0) 

ringSetCountTypesList(set->pool->keys,  set->mask,  counts,  max); 
return  0; 


struct  Ringlterator  * 

ringIterCreate(struct  RingSet  const  *set) 

( 

struct  RingPool  *pool  = set->pool; 
struct  Ringlterator  * i t e r ; 


812 


lib/ pgp/keys/ ringpub.c 


> 


assertC  ! RINGSETISMUTABLE(set)); 


/*  Allocate  the  structure  */ 
iter  = pool->f reei ter; 
if  (iter)  { 

pool->freeiter  = (struct  Ringlterator  *)iter->set.next; 
assert ( i ter->set . type  ==  R I N G S E T_  FREE); 

> else  { 


iter  - (struct  Ringlterator 

if  (liter)  { 

ringAllocErr(pool); 
return  NULL; 

> 


*)memPoolNew(&pool->structs, 

struct  Ringlterator); 


} 


/*  Okay,  allocated  - fill  it  in  */ 
i ter->set .pool  = pool; 
iter->set.next  = pool->sets; 
i ter->set  . type  = R I N G S E T_I T E R ATO R ; 
pool->sets  = Si ter->set; 
i ter->set . mask  = set->mask; 

i t er-> leve l = 0;  /*  Rewind  to  beginning  */ 

return  iter; 


void 

r i ng  1 1 e r De s t r oy ( s t r u c t Ringlterator  *i  ter) 

{ 

struct  RingPool  *pool; 
struct  RingSet  * * s e t p ; 

if  (iter)  { 

pool  = i ter->set . pool; 

assert ( i ter->set . type  ==  R I N G S E T_ I T E R A T 0 R ) ; 
i ter->set  . type  = R I N G S E T_F R E E ; 

/*  Remove  it  from  the  list  of  allocated  sets  */ 
setp  = &pool->sets; 
while  (*setp  !=  &iter->set)  { 
assert(*setp) ; 
setp  = &(*setp)->next; 

} 

*setp  = i ter->set  . next; 


/*  Add  to  the  list  of  free  iterators.  */ 
iter->set.next  = (struct  RingSet  *)pool->f reei ter; 
pool->f reei ter  = iter; 

> 

> 


static  struct  RingSet  * 
r i n g S e t A l l o c ( s t r u c t RingPool  *pool) 

{ 

struct  RingSet  *set; 

/*  Allocate  the  structure  */ 
set  = pool->f reesets; 
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if  (set)  { 

pool->f reesets  = set->next; 

> else  { 

set  = (struct  RingSet  * ) m e m P o o l N e w ( & p o o l - > s t r u c t s , 

struct  RingSet); 


if  ( ! s e t ) { 

ringAllocErr(pool); 
return  NULL; 

} 


> 


/*  Okay,  allocated  - fill  it  in  */ 
set->pool  = pool; 
set->next  = pool->sets; 
pool->sets  = set; 

/*  set->mask  and  set->type  uninitialized  */ 
return  set; 

> 

struct  RingSet  * 

ringSetCreate(struct  RingPool  *pool) 

{ 

ringmask  mask; 
struct  RingSet  * s e t ; 
i n t bit; 

if  ( ! poo l ) 

return  NULL; 

/*  Allocate  a new  bit  */ 
bit  = r i n g B i t A l l o c ( po o l ) ; 
if  (bit  < 0) 

return  NULL; 

mask  = ( r i ngma s k ) 1 <<b i t ; 

/*  Allocate  the  structure  */ 
set  = ringSetAlloc(pool); 
if  (set)  { 

set->mask  = mask; 
set->type  = R I N G S E T_M U T A B L E ; 
poo  l->a  l locmask  |=  mask; 

> 

return  set; 

> 

void 

ringSetDestroy(struct  RingSet  *set) 

{ 

struct  RingPool  * p o o l ; 
struct  RingSet  * * s e t p ; 


if  (set)  { 

pool  = s e t - > p o o l ; 

assert ( set->type  < R I NG S E T_F R E E ) ; 
set->type  = RINGSE  T_  F R E E ; 

/*  Remove  it  from  the  list  of  allocated  sets  */ 
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s e t p 
while 


> 

* s e t p 


= &pool->sets; 
(*setp  !=  set)  { 


setp  = &(*setp)->next; 


= set->next; 


/*  Add  to  the  list  of  free  sets.  */ 
set->next  = pool->f reesets; 
pool->f reesets  = set; 

} 

> 

/* 

* Freeze  a RingSet  so  that  you  can  start  doing  set  operations 

* on  it,  copying  it,  etc. 

*/ 

i n t 

ringSetFreezelstruct  RingSet  *set) 

{ 

if  (set)  { 

if  (set->type  ==  R I N G S E T_MU T AB L E ) 

set->type  = R I NG S E T_I MMU T AB L E ; 
assert(set->type  ==  R I N G S E T_I MMU T AB L E ) ; 

> 

return  0; 

> 


struct  RingSet  * 

r i ng S e t Copy ( s t r u c t RingSet  const  *s) 

{ 

struct  RingSet  * s e t ; 
i f ( ! s ) 

return  NULL; 

assert(  IRINGSETISMUTABLE(s)); 
set  = r i ng S e t A l l o c ( s -> po o l ) ; 
if  (set)  { 

set->mask  = s->mask; 
set->type  = RINGSET_ IMMUTABLE ; 

> 

return  set; 

> 


/*  This  accepts  NULL  as  an  alias  for  "no  such  set"  */ 
struct  RingSet  * 

r i ngSet Uni  on (st  rue t RingSet  const  *s1,  struct  RingSet  const  *s2) 
{ 

struct  RingSet  *set; 
if  ( ! si  ) 

return  ringSetCopy(s2); 

set  = ringSetCopy(sl); 
if  (set  &&  s2)  { 

assert(s1->pool  ==  s2->pool); 
assert(  ! RINGSETISMUTABLE(s2)  ); 
set->mask  |=  s2->mask; 
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> 

return  set; 


/**  The  following  operations  only  apply  to  mutable  RingSets  **/ 

/ * 

* Add  an  object  to  a mutable  RingSet.  That  includes  the  all  of  the 

* object's  parents  in  order  to  main  the  proper  RingSet  invariants. 

* / 
i n t 

r i n g S e t Add  0 b j e c t ( s t r u c t RingSet  *set,  union  RingObject  *obj) 

{ 

ringmask  mask  = set->mask; 

assert(RINGSETISMUTABLE(set>)  ; 
assertC ! (mask  & (mask-1))); 


> 


if  (obj  &&  ! ( o b j -> g . ma s k S mask))  f 

obj->g.mask  |=  mask; 

/*  Ensure  all  parents  are  added, 
while  ( ! OBJ  ISTOPCob j ) ) { 

obj  = obj->g.up; 
if  (obj->g.mask  S mask) 
break; 

obj->g.mask  |=  mask; 

> 


> 

return  0; 


too. 


*/ 


/ * 

* Remove  an  object  from  a mutable  RingSet.  That  includes  the  all  of  the 

* object's  children  in  order  to  main  the  proper  RingSet  invariants. 

* (Done  recursively.) 

* / 
i n t 

r i n g S e t R emO b j e c t ( s t r u c t RingSet  *set,  union  RingObject  *obj) 

( 

assert(RINGSETISMUTABLE(set)  ); 
assert(  ! (set->mask  & (set->mask-1 ) ) ) ; 

/ * 

* Remove  this  object  and  all  its  children. 

* As  an  optimization,  omit  scanning  children  if  the 

* object  is  not  already  in  the  set. 

* / 

if  (obj  &&  obj->g.mask  & set->mask)  ( 
if  ( ! OBJ ISB0T(obj  ) ) ( 

union  RingObject  *obj2  = obj; 

for  (obj2  = obj2->g.down;  obj2;  obj2  = obj2->g.next) 
ringSetRemObject(set,  obj2); 

> 

obj->g.mask  ~set->mask; 

ringGarbageCollectObject(set->pool,  obj); 

> 

return  0; 

> 


816 


lib/ pgp/keys/ ringpub.c 


/ * Helper  function  for  ringSetAddSet  * / 
static  void 

ri  ngSet AddLi  st  (uni  on  RingObject  *obj,  ringmask  destmask,  ringmask  srcmask) 


> 


while  ( ob  j ) < 

if  ( o b j -> g . ma s k S srcmask)  { 

obj->g.mask  |=  destmask; 
if  ( ! OB J I SB0T(ob j ) ) 

ringSetAddList(obj->g.down/.  destmask,  srcmask) ; 
obj  = obj->g.next; 

> 


i nt 

r i ng Se t AddSe t ( s t r uc t RingSet  *set,  struct  RingSet  const  *set2) 

assert(RINGSETISMUTABLECset) ) ; 
if  ( s e t 2 ) f 

assert(set->pool  = = set2->pool); 

^ ri ngSetAddLi st (set->pool->keys,  set->mask,  set2->mask); 

return  0 ; 

> 


/* 

* Subtracting  sets  is  simplified  by  the  proper-set 

* If  I remove  a key  (because  it's  in  set2),  I have 

* children  of  the  key,  so  I just  use  r i ng C l ea rMa s k 

* the  job.  If  I don't  (because  it's  not  in  set2), 

* guaranteed  that  none  of  its  children  are  in  set2 

* so  there's  no  need  to  examine  any  children. 

*/ 


requi rement . 
to  remove  a l l 
to  do 
then  it's 
either. 


i nt 

ringSetSubtractSet(struct  RingSet  * s e t , struct  RingSet  const  * s e 1 2 ) 


union  RingObject  * o b j ; 
ringmask  mask  = set->mask; 


assert(RINGSETISMUTABLE(set) ); 
assert(mask); 


} 


i f 


> 


(set2  &&  set2->mask)  { 

assert(set->pool  = = set2->pool); 

for  (obj  = set->pool->keys;  obj;  obj  = obj->g.next)  { 

if  (obj->g.mask  & mask  &&  obj->g.mask  & set2->mask)  { 
obj->g.mask  "mask; 
if  ( ! OBJ  I SBOT ( ob j ) ) 


> 


ringClearMask(set->pool,  &obj->g.down, 
"mask); 


> 


return  0; 


static  i n t 
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ringSetlntersectListCunion  RingObject 

ringmask  mdest) 


{ 


int  flag  = 0; 


* o b j , 


ringmask  ml. 


ringmask  m2. 


while  (obj)  { 

if  ( ( ob j ->g . ma s k & ml)  SS  (obj->g.mask  & m2))  { 

flag  = 1 ; 

obj->g.mask  |=  mdest; 
if  ( ! OBJ ISBOTCobj ) ) 

ringSetIntersectList(obj->g.down, 

ml,  m2,  mdest); 

> 

obj  = obj->g.next; 

> 

return  flag; 


struct  RingSet  * 

ringSetlntersectionlstruct  RingSet  const  *s1,  struct  RingSet  const  *s2) 
{ 

struct  RingSet  * s e t ; 
if  ( ! s 1 ||  ! s 2 ) 

return  (struct  RingSet  *)NULL; 

assert(s1->pool  = = s2->pool); 
assert ( ! RINGSETISMUTABLECsl  )); 
assertC  ! RINGSETISMUTABLE(s2) ); 


> 


/*  Do  a few  trivial  cases  without  allocating  bits.  */ 


if  ( ! ( si 

- > m a s k 

return 

& ~s2->mask)) 
ringSetCopy(s1  ); 

/ * 

si 

is  a subset 

o f 

s 2 

- copy 

si 

*/ 

if  ( ! (s2 

->ma  s k 

return 

& ~s1->mask)) 
ringSetCopy(s2); 

/* 

s 2 

is  a subset 

o f 

si 

- copy 

s 2 

*/ 

set  = ringSetCreate(s1->pool); 
if  ( set ) { 

if  ( ! r i ng S e 1 1 n t e r s e c t L i s t ( s 1 -> poo  l -> k e y s , s1->mask,  s2->mask, 

set->mask)  ) 


{ 

/*  Empty  set  - free  bit  */ 
s1->pool->al  locmask  & = ~set->mask; 
set->mask  = 0; 

> 

set->type  = R I N G S E T_I MMU T AB L E ; 


return  set; 


static  void 

r i ng S e t D i f f L i s t ( u n i on  RingObject 

ringmask  mdest) 


{ 


* o b j , 


ringmask  ml,  ringmask  m2. 


while  (obj)  { 

if  ( ( ob j ->g  . ma s k S ml)  &&  ! ( o b j -> g . ma s k & m2))  { 
obj->g.mask  |=  mdest; 
if  ( ! OBJ  ISBOKob  j ) ) 

r i n g S e t D i f f L i s t ( ob j -> g . d o w n , ml. 


m2  , 


mdest); 
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> 


> 


/ * Return  s 1 - s 2 . * / 
struct  RingSet  * 

ringSetDi ff erenceCstruct  RingSet  const  *s1,  struct  RingSet  const  *s2) 
struct  RingSet  * s e t ; 


} 


if  ( ! si  ) 

return  NULL; 
if  (!s2  ||  !s2->mask) 

return  ringSetCopy(sl); 


assert(s1->pool  ==  s2->pool); 
assert ( ! RINGSETISMUTABLECsl  ) ); 
assertC ! RINGSETISMUTABLE(s2) ) ; 


if  (!(s1->mask  & ~s2->mask))  { 

/ * s1->mask  is  a subset  of  s2->mask,  so 
set  = ringSetAlloc(s1->pool); 
i f (set)  { 

set->mask  = 0; 

set->type  = RINGSET_ IMMUTABLE; 

> 

> else  { 

set  = ringSetCreate(s1->pool); 
if  (set)  { 


> 


> 


ringSetDiffList(s1->pool->keys, 

set->mask); 

set->type  = R I NG S ET_I MMU T AB LE ; 


return  set; 


result  is 


s1->mask. 


empty  */ 


s2->mask. 


i n t 

ringFileIsDirty(struct  RingFile  const  *file) 

return  file  ? file->flags  S R I NG F I LE F_D I RTY  : 0; 

> 


i n t 

r i n g F i l e I s T r u s t C h a n g ed ( s t r u c t RingFile  const  *file) 

{ 

return  file  ? file->flags  S R I NG F I LE F_T R U S T C H AN G E D : 0; 

> 


struct  RingPool  * 

ringPoolCreate(struct  PgpEnv  const  *env) 

{ 

struct  RingPool  * p o o l ; 

pool  = (struct  RingPool  *)pgpMemAlloc(sizeof(*pool)); 
if  (pool) 

ringPoolInit(pool,  env); 
return  pool; 
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> 

void 

ringPooLDestroy(struct  RingPool  *pool) 
{ 

if  (pool)  i 

ringPooLFini  (pool); 
pgpMemFree(pool  ) ; 

> 

> 


union  RingObject  * 

r i n g Ke y By  I d 8 ( s t r u c t RingSet  const  *set,  byte  pkalg,  byte  const  *keyID) 
{ 

struct  RingKey  * k e y ; 


> 


if  ((pkalg|1)  ==  3)  /*  viacrypt  */ 

pkalg  = 1 ; 

for  (key  = set->pool->hashtableCkeyIDCO]];  key;  key  = key->uti 
if  ( ( ( ( key->pka  l g | 1 ) ==  3)  ? 1 : key->pkalg)  ==  pkalg 

memcmp ( key  I D,  key->keyID,  8)  ==  0)  { 

if  (!(key->mask  & set->mask) ) 
break; 

ringObjectHold((union  RingObject  * ) k e y ) ; 
return  (union  RingObject  * ) k e y ; 

> 

} 

/ * Failed  * / 
return  NULL; 


/***  Access  functions  for  information  about  objects  ***/ 
i n t 

ringKeyError(struct  RingSet  const  *set,  union  RingObject  *key) 

{ 

byte  const  *p; 
s i z e_t  len; 

assert (OBJ  ISKEY(key)  ) ; 

assert ( key->g  .mask  & set->mask); 

if  ( ! ( key->g  .flags  & KEY  F_E  R R 0 R ) ) 
return  0; 

p = (byte  const  *)ringFetchObject(set,  key,  S l e n ) ; 
if  ( ! p ) 

return  ringSetError(set)->error; 
return  ringKeyParse(p,  len,  NULL,  NULL,  NULL,  NULL,  NULL,  0 ) ; 

> 

unsigned 

r i n g Ke y B i t s ( s t r u c t RingSet  const  *set,  union  RingObject  *key) 

{ 

assert(OBJISKEY(key)); 

assert ( key->g  .mask  & set->mask); 

(void)set; 

return  key->k.keybits; 

> 


l ) ( 
&8 
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wo  rd32 

ringKeyCreationCstruct  RingSet  const  *set,  union  RingObject  *key) 

assertlOBJISKEYlkey)); 
assert(key->g.mask  & set->mask); 

(void)set; 

return  key->k.tstamp; 


wo  rd32 

ringKeyExpi rationCstruct  RingSet  const  *set,  union  RingObject  * k e y ) 


> 


assertlOBJISKEYlkey)); 
assert(key->g.mask  S set->mask); 

( v o i d ) s e t ; 

if  ( key->k . tstamp  ==  0 ||  key-> k . va L i d i ty  ==  0) 

return  0;  / * valid  indefinitely  * / 

else 


return  k e y-> k . t s t a mp  + ( k ey-> k . va l i d i t y * 3600  * 24); 


/* 

* If  called  for  a subkey,  force  to  just  encryption. 

* If  called  for  a key  with  a subkey,  return  the  "or”  of  both. 

* Else  just  do  the  key  itself. 

* / 
i n t 

r i ngKeyUse ( s t ru c t RingSet  const  *set,  union  RingObject  *key) 


i n t use; 


assert!  OB JISKEY(key)); 
assert(key->g.mask  & set->mask); 

use  = pgpKeyUse(pgpPkalgByNumber(key->k.pkalg)); 
if  (OBJISSUBKEY(key)) 

use  &=  PGP_PKUSE_ENCRYPT; 
for  (key=key->g.down;  key;  key=key->g.next)  { 

if  ( OB J I SSUBKEY ( key ) &&  r i n g S u b k e y V a l i d ( s e t , key)) 

use  |=  pgpKeyUse ( pgpPka l gByNumbe r ( key-> k . pka l g ) ) ; 

> 

return  use; 


byte 

r i ngKeyTrust ( st ruct  RingSet  const  *set,  union  RingObject  *key) 

{ 

assert! OB JISKEY(key)); 
assert(key->g.mask  & set->mask); 

! v o i d ) s e t ; 

if  ! ! ! key->g  . f lags  S IRINGOBJ  F_T  RUST))) 
ringMntValidateKey  !set,  key); 
return  key->k. trust  & PG P_KE Y T R U S T_M A S K; 

> 

void 

r i ng Key S e t T r u s t ! s t r u c t RingSet  const  *set,  union  RingObject  *key,  byte  trust) 
{ 
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assert(OBJISKEYCkey)); 
a s s e r t ( k ey-> g . ma s k & set->mask); 

assert ( t r u s t == PG P_KE Y T R U S T_U N KN 0 W N ||  t r u s t == P G P_K E Y T R U S T_N E V E R || 

trust==PG  P_KE  Y T R U S T_M  A R G I N A L | | t r u s t = = P G P_K E Y T R U S T_C 0 M P L E T E ) ; 
if  ( (key->k. trust  & PG  P_K  E Y T R U S T_M  ASK)  !=  trust)  { 

key->k. trust  = (key->k. trust  & ~ PG P_KE Y T R U S T_M A S K ) + trust; 
key->g. flags  |=  R I N G OB J F_T R U S T C H A NG E D ; 
ringPoolMarkTrustChanged  (set->pool,  key->g.mask); 

> 

key->g. flags  |=  R I N G OB J F_T R U S T ; 


/ * 

* Used  to  set  a public  key  as  an  "axiomatic"  key,  that  is,  one  for  which 

* we  hold  the  private  key.  This  also  involves  setting  each  name  on  that 

* key  as  having  ultimate  trust. 

*/ 

void 

r i n g Key S e t Ax i oma t i c ( s t r u c t RingSet  const  *set,  union  RingObject  *key) 

{ 

union  RingObject  *nameobj; 


asse  r t ( OB J I SKEY ( key ) ) ; 
assert(key->g.mask  & set->mask); 
key->k. trust  &=  ~ PG P_KE Y T R U S T_M A S K; 

key->k. trust  |=  PG P_KE Y T R U S T F_BU C KS T 0 P | P G P_K E Y T R U S T_U L T I M A T E ; 
for  (nameobj=key->g.down;  nameobj;  nameobj=nameobj->g.next)  { 

if  ( nameob j ->g . ma s k S set->mask  &&  OB J I SNAME ( nameob j ) ) { 
nameobj->n . trust  &=  ~ P G P_N A M E T R U S T_M A S K ; 
nameobj->n. trust  |=  P G P_N A M E T R U S T_C 0 M P L E T E ; 

# i f ! OLDTRUST 

nameobj->n. confidence  = P G P_N E W T R U S T_I N F I N I T E ; 
nameobj->n. validity  = PG P_N E WT R U S T_I N FINITE; 


i n t 

r i n g Ke y A x i oma t i c ( s t r u c t RingSet  const  *set,  union  RingObject  *key) 
{ 

assertCOBJISKEY(key)); 

assert ( key->g .mask  S set->mask); 

return  key->k. trust  S P G P_K E Y T R U S T F_B U C KS T 0 P ; 

> 


i nt 

r i n g Key D i s a b l e d ( s t r u c t RingSet  const  *set,  union  RingObject  *key) 
{ 

assertCOBJISKEY(key)); 

assert(key->g.mask  & set->mask); 

return  key->k.  trust  & PG P_KE Y T R U S T F_D I S AB L E D ; 

> 

void 

r i n g Key D i s a b l e ( s t r u c t RingSet  const  *set,  union  RingObject  *key) 

{ 

assert(OBJISKEYCkey)  ); 
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assert ( key->g  . mask  S set->mask); 

if  ( ! ( key->k  . t rust  & PG P_KE Y T R U S T F_D I S AB L E D ) ) { 
key->k. trust  |=  PG P_KE YT R U S T F_D I S AB L E D ; 
key->g. flags  j=  R I NGOB J F_T R U S T C H ANG E D ; 
ringPoolMarkTrustChanged  (set->pool,  key->g.mask); 

> 

key->g. flags  |=  R I N G OB J F_T R U S T ; 

> 

void 

r i n g Ke y E n a b l e ( s t r u c t RingSet  const  *set,  union  RingObject  *key) 

assertCOBJISKEY(key)); 

assert(key->g.mask  & set->mask); 

if  ( key->k  . t rust  & PGP_KEYTRUST F_D I S ABLED ) { 

key->k. trust  &=  ~ PG P_KE Y T R U S T F_D I S A B L E D ; 
key->g. flags  |=  R I N G 0 B J F_T R U S T C H A N G E D ; 
ringPoolMarkTrustChanged  (set->pool,  key->g.mask); 

> 

key->g. flags  |=  R I N G 0 B J F_T R U S T ; 


i n t 

ringKeyRevokedCstruct  RingSet  const  * s e t , union  RingObject  * k e y ) 
{ 


asser t ( OB J I SKEY ( key ) ) ; 
assert(key->g.mask  S set->mask); 
(void)set; 
ft i f ! OLDTRUST 


ft  e n d i f 


if  ( ! ( key->g  . f lags  & ( R I NG OB J F_T RU S T ) ) ) 
ringMntValidateKey  (set,  key); 


> 


return  key->k. trust  & PG P_KE Y T R U S T F_R EVOKED; 


ft  i f ! OLDTRUST 
w o r d 1 6 

ringKeyConfidenceCstruct  RingSet  const  *set,  union  RingObject 
t 

assert(OBJISKEYCkey)); 

assert ( key->g . mask  & set->mask); 

(void)set; 

if  ( ! ( key->g . f lags  & ( R I N G OB J F_T RU S T ) ) ) 
ringMntValidateKey  (set,  key); 
if  (key->k. trust  S PG P_KE Y T R U S T F_R E VO KE D ) 

return  0;  / * no  confidence  if  revoked 

else 


> 


return  ringKeyCalcTrust  (set,  key); 


//end  i f 


★ key) 


* / 


void 

r i n g Key  I D 8 ( s t r u c t RingSet  const  *set, 
byte  *pkalg,  byte  *buf) 

{ 


assert(OBJISKEY(key)); 


union  RingObject 


const  *key. 
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> 


assert(key->g.mask  & set->mask); 

(void)set; 
if  (pkalg)  { 

*pkalg  = key->k.pkatg; 

if  ((*pkalg  | 1)  = = 3)  /*  ViaCrypt  */ 

* p k a l g = 1; 

> 

if  ( bu  f ) 

memcpy(buf,  key->k.keyID,  8 ) ; 


i n t 

r i ng Key F i ng e r p r i n t 1 6 ( s t r u c t RingSet  const  *set,  union  RingObject  *key, 
byte  * bu f ) 

{ 

byte  const  * p ; 
s i z e_t  ten; 


assertCOBJISKEY(key)); 
assert(key->g.mask  & set->mask); 

p = (byte  const  *)ringFetchObject(set,  key,  8 L e n ) ; 
if  ( ! p ) 

return  ringSetError(set)->error; 
return  ringKeyParseFingerprint16(p,  len,  buf); 

> 

i n t 

r i ng Key F i ng e r p r i n t 20 ( s t ru c t RingSet  const  *set,  union  RingObject  *key, 
byte  * bu  f ) 

{ 

s i z e_t  o b j len; 
byte  const  *objbuf; 

assert (OBJ ISKEY ( key  ) ) ; 
assert(key->g.mask  & set->mask); 

objbuf  = (byte  const  *)ringFetchObject(set,  key,  Sobjlen); 
return  pgpFingerprint20HashBuf(objbuf,  objlen,  buf); 

> 


i nt 

r i ngKey Add S i g s by ( s t r u c t RingSet  const  *set,  union  RingObject  *key, 
struct  RingSet  *dest) 

{ 

struct  RingSig  *sig; 
i n t i = 0 ; 


assert(OBJISKEY(key)); 

a s s e r t ( k ey-> g . ma s k & set->mask); 

assert(RINGSETISMUTABLE(dest)); 


for  (sig  = 

8key->k.sigsby->s;  sig; 

s i g 

= sig->nextby)  { 

i f 

(sig->mask  8 set->mask) 

{ 

i + + ; 

> 

ringSetAddObject(dest, 

(union  RingObject 

> 

return  i ; 
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} 


/*  Return  TRUE  if  the  key  has  a secret  in  the  given  set  */ 
i n t 

ringKeylsSecfstruct  RingSet  const  *set,  union  RingObject  *key) 

assert(OBJISKEYCkey) ); 
assert(key->g.mask  & set->mask); 


} 


for  (key  = 
i f 

return  0; 


key->g.down;  key;  key  = key->g.next) 

( ( key->g  . ma s k & set->mask)  &&  OB J I S S E C ( k ey  ) ) 
return  1; 


/ * 

* Return  the  most  recent  subkey  associated  with  the  key,  if  there  is  one 

* / 

union  RingObject  * 

ringKeySubkeyCstruct  RingSet  const  * s e t , union  RingObject  const  *key) 

ringmask  mask  = set->mask; 

union  RingObject  *obj,  * b e s t = NULL; 

w o r d 3 2 objtime,  besttime  = 0; 


> 


assert(OBJISKEYCkey)); 

for  (obj  = key->g.down;  obj;  obj  = obj->g.next)  { 

if  ( ( ob j ->g  . ma s k S mask)  &&  OB J I S S U B K E Y ( o b j ) 
&&  r i ng Subkey Va L i d ( set  , obj))  { 

objtime  = ringKeyCreation(set,  obj); 
if  (besttime  <=  objtime)  { 
best  = obj; 
besttime  = objtime; 


return  best; 


/ * 

* Given  a public  key  on  the  keyring,  get  the  corresponding  PgpPubKey. 

* Use  is  a usage  code  which  limits  the  kinds  of  keys  we  will  accept. 

* For  keys  which  have  subkeys  this  chooses  which  one  to  use.  If  use  is 

* 0 we  do  a straight  conversion  of  the  key  or  subkey;  if  nonzero  we 

* verify  that  the  key  has  the  required  use.  Return  NULL  if  we  can't 

* get  a key  with  the  required  use. 

*/ 

struct  PgpPubKey  * 

ringKeyPubKey(struct  RingSet  const  * s e t , union-  RingObject  *key,  int  use) 

byte  const  *p; 
s i z e_t  len; 

struct  PgpPubKey  *pub; 

union  RingObject  *subkey  = NULL; 

int  i ; 

assert(OBJISKEY(key)); 
assert(key->g.mask  S set->mask); 
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/*  Select  between  subkey  and  key  if  necessary  */ 

if  (use  &&  ( OB J I S S UBKE Y ( k e y ) ||  ( s u b k e y = r i n g Ke y S u b k e y ( s e t , key))))  { 

if  (use  ==  PGP_PKUSE_SIGN_ENCRYPT)  C 

ringSimpleErr(set->pool,  PG P E R R_PU BKE Y_U N I M P ) ; 
return  NULL; 

> 

if  (use  ==  PGP_PKUSE_ENCRYPT)  { 
if  ( OB J I STOPKE Y ( key ) ) ( 
assert ( subkey) ; 
key  = subkey; 

assert  (OBJISSUBKEY(key)); 

> 

> else  if  (use  ==  PG P_PKU S E_S I G N ) l 
if  (OBJISSUBKEY(key) ) { 
key  = key->g.up; 
assert  (OBJISTOPKEY(key)); 


/*  Verify  key  satisfies  required  usage  */ 

if  (use  &&  ( ( pg pKe y U s e ( pg p P ka l g By N umb e r ( k ey-> k . p ka l g ) ) & use)  !=  use))( 
ringSimpleErr(set->pool,  PG P E R R_PU BKE Y_U N I M P ) ; 
return  NULL; 

> 

p = (byte  const  *)ringFetchObject(set,  key,  Slen); 
if  ( ! p ) 

return  NULL; 

if  ( k ey-> g . f l a g s S KEYF_ERROR  ||  len  < 8)  { 

i = ringKeyParse(p,  len,  NULL,  NULL,  NULL,  NULL,  NULL,  0); 
ringSimpleErr(set->pool,  i); 
return  NULL; 

> 

/ * 

* A key  starts  with  7 bytes  of  crap,  an  algorithm  byte,  and 

* the  public  components. 

* / 

assert(pC7D  ==  key->k.pkalg);  / * Checked  by  ringKeyVerify  * / 
pub  = pgpPubKeyFromBuf(pE7II,  p + 8,  len-8,  & i ) ; 
if  ( ! p u b ) 

ringSimpleErr(set->pool,  i); 
memcpy(pub->keyID,  key->k.keyID,  sizeof(key->k.keyID)); 
return  pub; 

> 

/ * 

* Given  a secret  on  a keyring,  get  a struct  PgpSecKey  (possibly  locked). 

* As  a hack  to  help  the  lazy  programmer,  you  can  also  pass  a key. 

* Use  is  a usage  code  which  limits  the  kinds  of  keys  we  wilt  accept. 

* For  keys  which  have  subkeys  this  chooses  which  one  to  use. 

*/ 

struct  PgpSecKey  * 

ringSecSecKey(struct  RingSet  const  *set,  union  RingObject  *sec,  int  use) 

{ 

byte  const  *p; 
s i z e_t  len; 

struct  PgpSecKey  *seckey; 
union  RingObject  *key; 
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union  RingObject  * s u b k e y = NULL; 
i n t i ; 

if  (OBJISSEC(sec) ) { 

key  = sec->g.up; 

> else  { 

key  = sec; 

> 

assert(OBJISKEY(key)); 
assert(sec->g.mask  & set->mask); 

/*  Select  between  subkey  and  key  if  necessary  */ 

if  (use  & & (OBJISSUBKEY(key)  ||  (subkey=ringKeySubkey(set,  key))))  { 
int  newkey  = 0; 

if  (use  ==  PGP_PKUSE_SIGN_ENCRYPT)  { 

ringSimpleErr(set->pool,  PG P E R R_PUBKE Y_U N I M P ) ; 
return  NULL; 

> 

if  (use  ==  PGP_PKUSE_ENCRYPT)  -C 
if  (OBJISTOPKEY(key))  { 
assert(subkey) ; 
key  = subkey; 

assert  (OBJISSUBKEY(key) ); 
newkey  = 1; 

> 

> else  if  (use  ==  PG P_PKU S E_S I GN ) { 

if  (OBJISSUBKEY(key))  { 
key  = key->g.up; 
assert  (OBJISTOPKEY(key)  ); 
newkey  = 1; 

> 

> 

if  (newkey  ||  ! OB J I S S E C ( s e c ) ) { 

sec  = ringBestSec(set,  key); 
if  ( ! sec)  { 

ringSimpleErr(set->pool,  P G P E R R_N 0_S E C K E Y ) ; 
return  NULL; 

> 

> 

> else  if  (OBJISKEY(sec) ) { 

sec  = ringBestSec(set,  sec); 
if  ( ! s e c ) ( 

ringSimpleErr(set->pool,  PGPERR_NO_S  ECKEY); 
return  NULL; 

> 

> 

/*  Verify  key  satisfies  required  usage  */ 

if  (use  &&  ( ( pgpKey U s e ( pg p Pka l gBy Numbe r ( key-> k . p ka  l g ) ) & use)  !=  use))( 
ringSimpleErr(set->pool,  PG P E R R_PUBKE Y_U N I M P ) ; 
return  NULL; 

> 

p = (byte  const  *)ringFetchObject(set,  sec,  Slen); 
if  ( ! p ) 

return  NULL; 

if  (sec->g.up->g. flags  S KEY  F_E  R R 0 R ||  len  < 8)  { 

i = ringKeyParse(p,  len,  NULL,  NULL,  NULL,  NULL,  NULL,  0); 
ringSimpleErr(set->pool,  i ) ; 
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return  NULL; 

> 

assert(pC7]  ==  sec->g.up->k.pkalg);  / * Checked  by  ringKeyVerify  * / 

seckey  = pgpSecKeyFromBuf(p[7],  P+8,  Len-8,  8 i ) ; 
if  (! seckey) 

ringSimpleErr(set->pool,  i ) ; 

memcpy ( seckey->keyID,  sec->g.up->k.keyID,  sizeof(sec->g.up->k.keyID)); 
return  seckey; 


/*  There  ain't  much  to  know  about  a name...  */ 
char  const  * 

ringNameNameCstruct  RingSet  const  *set,  union  RingObject  *name,  si ze_t  *lenp) 
{ 

assert(OBJISNAME(name)); 

return  (char  const  *)ringFetchObject(set,  name,  Lenp); 

> 

byte 

r i n g N a me T r u s t ( s t r u c t RingSet  const  *set,  union  RingObject  *name) 

{ 

assert(OBJISNAMECname)); 
assert(name->g.mask  & set->mask); 

(void)set; 

if  (!(name->g.  flags  8 ( R I N GOB J F_T RU S T ) ) ) 
ringMntValidateName  (set,  name); 
return  name->n.  trust  & P G P_N  A M E T R U S T_M  ASK; 

> 

i n t 

r i ng Na me Wa r n o n l y ( s t r u c t RingSet  const  *set,  union  RingObject  *name) 

{ 

assert(OBJISNAMECname) ) ; 
assert(name->g.mask  8 set->mask); 

(void)set; 

return  name->n. trust  & PG P_N AM E T R U S T F_W A R NON L Y ; 

> 

void 

r i ng Na me S e t Wa r n o n l y ( s t r u c t RingSet  const  *set,  union  RingObject  *name) 

{ 

assert(OBJISNAME(name)); 
assert(name->g.mask  8 set->mask); 

if  (!  (name->n  . trust  8 P G P_N  AMETRUST  F_W  ARNONLY))  i 
name->n  . trust  |=  P G P_N  AMETRUST  F_W  ARNONLY; 
name->g  . f Lags  j=  R I N G OB J F_T R U S T C H A NG E D ; 
ringPooLMarkTrustChanged  (set->pool,  name->g.mask); 

> 

name->g. flags  |=  R I NGOB J F_TRUST; 

> 

# i f ! OLDTRUST 
w o r d 1 6 

r i n g Na me Va L i d i t y ( s t r u c t RingSet  const  *set,  union  RingObject  *name) 

{ 

assert(OBJISNAME(name)); 
assert(name->g.mask  8 set->mask); 

(void)set; 
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if  (!(name->g. flags  & ( R I N GOB J F_T R U S T ) ) ) 
ringMntValidateName  (set,  name); 
return  ri ngTrustToIntern  (name->n. validity); 

wo  r d 1 6 

ringNameConfidence(struct  RingSet  const  * s e t , union  RingObject  *name) 

assert (OBJ ISNAME(name)); 
assert(name->g.mask  & set->mask); 

(void)set; 

return  ri ngT  rustToIntern  (name->n.conf idence) ; 

i n t 

ringNameConfidenceUndefined(struct  RingSet  const  *set,  union  RingObject  * n a m e ) 

assert(OBJISNAME(name)); 
a s s e r t ( name->g  . ma s k & set->mask); 

(void)set; 

return  (name->n. confidence  ==  PG P_N E WT R U S T_U N DEFINED) ; 


void 

ringNameSetConfidence(struct 

w o r d 1 6 


RingSet  const 
confidence) 


assert(OBJISNAME(name)); 
assert(name->g.mask  S set->mask); 


* s e t , 


union  RingObject 


*name  , 


confidence  - (word16)  ringTrustToExtern  (confidence); 

if  ( ! (name->n  . f lags2  & N A M E F 2_N E WT R U S T ) || 

n a m e -> n . c o n f i d e n c e !=  confidence)  { 

name->n. confidence  = (byte)  confidence; 
name->n.flags2  |=  NAME F2_NEWTRUST; 
name->g.  flags  |=  R I NGOB J F_T R U S T C H ANG E D ; 
ringPooLMarkTrustChanged  (set->pool,  name->g.mask); 

> 

name->g. flags  |=  R I N G OB J F_T R U ST ; 

> 

# e n d i f 


i nt 

ringSigError(struct  RingSet  const  *set,  union  RingObject  *sig) 
f 

byte  const  *p; 
si ze_t  len; 


assert(OBJISSIG(sig)  ); 
assert(sig->g.mask  & set->mask); 

if  ( ! ( s i g-> g . f l a g s S SIGF_ERROR)) 
return  0; 

p = (byte  const  * ) r i n g F e t c h 0 b j e c t ( s e t , sig,  &len); 
if  ( ! p ) 

return  ringSetError(set)->error; 
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> 


return  r i n g S i g P a r s e ( p , Len,  NULL,  NULL,  NULL,  NULL,  NULL,  NULL, 


union  RingObject  * 

r i ng S i g Ma k e r ( s t r u c t RingSet  const  *sset,  union  RingObject  *sig, 
struct  RingSet  const  *kset) 

{ 

assert(OBJISSIG(sig)); 
assert(sig->g.mask  S sset->mask); 


s i g = si g->  s . by; 

a s s e r t ( OB J I S KE Y ( s i g ) ) ; /*  "sig"  is  now  a key!  */ 

if  ( ! ( s i g->g . ma s k S kset->mask)  ) 
return  NULL; 
ringObjectHotd(sig)  ; 
return  sig; 


void 

r i n g S i g I D 8 ( s t r u c t RingSet  const  *set,  union  RingObject 
byte  *pkalg,  byte  *buf) 

C 


assert(OBJISSIGCsig)); 

a s s e r t ( s i g -> g . ma s k & set->mask) 

(void)set; 

sig  = sig->s.by; 

assertCOBJISKEY(sig)); 

if  (pkalg)  ( 

★pkalg  = s i g-> k . pka L g ; 
i f ( (*pka  Lg  | 1 ) ==  3) 

★pkalg  = 1; 


> 


/ * ViaCrypt  * / 


if  (buf  ) 


> 


memcpy(buf,  sig->k.keyID,  8); 


const  *sig. 


byte 

ringSigTrustCstruct  RingSet  const  * s e t , union  RingObject  * s i g ) 
{ 


> 


assert(OBJISSIGCsig)  ); 
assert(sig->g.mask  & set->mask); 

(void)set; 

if  (ringSigError  (set,  sig)) 

return  P G P_S I G T R U S T_I N V A L I D ; 
if  (sig->s.by  ==  NULL) 

return  PG P_S I GT RU S T_N 0 KE Y ; 
if  (! (si g->s  . trust  & PG P_S I G T R U S T F_T R I E D ) ) 
return  PG P_S I GT R U S T_U N T R I E D ; 
if  (! (si g->s . trust  & PG P_S I G T R U S T F_C H E C KE D ) ) 
return  PG P_S I G T R U S T_B A D ; 
if  ( ! (sig->g. flags  & ( R I N G OB J F_T R U S T ) ) ) ( 

ringMntValidateKey  (set,  sig->s.by); 

return  s i g -> s . by-> k . t r u s t & PG  P_K  E Y T R U S T_M  A S K; 

> 

else 

return  sig->s. trust  8 P G P_K  E Y T R U S T_M  A S K ; 


i n t 


N U L L ) ; 
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r i n g S i g C h e c k e d ( s t r u c t RingSet  const  *set,  union  RingObject  *sig) 

assert(OBJISSIG(sig)  ); 
assert(sig->g .mask  & set->mask); 

(void)set; 

return  sig->s.  trust  & PG P_S I G T RU S T F_C H E C KE D ; 

> 

i n t 

r i n g S i g T r i e d ( s t r u c t RingSet  const  *set,  union  RingObject  *sig) 

assert(OBJISSIGCsig)  ) ; 
assert(sig->g.mask  & set->mask); 

(void)set; 

return  sig->s. trust  & PG P_S I GT R U S T F_T R I E D ; 

> 


U i f ! OLDTRUST 

/*  Call  ringSigTrust  to  get  sig  status,  then  call  this  function  if 
sig  is  good  and  the  confidence  is  required.  */ 


w o r d 1 6 

ringSigConf idence(struct  RingSet  const  *set,  union  RingObject  *sig) 

{ 

assertCOBJISSIG(sig)); 

assert ( s i g->g . mask  & set->mask); 

(void)set; 

if  (sig->s.by  !=  NULL)  { 

if  (set->mask  S s i g -> s . by-> g . ma s k ) { 

if  ( ! (sig->s.by->g. flags  & ( R I N G 0 B J F_T R U S T ) ) ) 
r i ngMntVa L i dateKey  (set,  sig->s.by); 
if  ( si g->s  . by->k  . trust  & PG P_KE Y T R U S T F_R E VOKE D ) 
return  0 ; 

else 

return  r i ngKey Ca  l cTrus t (set,  sig->s.by); 

> 

else 

return  0; 


> 

else 


return  0; 


# e n d i f 


i n t 

ringSigType(struct  RingSet  const  *set,  union  RingObject  const  *sig) 

{ 

assert(OBJISSIG(sig)); 
assert(sig->g.mask  S set->mask); 

(void)set; 

return  sig->s.type; 

> 

wo  rd32 

r i ng S i g T i me s t amp ( s t ru c t RingSet  const  *set,  union  RingObject  const  *sig) 

assert(OBJISSIG(sig)); 
assert(sig->g.mask  S set->mask); 
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(void)set; 

return  si g->s . tstamp; 


/**  Filtering  functions  to  get  sets  from  sets  **/ 
/*  The  generic  one  - according  to  the  predicate  */ 


i n t 

r i n g S e t F i 1 1 e r ( s t r u c t RingSet  const  *src,  struct  RingSet  *dest, 

int  ( * p r ed i c a t e ) ( vo i d *arg,  struct  Ringlterator  *iter, 

union  RingObject  *object,  unsigned  level), 

void  *arg) 

{ 

struct  Ringlterator  * i t e r ; 
union  RingObject  * o b j ; 
unsigned  level; 
int  i ; 

unsigned  total  = 0; 

if  (!src  ||  ! dest ) 

return  0 ; 

assert(!RINGSETISMUTABLE(src)); 

assert(RINGSETISMUTABLE(dest)); 


> 


iter 
if  ( ! 

level 
for  ( 


> 


ringlterCreate(src); 

ter) 

return  ringSetError(src)->error; 

= 1; 

;)  < 

i = ringlterNextObjectliter,  level); 
if  (i  > 0)  -C 

obj  = ringlterCurrentObjectCiter,  level); 
i = predi cateCarg,  iter,  obj,  level); 
if  ( i < 0 ) { 

ringlterDestroy(iter); 
return  i ; 


if  ( i ) { 


/*  Calculate  total  number  of  keys 
total  +=  (level  ==  1 ) ; 

/*  r i ng S e t AddOb j e c t ( d e s t , obj)  */ 
obj->g.mask  |=  dest->mask; 
++level;  /*  Recurse!  */ 
ringlterRewindliter,  level); 


> else  C 


if  (i  < 0 ||  '.--level) 

break; 


ringlterDestroy(iter); 

/*  Return  error  or  number  of  keys  found  */ 

return  (i  < 0)  ? i : (total  < I N T_M  AX)  ? total  : I N T_M  AX; 


*/ 


/* 
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* Return  pointer  to  first  instance  of  (si,  11)  in  (sO,LO), 

* ignoring  case.  Uses  a fairly  simple-minded  algorithm. 

* Search  for  the  first  char  of  si  in  sO,  and  when  we  have  it, 

* scan  for  the  rest. 

* 

* Is  it  worth  mucking  with  Boyer-Moore  or  the  like? 

*/ 

static  char  const  * 

xmem i mem ( c h a r const  *s0,  size_t  10,  char  const  *s1,  size_t  11) 

{ 

char  cO,  cl,  c 2 ; 
s i z e_t  l ; 

/ * 

* The  trivial  cases  - this  means  that  NULL  inputs  are  very  legal 

* if  the  correspi ndi  ng  lengths  are  zero. 

*/ 

if  (10  < 11  ) 

return  NULL; 

if  ( ! 11 ) 

return  s 0 ; 

10  -=  11; 

cl  = t o l o w e r ( ( u n s i g n e d char)*s1); 
do  { 

cO  = tolower((unsigned  c h a r ) * s 0 ) ; 
if  (cO  ==  cl)  { 
l = 0; 
do  { 

if  ( ++ 1 ==  11) 

return  s 0 ; 

cO  = tolower((unsigned  char)sOClT); 
c 2 = tolower( (unsigned  char)s1Cl]); 

> while  (cO  ==  c 2 ) ; 

> 

s 0 + + ; 

> while  (10—); 
return  NULL; 

> 

struct  KeySpec  { 

char  const  * k e y i d , *name; 
si ze_t  keyidlen,  namelen; 
i n t use; 

>; 

/ * 

* Allowed  formats  for  the  keyspec  are: 

* NULL,  - Match  everything 

* "0x123c"  - match  everything  with  a keylD  containing  "123c" 

* "Name"  - match  everything  with  a name  containing  "name"  ( c a s e- i n s e n s i t i v e ) 

* " 0 x 1 2 3 c : na me " - match  everything  satisfying  both  requirements 

* 

* This  returns  pointers  to  "keyidspec"  and  "uidspec",  the  portions  of  the 

* input  keyspec  string  which  should  match  the  keylD  and  userlD  portions, 

* or  NULL  if  there  are  no  such  portions  (which  means  "always  mauch"). 

* 

* This  function  cannot  have  any  errors.  At  worst,  the  entire  string 

* is  taken  to  be  a uid  match.  Some  corner  cases: 
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* 0 

* Ox 

* Ox: 

* 0x12345678: 

* 0x1 2345678 : f oo 

* 0x12345678 ; f o o 

* 0x12345678 

* 0x123456789 
*/ 

static  void 
keyspecSplitCchar 
{ 


->  No  keyidspec,  namespec  of  "0" 

->  Empty  keyidspec,  no  namespec 
->  Empty  keyidspec,  empty  namespec 
->  Keyidspec  of  "12345678",  empty  namespec 
->  Keyidspec  of  "12345678",  namespec  of  "foo" 
->  No  keyidspec,  namespec  of  "0x12345678; foo" 
->  Keyidspec  of  "12345678",  no  namespec 
->  No  keyidspec,  namespec  of  " 0 x 1 2 34 5 6789 " ( a t 


const  *string,  int  use,  struct  KeySpec  *spec) 


unsigned  i; 


most 


8 digits!) 


spec->use  = use; 

spec->keyidlen  = spec->namelen  = 0;  / * Match  anything  * / 

/*  NOLL  is  nothing  */ 
if  (! string) 

return; 

/*  Does  it  look  like  it  might  start  with  a keylD  spec?  */ 
if  (stringLOO  ==  'O'  88  (stringCIO  ==  'x'  ||  stringCIO  ==  'X'))  f 

i = 2; 

/*  Accept  no  more  than  8 hex  digits  */ 
while  ( i sxd i g i t ( s t r i ng L i 3 ) 88  ++i  !=  2 + 8) 

r 

/*  Then  check  for  proper  termination:  NULL  or  : */ 

if  (IstringCiD)  { 

spec->keyid  = string+2; 
spec->keyidlen  = i - 2 ; 
return; 

> else  if  (stringCi]  ==  ':')  f 

spec->keyid  = string+2; 
spec->keyidlen  = i-2; 
string  +=  i + 1 ; 

> /*  Otherwise  forget  it,  it's  all  namespec  */ 

> 

/*  If  not  "*",  it's  a pattern  */ 
if  (stringCOH  !=  '*'  ||  stringCID)  { 

spec->name  = string; 
s p e c -> n a me  l e n = strlen(string); 

> 

> 


/ * 

* Return  true  if  string  "arg"  (terminated  by  null  or  ':')  appears  in 

* the  hex  expansion  of  the  given  keylD.  C a s e- i n s e n s i t i v e . 

* / 

static  int 

ma t c h Key  I D ( by t e const  keyIDC8],  char  const  *pat,  si ze_t  len) 

{ 

char  b u f C 8 D ; 

char  const  hexL16]  = { 
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>; 


buf COD 

= h ex  C 

keyIDC4D 

>> 

4 

3; 

buf Cl D 

= h e x C 

keyIDC4D 

1 5 

3; 

buf C2D 

= h e x C 

keyIDC5D 

>> 

4 

3; 

buf C3D 

= h e x C 

keyIDC5D 

8 

1 5 

3; 

buf C4D 

= h ex  C 

keyIDC6D 

>> 

4 

3; 

buf C5D 

= h e x C 

keyIDC6D 

8 

1 5 

3; 

buf C6D 

= h e x C 

keyIDC7D 

>> 

4 

3; 

buf C73 

= h e x C 

keyIDC7D 

8 

1 5 

3; 

return  xmemimem(buf,  8,  pat,  Len)  !=  NULL; 

> 

static  i n t 

p r e d i c a t e F i L t e r N a m e ( v o i d *arg,  struct  Ringlterator  *i  ter, 
union  RingObject  *obj,  unsigned  Level) 

{ 

struct  KeySpec  const  * s p e c ; 
struct  RingSet  const  * s e t ; 
byte  i d 8 C 8 □ ; 
char  const  * n a m ; 
s i z e_t  Len; 
i n t i ; 


if  (Level  > 1) 

return  1;  / * ALL  children  included  if  top  Level  is  * / 

assert(OBJISKEYCobj)); 

spec  = (struct  KeySpec  const  *)arg; 
set  = ringlterSet(iter); 


/*  Check  for  usage  */ 

if  (spec->use  88  ( r i ng Key U s e ( s e t , ob j ) & s pe c-> u s e ) !=  spec->use) 

return  0;  / * Doesn't  have  required  usage  * / 


i f 


> 


( s pe c -> ke y i d L e n ) { 

ringKeyID8(set,  obj,  NULL,  i d 8 ) ; 

if  ( ! ma t c h Ke y I D ( i d8 , spec->keyid,  s p e c - > k e y i d L e n ) ) { 

union  RingObject  *subkey  = ringKeySubkey(set,  obj); 
if  (Isubkey) 

return  0; 

r i n g Ke y I D 8 ( s e t , subkey,  NULL,  i d 8 ) ; 

if  ( ! ma t c h Key  I D ( i d 8 , spec->keyid,  s pe c -> k ey i d L e n ) ) 
return  0; 


> 


/* 

* This  isn't  quite  consistent,  because  it'LL  accept  a key 

* with  *no*  names  if  the  name  specification  is  empty. 

* / 

if  ( s pe c -> n a me L e n ==  0) 

return  1;  /*  Match!  */ 

/ * 

* Search  names  for  a matching  name.  If  *one*  is  found, 

* the  entire  key,  including  all  names,  is  taken 
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> 


* / 


while 


> 


( ( i = r i n g 1 1 e r N e x t 0 b j e c t ( i t e r , 2))  > 0)  ( 

obj  = ringIterCurrentObject(iter,  2 ) ; 
if  ( r i ng 0 b j e c t Ty pe ( ob j ) !=  R I N G T Y P E_N AM E ) 

continue; 

nam  = r i n g N a m e N a m e ( s e t , obj,  Slen); 
if  ( ! n a m ) 

return  ringSetError(set)->error; 
if  ( xmem i mem ( nam,  len,  spec->name,  spec->name  l en  ) ) 
return  1;  / * Match,  take  it!  ★ / 


return 


/ * No  match  or 


error  * / 


/* 

* Perform  filtering  based  on  a keyspec. 

* Use  is  a PGP_PKUSE  value  to  specify  the  purpose  of  the  key. 

* Pass  0 to  match  all  keys.  PG P_PKU S E_S I G N_E N C R Y PT  gets  only  ones 

* can  do  both  things. 

* / 
i n t 

ringSetFi IterSpecCstruct  RingSet  const  *src,  struct  RingSet  *dest, 
char  const  *string,  int  use) 

{ 


struct  KeySpec  spec; 


which 


keyspecSplitCstring,  use,  Sspec); 

return  ringSetFi  IterCsrc,  dest,  predicateFilterName,  (void  *)Sspec); 


/ * 

* Find  the  most  recent  secret  key  matching  a keyspec. 

* Limit  keys  to  those  which  have  the  specified  use.  Pass  0 to  match 

* all  uses.  If  tstamp  is  nonzero,  also  checks  for  expiration  of  keys. 
*/ 


union  RingObject  * 

ringLatestSecretlstruct  RingSet  const 

word32  tstamp. 


★set,  char 
int  use) 


const 


★string. 


struct  KeySpec  spec; 

struct  Ringlterator  * i t e r ; 

union  RingObject  *obj,  *best  = NULL; 

word32  objtime,  besttime  = 0; 

word32  exptime; 

int  i ; 


if  ( ! s e t ) 

return  NULL; 


iter  = ringlterCreate(set); 
if  (liter) 

return  NULL;  /*  How  to  dostinguish  from  no  luck?  */ 

keyspecSplit(string,  use,  Sspec); 

while  ( r i ng  1 1 e r N e x t Ob j e c t ( i t e r , 1)  > 0)  ( 

obj  = ringIterCurrentObject(iter,  1); 
assert(obj  ); 

if  ( ! r i ng Key  I s S e c ( s e t , obj)) 
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> 


continue; 

if  CringKeyRevokecKset,  obj)) 
continue; 

i = predicateFi  IterNameC (void  * ) & s p e c , iter,  obj,  1); 
if  ( ! i ) 

continue; 
if  ( i < 0 ) -C 

ringObjectRelease(best)  ; 

best  = NULL; 

break; 

> 

objtime  = r i ngKey C reat i on ( set,  obj); 

exptime  = ringKeyExpiration(set,  obj); 

if  (besttime  <=  objtime  SS  ( ! tstamp  ||  lexptime  || 

tstamp  <=  exptime))  { 

r i ngOb j e c t Re L e a s e ( be s t ) ; /*  OK  if  best 

best  = obj; 
ringObjectHold(best); 
besttime  = objtime; 

> 

} 

ringlterDestroy(iter); 
return  best; 


NULL  */ 
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ringpub.h 

/ * 

* $ I d : ringpub.h, v 1.47.2.1  1 996/1  1 / 1 4 04:09:28  cbertsch  Exp  $ 
*/ 

# i f n d e f P G P_R I N G P U B_H 
//define  P G P_R I N G P U B_H 
/ * Public  * / 

//include  "pgp/usua l s . h" 

//ifndef  OLDTRUST 
//define  OLDTRUST  0 
Send i f 

/* 

* Opaque  types 
*/ 

union  RingObject ; 

# i f n d e f T Y P E_R I N G 0 B J E C T 
//define  T Y P E_R I N G 0 B J E C T 1 

typedef  union  RingObject  RingObject; 

# e nd  i f 

struct  RingSet; 

# i f n d e f T Y P E_R I N G S E T 

# d e t i n e T Y P E_R I N G S E T 1 
typedef  struct  RingSet  RingSet; 

U e n d i f 

struct  Ringlterator; 

# i f n d e f T Y P E_R I N G I T E R A T 0 R 
#define  T Y P E_R I N G I T E R A TO R 1 

typedef  struct  Ringlterator  Ringlterator; 

Send  i f 

struct  RingFile; 

# i f nde  f T Y P E_R I NG F I LE 
//define  T Y P E_R  I N G F I L E 1 

typedef  struct  RingFile  RingFile; 

# e nd i f 

struct  RingPool; 

# i f n d e f T Y P E_R I N G P 0 0 L 

# d e f i n e T Y P E_R I N G P 0 0 L 1 

typedef  struct  RingPool  RingPool; 

# e n d i f 

/* 

* Types  not  defined  here 
*/ 

struct  PgpEnv; 

#ifndef  T Y P E_P  G P E N V 

//define  T Y P E_P  G P E N V 1 

typedef  struct  PgpEnv  PgpEnv; 

# e n d i f 

struct  PgpPubKey; 

# i f n d e f TYPE  PGPPUBKEY 
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# d e f i n e T Y P E_PG P P UBKE Y 1 

typedef  struct  PgpPubKey  PgpPubKey; 

#e  nd  i f 

struct  PgpSecKey; 

# i f nde  f T Y P E_PG P S E C KE Y 

#def i ne  T Y P E_PG P S E C KE Y 1 

typedef  struct  PgpSecKey  PgpSecKey ; 

#endi  f 

/ * 

* Okay,  finally  we  start  the  function  declarations. 

*/ 

struct  RingPool  *ri ngPoolCreateCstruct  PgpEnv  const  *env) ; 
/*  Destroy  everything  immediately,  dropping  all  locks!  */ 
void  ringPoolDestroyCstruct  RingPool  * ) ; 

struct  RingError  { 

struct  RingFile 
w o r d 3 2 fpos; 
int  error; 
int  syserrno; 

>; 

# i f n de  f T Y P E_R I N G E R R 0 R 
^define  T Y P E_R I N G E R R 0 R 1 
typedef  struct  RingError  RingError; 

# e n d i f 


* f ; / * The  RingFile  for  I/O  errors  * / 

/*  The  file  position  for  I/O  errors  */ 

/*  PGP  error  code  - PGPERR_*  */ 

/*  Don't  use  plain  "errno";  that's  a macro!  */ 


struct  RingError  const  *ringPoolError(struct  RingPool  const  *); 
void  ringPoolClearErrorCstruct  RingPool  * ) ; 


/* 

* 

* 

★ 

★ 

★ 

★ 

★ 


A RingSet  is  the  root  of  a tree  of  objects.  The  RingSet  itself 
is  not  a RingObject,  but  everything  else  under  it  is. 

A full  tree  looks  basically  like  this: 

RingSet 
+ — Key 

+--Secret  (0  or  more) 

+--Signature  (0  or  more) 


★ 

1 

+ - 

-Signature  (0 

o r 

more) 

★ 

1 

+ - 

-Name  (0  or  more) 

★ 

1 

1 

+--Signature 

(0 

o r 

more) 

★ 

1 

1 

\ — Si gnature 

(0 

o r 

more) 

★ 

1 

\- 

-Name  (0  or  more) 

★ 

1 

\ — Si gnature 

(0 

o r 

more) 

* +--Key 

* | +--e  t c 

* etc. 


* 

* A "secret"  object  is  present  if  the  key's  secret  components  are 

* available.  In  the  standard  PGP  keyring  file  format,  this  is 

* actually  stored  with  the  key  as  a different  type  of  key  packet, 

* but  the  representation  here  is  logically  equivalent. 


* 

* There  is  one  secret  object  per  encrypted  form  of  the  secret 

* components.  Barring  duplicate  key  errors,  there  is  only  one 

* secret  object  per  file  (if  you  attempt  to  write  out  more,  the 

* library  will  make  a guess  at  the  best  and  write  that  out),  but. 
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* for  example,  changing  the  passphrase  will  create  a second  secret. 

•k 

* Some  sets  are  mutable,  and  RingObjects  can  be  added  to  or  deleted  from 

* them,  but  the  tree  property  is  always  preserved.  Adding  an  object 

* implicitly  adds  all  of  its  parents.  Deleting  an  object  implicitly 

* deletes  all  of  its  children. 

* / 

int  ringObjectTypelunion  RingObject  const  * o b j ) ; 

/ * Type  0 is  reserved  for  application  use;  it  will  never  be  allocated  * / 

//define  R I N G T Y P E_K  E Y 1 

//define  R I N G T Y P E_S  E C 2 

//define  R I N G T Y P E_N A M E 3 

//define  R I N G T Y P E_S I G 4 

//define  RINGTYPE_UNK  5 /*  Object  of  unknown  type  */ 

# d e f i n e R I N G T Y P E_M  A X 5 

/*  Adding  a new  type  needs  to  update  r i n g 0 b j e c t Ty p e ( ) and  r i n g N e w 0 b j e c t ( ) */ 


/* 

* Increase  and  decrease  RingObject  reference  counts.  The  ringlter 

* functions  hold  their  current  objects  (at  the  current  level  and  all 

* parent  levels)  automatically  and  release  them  when  the  ri nglterator  is 

* advanced  to  another  location.  If  you  wish  to  refer  to  them  after 

* advancing  the  Ri ngl terator.  Other  functions  that  return  RingObject 

* pointers  hold  them  automatically,  and  they  must  be  released  explicitly 

* by  r i n g 0 b j e c t R e l e a s e ( ) . 

*/ 

void  r i ng 0 b j e c t H o l d ( u n i on  RingObject  *obj); 
void  r i ngOb j e c t Re l ea s e ( un i on  RingObject  *obj); 


/*  Operations  on  RingSets  */ 


struct  RingPool  *r i ngSet Poo  l ( s t rue t RingSet  const  *); 

struct  RingError  const  *ringSetError(struct  RingSet  const  *); 
void  ringSetClearError(struct  RingSet  *); 

int  ringSetlsMemberCstruct  RingSet  const  * s e t , union  RingObject  const  * o b j e c t ) ; 
int  ringSetCountCstruct  RingSet  const  * s e t , unsigned  *counts,  unsigned  depth); 
int 

ringSetCountTypesCstruct  RingSet  const  * s e t , unsigned  *counts,  unsigned  max); 

/*  Create  a new  mutable  RingSet  */ 

struct  RingSet  *ringSetCreate(struct  RingPool  * p o o l ) ; 

/*  Free  a RingSet  (mutable  or  immutable)  */ 
void  ringSetDestroy(struct  RingSet  * s e t ) ; 

/*  Operate  on  a mutable  RingSet  */ 

int  ringSetAddObject(struct  RingSet  * s e t , union  RingObject  * o b j ) ; 
int  ringSetRemObject(struct  RingSet  * s e t , union  RingObject  * o b j ) ; 
int  ringSetAddSet(struct  RingSet  * s e t , struct  RingSet  const  * s e t 2 ) ; 
int  ringSetSubtractSet(struct  RingSet  * s e t , struct  RingSet  const  * s e t 2 ) ; 

/*  Convert  a mutable  RingSet  to  immutable  */ 
int  ringSetFreeze(struct  RingSet  * s e t ) ; 

/*  Operate  on  immutable  RingSets  */ 

struct  RingSet  *ringSetCopy(struct  RingSet  const  *s); 
struct  RingSet  * 

ringSetUnion(struct  RingSet  const  * s 1 , struct  RingSet  const  *s2); 
struct  RingSet  * 


840 


lib/ pgp/keys/ ringpub.h 


ringSetlntersectionCstruct  RingSet  const  *s  1 , struct  RingSet  const  * s 2 ) ; 
struct  RingSet  * 

ringSetDifferenceCstruct  RingSet  const  * s 1 , struct  RingSet  const  * s 2 ) ; 

/*  Lookups  by  keylD  */ 
union  RingObject  * 

ringKeyById8(struct  RingSet  const  * s e t , byte  pkalg,  byte  const  * k e y i d ) ; 

/*  Operations  on  Ringlterators  */ 

struct  Ringlterator  *ringIterCreate(struct  RingSet  const  net); 
void  ringlterDestroyCstruct  Ringlterator  * i t e r ) ; 

struct  RingSet  const  *ringIterSet(struct  Ringlterator  const  * i t e r ) ; 
struct  RingError  const  *ringIterError(struct  Ringlterator  const  * i t e r ) ; 
void  ringlterClearErrorlstruct  Ringlterator  * i t e r ) ; 

int  ringlterNextObjectCstruct  Ringlterator  * i t e r , unsigned  level); 
int  ringlterPrevObjectCstruct  Ringlterator  * i t e r , unsigned  level); 
unsigned  ringlterCurrentLeveKstruct  Ringlterator  const  * i t e r ) ; 
union  RingObject  *ringIterCurrentObject(struct  Ringlterator  const  *iter, 
unsigned  level); 

int  ringlterNextObjectAnywhereCstruct  Ringlterator  * i t e r ) ; 

int  r i ng 1 1 e r Rewi nd ( s t rue  t Ringlterator  * i t e r , unsigned  level); 

int  ringlterFastForwardlstruct  Ringlterator  *i ter,  unsigned  level); 

int  ringlterSeekToCstruct  Ringlterator  * i t e r , union  RingObject  * o b j ) ; 

/*  RingFile  access  functions  */ 

struct  PgpFile  * r i n g F i l e F i l e ( s t r u c t RingFile  const  *file); 
struct  RingSet  const  *ringFileSet(struct  RingFile  const  * f i l e ) ; 

PgpVersion  ringFi  l eVersi on ( s t rue t RingFile  const  * f i l e ) ; 

int  ringFi LelsDirtyCstruct  RingFile  const  * f i l e ) ; 

int  ringFi LelsTrustChangedCstruct  RingFile  const  *file); 

/*  Alias  for  r i n g S e t E r r o r ( r i n g F i l e S e t ( f i l e ) ) */ 

struct  RingError  const  *ringFi  leErrorCstruct  RingFile  const  * f i l e ) ; 
void  ringFi  leClearErrorlstruct  RingFile  * f i l e ) ; 

int 

r i ng Se t F i 1 1 e r ( s t r u c t RingSet  const  *src,  struct  RingSet  *dest, 

int  (*predi cate) (void  *arg,  struct  Ringlterator  *i  ter, 

union  RingObject  *object,  unsigned  level), 

void  * a r g ) ; 

int  ringSetFilterSpecCstruct  RingSet  const  *src,  struct  RingSet  *dest, 
char  const  *string,  int  use); 

union  RingObject  * 

ri  ngLatestSecret ( st ruct  RingSet  const  *set,  char  const  *string,  word32  tstamp, 
int  use); 


/*  Object  access  functions  */ 

int  ringKeyErrorlstruct  RingSet  const  *set,  union  RingObject  *key); 
unsigned  ringKeyBitslstruct  RingSet  const  *set,  union  RingObject  *key); 
word32  ringKeyCreationCstruct  RingSet  const  *set,  union  RingObject  *key); 
word32  ringKeyExpi rationCstruct  RingSet  const  *set,  union  RingObject  *key); 
void  ringKey!D8(struct  RingSet  const  *set,  union  RingObject  const  *key. 
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i n t 

r i 

byte 

r i 

void 

r i 

i n t 

r i 

void 

r i 

void 

r i 

i n t 

r i 

void 

r i 

i n t 

r i 

# i f 

OL 

w o r d 1 6 
# e n d i f 


byte  *pkalg,  byte  ★ b u f ) ; 

igKeyUse(struct  RingSet  const  * s e t , union  RingObject  * k e y ) ; 
igKeyTrust (struct  RingSet  const  *set,  union  RingObject  * k e y ) ; 
i g Ke y S e t T r u s t ( s t r u c t RingSet  const  *set,  union  RingObject  *key, 
byte  trust); 

i g Ke y D i s a b L e d ( s t r u c t RingSet  const  *set,  union  RingObject  *key) 
igKeyDisableCstruct  RingSet  const  *set,  union  RingObject  * k e y ) ; 
i g Key E na b L e ( s t r u c t RingSet  const  *set,  union  RingObject  *key); 
igKeyRevoked(struct  RingSet  const  *set,  union  RingObject  * k e y ) ; 


ringKeyConfidenceCstruct 


RingSet 

const 

* s e t , uni 

on 

RingObject 

★key); 

gSet  const  *set,  union 

R i 

ngObject  *key); 

RingSet 

const 

* s e t , uni 

o n 

RingObject 

* k e y ) ; 

RingSet 

const 

★set,  uni 

on 

RingObject 

★ key. 

RingSet 

const 

★set,  uni 

o n 

RingObject 

★ key. 

byte  ★ b u f ) ; 

int  r i n g Ke y F i n g e r p r i n t 2 0 ( s t r u c 
byte  ★but); 

int  r i n g Ke y Add S i g s by ( s t r u c t RingSet  const  *set,  union  RingObject  *key, 
struct  RingSet  * d e s t ) ; 


/*  Given  a Ring  Object,  obtain  a PgpPubKey  or  a PgpSecKey  */ 

int  ringKeyIsSec(struct  RingSet  const  * s e t , union  RingObject  *key); 

union  RingObject  *ringKeySubkey(struct  RingSet  const  *set, 

union  RingObject  const  *key); 

struct  PgpPubKey  * r i n g Key P ubKey ( s t r u c t RingSet  const  *set, 

union  RingObject  * k e y , int  use); 
struct  PgpSecKey  * r i n g S e c S e c Key ( s t r u c t RingSet  const  *set, 

union  RingObject  ★ s e c , int  use); 

char  const  * r i n g N a m e N a m e ( s t r u c t RingSet  const  *set,  union  RingObject  *name, 
size_t  * l e n p ) ; 

byte  ringNameTrust(struct  RingSet  const  ★ s e t , union  RingObject  * n a m e ) ; 
int  ringNameWarnonlyCstruct  RingSet  const  * s e t , union  RingObject  ★ n a m e ) ; 
void  ringNameSetWarnonlyCstruct  RingSet  const  * s e t , union  RingObject  * n a m e ) ; 
#if  ! OLDTRUST 


word16  ringNameValidityCstruct  RingSet  const  * s e t , union  RingObject  * n a m e ) ; 
word16  ringNameConfidenceCstruct  RingSet  const  * s e t , union  RingObject  * n a m e ) ; 
int  r i n g N a me C o n f i d e n c e U nd e f i n e d ( s t r u c t RingSet  const  *set, 

union  RingObject  *name); 

void  ringNameSetConfidenceCstruct  RingSet  const  *set, 

union  RingObject  *name,  word16  confidence); 


# e nd i f 


int  ringSigError(struct  RingSet  const  * s e t , union  RingObject  * s i g ) ; 
union  RingObject  * r i n g S i g Ma k e r ( s t r u c t RingSet  const  *sset, 
union  RingObject  * s i g , struct  RingSet  const  * k s e t ) ; 
void  ringSigID8(struct  RingSet  const  * s e t , union  RingObject  const  * s i g , 
byte  * p k a l g , byte  ★but); 

byte  ringSigTrust(struct  RingSet  const  *set,  union  RingObject  *sig); 
int  ringSigChecked(struct  RingSet  const  *set,  union  RingObject  ★ s i g ) ; 
int  ringSigTriedCstruct  RingSet  const  *set,  union  RingObject  *sig); 
ft  if  ! OLDTRUST 

word16  ringSigConfidenceCstruct  RingSet  const  *set,  union  RingObject  *sig); 
#end i f 

int  ringSigTypeCstruct  RingSet  const  *Set,  union  RingObject  const  *sig); 
word32  r i ng S i g T i me s t a mp ( s t r u c t RingSet  const  *Set, 
union  RingObject  const  *sig); 
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ft  e nd  i f / 


* P G P_R I N G P U B H */ 
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ringread.c 


/ * 

* ringread.c  - Read  in  various  parts  of  a keyring. 

* 

* The  big  function  (>500  lines,  yeep!)  is  r i n g F i l e 0 p e n ( ) ; it  opens  another 

* keyring  and  merges  it  with  the  collection  in  memory.  Most  of  the  others 

* are  its  helpers.  This  is  where  PGPlib's  great  robustness  in  the  face  of 

* badly  mangled  keyrings  is  achieved.  *Every*  keyring  comes  through  here, 

* and  it  validates  its  inputs  to  the  point  of  paranoia. 

* 

* This  file  is  too  big  - what  should  be  split  out? 

* There  are  a lot  of  s i m i l a r - b u t -n o t -q u i t e functions.  Perhaps  some 

* rethinking  will  allow  parts  of  them  to  be  merged? 

* 

* Written  by  Colin  Plumb. 

* 

* $ I d : ringread.c, v 1.70.2.3  1996/11/14  04:09:30  cbertsch  Exp  $ 

*/ 


# i f d e f HAVE  CONFIG  H 


//include 

"config.h" 

# e n d i f 

//include 

<assert  . h> 

//include 

<errno  . h> 

//include 

< s t d i o . h > 

//include 

<string.h> 

//include 

"makesig.h" 

//include 

"mempoo  l . h " 

//include 

"pktbyte.h" 

//include 

" r i ngmnt  . h " 

//include 

"ringpars.h" 

//include 

"ringpkt.h" 

//include 

"ringpriv.h" 

//include 

"trust  . h" 

//include 

"trustpkt.h" 

//include 

"pgp/hash.h" 

/(include 

"pgp/keyspec.h" 

# i nc  l ude 

"pgp/pgpmem.h" 

//include 

"pgp/pgpenv  . h" 

//include 

"pgp/pgperr.h" 

# i n c l u d e 

"pgp/pubkey.  h" 

//include 

"pgp/pgpfi  le.h" 

ft  i n c l ude 

"pgp/ringread.h" 

ft  include 

"pgp/sigspec.h" 

ft  i f nde  f 

NULL 

# d e f i n e 

NULL  0 

ft  e n d i f 


/*  for  PGP  SIGTRUSTF_CHECKED_TRIED  */ 


/ * 

* The  largest  legal  PGP  key  uses  a 64Kbit  key,  which  is  8Kbytes. 

* As  a public  key,  there's  also  12  bytes  of  overhead,  plus  a 

* public  exponent  (usually  1 byte,  sometimes  3,  it's  just  stupid 

* to  make  it  any  larger). 

* Stored  in  a secret  key  an  extra  11+IV  bytes  of  overhead  and 

* the  secret  exponent  (8K),  factors  p and  q (4+4=8K),  and  multiplicative 

* inverse  u (4K).  A total  of  28K  of  data,  plus  23+IV+e  extra  bytes. 

* With  an  8-byte  IV,  that's  31+e  bytes.  Add  an  extra  byte  to  allow 
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* for  p and  q of  differing  Lengths. 

* But  for  now,  reduce  this  by  a factor  of  8,  to  8Kbits,  which  changes 

* the  maximum  sizes  to  IK+overhead  and  3.5K  + overhead. 

* 


* Without  these  Limits,  a non-fataL  error  (object  too  big)  becomes 

* a fataL  error  (out  of  memory)  and  the  i mp L erne n t a t i on  becomes 

* Less  robust.  However,  the  Limits  can  be  set  quite  high  without 

* harm.  (Keep  the  maximum  key  size  to  64K,  though.) 

*/ 


#d  e f i n e R I N G M P I_M A X 1024 

^define  R I NG KE Y_M A X L E N ( R I N G M P I_M A X + 1 2 + 3 u ) 

#de  f i ne  R I NG S E C_M AX L E N ( 7 * R I N G M P I_M A X / 2 + 3 2 + 3 u ) 

# d e f i n e R I N G N A M E_M A X L E N 1 024u 

# d e f i n e R I N G S I G_M A X L E N ( R I N G M P I_M A X + 2 1 u ) 
tfdefine  R I N G U N K_M AX L E N R I N G S E C_M A X L E N 

/*  RINGTRUS  T_M  A X L E N is  impLicit  */ 


/*  Maximum  8Kbits  */ 

/ * PubLic  key  maximum  size  */ 
/*  Secret  key  maximum  size  */ 
/*  Name  maximum  size  */ 

/*  Signature  maximum  size  */ 


/***  Working  with  the  FiLePos  chain  ***/ 


/* 

* A note  about  the  FiLePos  chain.  Each  object  has  one  FiLePos  right 

* inside  itseLf,  which  is  the  head  of  a List  of  external  (allocated) 

* ones.  There  is  one  FiLePos  for  each  key  file  an  object  exists  in, 

* and  they  are  kept  in  increasing  order  by  bit  number. 

* Every  object  (except  dummy  keys,  which  aren't  excessively  numerous, 

* especially  in  Large  keyrings)  is  present  in  at  Least  one  physical 

* keyring,  so  this  saves  one  next  pointer  when  we're  trying  to  conserve 

* memory  for  MS-DOS,  at  the  expense  of  complicating  the  task  of 

* adding  to  and  removing  from  the  List. 


* 


* This  is  because  the  first  entry  in  the  chain  is  statically  allocated. 

* An  actual  allocation  is  performed  when  an  entry  is  added  to  the 

* chain  in  a location  other  than  the  first,  or  is  bumped  from  first 

* place  by  something  else.  A FiLePos  is  freed  when  an  entry  is  deleted 

* from  the  chain,  or  the  first  one  is  deleted  and  the  second  moves  into 

* its  place. 

* 

* One  more  piece  of  magic:  because  there  is  no  need  for  the  FilePos  chain 

* to  be  null-terminated  (the  number  of  entries  in  it  is  given  by  the 

* mask),  physical  key  ring  MEMRINGBIT  (which  is  the  last  FilePos  in  the 

* chain,  so  its  next  pointer  is  unused)  is  reserved  for  memory  objects. 

* the  next  pointer  and  fpos  record  the  location  in  memory  and  size  of 

* the  memory  buffer  holding  the  object,  respectively. 

* / 


/*  Find  the  position  of  an  object  in  the  given  file  */ 
static  struct  FilePos  * 

ringFi lePos(union  RingObject  const  *obj,  struct  RingFile  const  *file) 

{ 

struct  FilePos  const  * p o s = 8obj->g.pos; 
ringmask  mask; 


assert(obj->g.mask  8 file->set.mask); 

mask  = obj->g.mask  & file->set.pool->filemask  8 (file->set. mask-1  ); 
while  (mask)  { 

pos  = pos->ptr.next; 
mask  8=  mask-1; 

> 

return  (struct  FilePos  *)pos; 
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> 


/*  Allocate  a FilePos  from  a RingFile.  */ 
static  struct  FilePos  * 

ringFi LeNewFi LePosCstruct  RingFile  *file) 

{ 

struct  FilePos  *pos  = file->freepos; 


if  (pos)  { 

f i le->f reepos  = pos->ptr . next; 

> else  { 

pos  = (struct  FilePos  * ) memPoo  l New ( Sf i l e-> f pos  , s t r u c t 
if  ( ! po  s ) 

ringAllocErr(fi  le->set.pool); 


> 


F i lePos); 


return  pos; 

} 

static  void 

ringFileFreeFilePosCstruct  RingFile  * f i l e , struct  FilePos  * p o s ) 
t 

pos->ptr.next  = f i le->f reepos; 
file->freepos  = pos; 

> 

/ * 

* Allocate  and  add  a FilePos  to  the  object's  chain  in  the  right  place. 

* This  function  makes  no  attempt  to  initialize  the  resultant  FilePos. 

* 

* NOTE  that  the  bit  specified  to  add  may  or  may  not  be  present  in 

* the  ring's  filemask.  This  function  must  not  care. 

* / 

static  struct  FilePos  * 

r i ng Add F i l e Pos ( un i on  RingObject  *obj,  struct  RingFile  *file) 

{ 

ringmask  mask  = obj->g.mask  & f i l e-> s e t . poo l -> f i l ema s k ; 
ringmask  m a s k 2 = f i l e->set . mask; 
struct  FilePos  *pos,  * p o s 2 ; 
i n t bit; 

assertt ! (mask  & mask2)); 
if  (mask  & (mask2-1))  ( 

/*  FilePos  to  add  is  not  the  first  in  the  chain  */ 
mask  & = (mask2-1); 

pos2  = ringFi  leNewFilePos(file); 
if  ( ! po s 2 ) 

return  NULL; 

/*  Find  the  predecessor  of  the  one  to  be  added  */ 
pos  = &obj->g.pos; 
while  ((mask  mask-1)  !=  0)  { 
pos  = pos->ptr . next; 
assert(pos); 

> 

/*  Insert  pos2  into  the  chain  after  pos  */ 
pos2->ptr.next  = pos->ptr.next; 
pos->ptr.next  = pos2; 
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> else  { 

/*  First  FilePos  in  the  chain  */ 
pos2  = &obj->g.pos; 
if  ( ! ma  s k ) f 

/*  First  and  only  FilePos  on  chain  */ 
pos  = NULL; 

> else  L 

/ * First  FilePos;  bump  down  the  old  first  * / 
bit  = ringLsBitFind(mask); 
assertCbit  >=  0); 

file  = &file->set.pool->filesCbit]; 
pos  = r i n g F i l e N e w F i l e Po s ( f i l e ) ; 
if  ( ! po  s ) 

return  NULL; 

* p o s = * p o s 2 ; 

> 

pos2->ptr.next  = pos; 

> 

obj->g.mask  |=  m a s k 2 ; 
return  pos2; 

> 


static  i n t 

ri  ngAddPos ( uni  on  RingObject  *obj,  struct  RingFile  *file,  word32  fpos) 
{ 

struct  FilePos  * p o s ; 

pos  = ringAddFilePos(obj,  file); 
if  ( ! po  s ) 

return  PG P E R R_N 0M E M ; 
pos->f pos  = fpos; 
return  0; 

> 

/* 

* This  is  needed  in  one  obscure  error  case  to  keep  things 

* consistent.  The  case  is  when  a secret  key  appears  in  the  same 

* file  as  the  corresponding  public  key,  only  later. 

* / 

static  void 

r i ng A l t e r F i l e Po s ( un i on  RingObject  *obj,  struct  RingFile  const  *file, 
word32  fpos) 

{ 

ringmask  mask  = obj->g.mask  & file->set.pool~>filemask; 
struct  FilePos  *pos; 


> 


assert (mask  S file->set.mask); 
mask  &=  file->set.mask  - 1; 

for  (pos  = &obj->g.pos;  mask;  mask  &=  mask-1) 
pos  = pos->ptr.next; 
pos->f pos  = fpos; 


/* 

* Remove  a FilePos  from  an  object's  list. 

* 

* file  is  the  filepos  corresponding  to  "bit",  pos  is  the  head  of  a 

* FilePos  chain,  mask  is  the  bitmask  of  physical  key  rings,  and 

* bit  is  the  number  of  the  ring  to  have  its  position  removed. 
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* 

* NOTE  that  the  bit  specified  to  remove  may  or  may  not  be  present  in 

* the  r i n g -> f i L ema s k . This  function  must  not  care. 

* / 

static  void 

r i ng R em F i L e Po s ( un  i on  RingObject  *obj,  struct  RingFile  *file) 

{ 

ringmask  mask  = obj->g.mask  & file->set.pool->filemask; 
ringmask  mask2  = file->set.mask; 
struct  FilePos  * p o s , * p o s 2 ; 
i n t bit; 

/*  Is  the  bit  to  remove  *not*  the  Least  significant  bit?  */ 
if  (mask  & (mask2-1))  f 

/*  FilePos  to  remove  is  not  the  first  in  the  chain  */ 


> else 


/*  Find  the  predecessor  of  the  one  to  be  removed  */ 
mask  & = (mask2-1); 
pos  = &obj->g.pos; 
while  ((mask  & = mask-1)  !=  0)  ( 
pos  = pos->ptr . next; 
assert (pos  ) ; 

> 

/*  pos->next  is  the  one  to  be  removed  */ 
pos2  = pos->pt r . next ; 
assert(pos2); 
pos->ptr  = pos2->ptr; 

if  (mask2  ==  MEMRINGMASK)  /*  Debugging  aid  */ 

po s -> p t r . n e x t = NULL; 

{ 

/*  First  FilePos  - copy  second  to  first,  remove  second  */ 


/*  Clear  this  bit  from  the  mask  (in  case  we  need  to)  */ 
mask  &=  ~mask2; 


/ * 

* That's  it?  Well,  return  then.  The  caller  better 

* deallocate  this  object,  'cause  it  no  longer  exists 

* anywhere.  Use  position  -1  to  mark  an  unused  slot. 
*/ 


if  ( ! mask)  C 

obj->g.mask  &=  " m a s k 2 ; 

if  (mask2  ==  MEMRINGMASK)  /*  Debugging  aid 

obj->g. pos. ptr. next  = NULL; 
obj->g.pos.fpos  = (word32)-1;  /*  Debugging  aid 

return; 

> 


*/ 
* / 


/*  Find  the  bit  of  the  object  we  are  removing  */ 
bit  = ringLsBitFind(mask); 
assert(bit  > = 0); 

file  = &file->set.pool->filesCbit3; 


/*  Copy  the  next  pos  to  the  current  one  */ 
pos2  = obj->g. pos. ptr. next; 
assert(pos2); 
obj->g.pos  = *pos2; 

> 

/*  Free  the  FilePos  */ 
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ringFi LeFreeFilePos(file,  p o s 2 ) ; 
obj->g.mask  & = ~ m a s k 2 ; 

> 

/***  Closing  a Ringfile  ***/ 

/ * 

* Set  the  destruction  function  for  a RingFile. 

★ / 

void 

ringFi  LeSetDestructorCstruct  RingFile  * f i l e , 

void  (*destructor)  (struct  RingFile  *,  struct  PgpFile  * , void  *), 
void  *arg) 

{ 

f i le->destructor  = destructor; 
file->arg  = arg; 

> 


/ * 

* Helper  function  for  r i n g F i l e Do C l o s e . 

* 

* Delete  the  given  file's  FilePos  entries  from  the  objects  in 

* the  given  list,  and  delete  the  objects  if  they  are  no  longer 

* needed  (mask  has  gone  to  0).  Recurse  as  necessary. 

* 

* Note  that  this  is  not  used  on  the  main  keys  list,  because 

* there  we  need  to  preserve  dummy  keys  which  this  does  not 

* understand. 

* 

* This  also  removes  any  cached  names  from  objects. 

*/ 

static  void 

r i ng F i l eC l os eLi s t ( un i on  RingObject  **objp,  struct  RingFile  *file) 
{ 

union  RingObject  * o b j ; 

ringmask  const  mask  = f i le->set .mask; 

ringmask  const  filemask  = file->set.pool->filemask; 


> 


while 


> 


((obj  = *objp)  !=  NULL)  { 
if  (mask  & obj->g.mask)  { 

if  ( ! OBJ  ISBOKob  j ) ) 

ringFi  LeCloseList(Sobj->g.down,  fi  le); 
ringRemFilePos(obj,  file); 
if  (!(obj->g.mask  & filemask))  { 

assert(0BJISB0T(obj)  | | !obj->g.down); 
*objp  = obj->g.next; 

ringFreeObject(fi le->set . pool,  obj); 

> else  C 


> 

> else 


if  (OBJ ISNAME(ob j ) ) 

ri ngPurgeCachedName(Sobj->n,  mask); 
objp  = Sobj->g.next; 


objp  = &obj->g.next; 


/ * 

* Close  the  given  Ringfile.  Returns  an  error  if  it  can't  due  to 
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* conflicts,  in  which  case  the  file  is  NOT  closed. 

* 

* This  performs  four  passes  over  the  pool. 

* 1.  The  first  does  the  bulk  of  the  deletion,  removing  the 

* FilePos  from  the  objects  and  deleting  all  things 

* at  levels  greater  than  1. 

* 2.  The  second  rebuilds  the  sigs-by  lists  which  were  broken  by 

* deleting  objects  in  the  middle  of  them. 

* 3.  The  third  finds  all  keys  that  are  not  referenced  and  do  not 

* make  any  signatures,  and  deletes  those  keys. 

* 4.  The  fourth  rebuilds  the  hash  index  of  the  remaining  keys. 

* 

* Note  that  the  second  and  third  passes  delete  any  al located-but-not 

* linked  keys,  which  are  left  by  ringFileOpen  if  it  runs  out  of  memory 

* in  mid-operation. 

* / 

static  void 

ringFi LeDoCloseCstruct  RingFile  *file) 

t 

union  RingObject  * o b j , * * o b j p ; 
struct  RingPool  *pool  = f i l e-> s e t . poo  l ; 
ringmask  mask  = file->set.mask; 
ringmask  filemask  = pool->filemask; 

ringmask  allocmask  = r i n g A l l o c M a s k ( p o o l , &file->set); 
i n t i ; 


/*  Free  some  memory  right  away  */ 
ringFi  LePurgeTroubleCfi  le); 


/*  1:  Remove  everything  in  the  keyring,  but  don't  delete  the  keys 
for  (obj  = pool->keys;  obj;  obj  = obj->g.next)  { 
if  (mask  & obj->g.mask)  { 

if  ( ! OBJ  ISBOTCob j ) ) 

ringFi  leCloseList(&obj->g.down,  fi  le); 
r i n g R em F i l e Po s ( o b j , file); 

> 


> 


*/ 


/*  2:  Recreate  the  shattered  sigs-by  lists  */ 
ringPoolListSigsBy(pool); 

/*  3:  Now  purge  the  unneeded  keys  */ 
objp  = &pool->keys; 
while  ((obj  = *objp)  !=  NULL)  { 
assert(OBJISKEY(obj)); 
if  (obj->g.mask  & filemask)  { 
objp  = &ob j ->g . next ; 

> else  if  ( ob j -> k . s i g s by ) { 

/*  Retain  key  as  a dummy  key  */ 
assert ( ! (ob j ->g .mask  & allocmask)); 
assert ( !obj->g.down); 
obj->g.mask  = 0; 
objp  = &ob j -> g . n e x t ; 

> else  { 

/*  Delete  the  key  */ 

a s s e r t ( ! ( ob j -> g . ma s k & allocmask)); 
assertt !obj->g.down); 

*objp  = obj->g.next; 
ringFreeObject(pool,  obj); 
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/*  4:  R e - i n i t i a L i z e the  hash  chains  */ 
ringPoolHash(pool); 

/*  Clean  up  the  file's  memory  pools  */ 
memPoolEmptyC&fi le->strings); 
f i le->f reepos  = NULL; 
memPoolEmptyC&fi  le->fpos); 


assertC !fi  le->set  .next); 


/ * 

* If  there's  nothing  in  the  structs  MemPool  that's 

* allocated,  purge  all  the  memory. 

* / 

if  (!pool->keys  &&  !pool->sets)  C 

for  (i  = 0;  i < R I NGT Y P E_M AX ; i++) 
po o l -> f r e e o b j s E i ] = NULL; 
pool->f reesets  = NULL; 
pool->f reei ter  = NULL; 
memPoolEmpty(Spool->structs); 

> 

/ * Cal  the  file's  destructor  function,  if  any  * / 
if  (f i le->destructor)  C 

file->destructor(file,  file->f,  file->arg); 
f i le->destructor  = NULL; 

> 

/*  Final  deallocation  of  the  file  */ 
file->flags  = 0; 
pool->filemask  & = "mask; 


/ * 

* Check  to  see  if  an  object  anywhere  on  the  list  (including  children, 

* recursively)  is  included  in  "allocmask"  but  not  in  "filemask." 

* Such  an  object  is  orphaned,  an  undesirable  state  of  affairs. 

* We  have  to  check  the  entire  keyring,  recursively,  because  a 

* given  key  or  name  might  be  duplicated  in  another  keyring,  but 

* a signature  lower  down  might  not  be. 

* / 


static  i n t 

r i n g F i l e C h e c k L i s t ( u n i o n RingObject  const  *obj,  ringmask  filemask, 
ringmask  allocmask) 

{ 


while  (obj)  i 

if  ( ob j ->g . ma s k & allocmask)  C 

/*  Would  closing  orphan  this  object?  */ 
if  ( ! ( ob j ->g . ma s k S filemask)) 
return  1; 

/*  Would  closing  orphan  its  children?  */ 

if  ( ! OB J I SBOT ( ob j ) &&  r i n g F i l e C h e c k L i s t ( o b j -> g . d o w n , 

fi  lemask, 
allocmask)) 


> 


return  1; 
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obj  = obj->g.next; 

> 

return  0; 


/*  Is  it  safe  to  close  the  given  file?  */ 
i n t 

r i ng F i l e C h e c k C l o s e ( s t r u c t RingFile  const  * f i l e ) 

{ 

struct  RingPool  const  * p o o l = file->set.pool; 


> 


if  ( ! f i l e ) 

return  0 ; 

return  ringFi LeCheckList(pool->keys,  pool->filemask  & ~f i le->set .mask, 

ringAllocMaskCpool,  Sfi  le->set)); 


/ * 

* Close  the  given  Ringfile.  Returns  an  error  if  it  can't  due  to 

* conflicts,  in  which  case  the  file  is  NOT  closed. 

* / 
i n t 

ringFi leCloseCstruct  RingFile  *file) 

{ 

if  ( ! f i l e ) 

return  0;  / * close(NULL)  is  defines  as  harmless  * / 


if  ( r i n g F i l e C h e c k C l o s e ( f i l e ) ) 
return  - 1 ; 


/*  Okay,  nothing  can  fail  now  */ 
ringFi  leDoCloseCfi  le); 


> 


return  0 ; 


/***  Routines  for  fetching  things  from  the  keyring  ***/ 

/*  Make  sure  the  pool's  packet  buffer  is  large  enough  */ 
static  char  * 

ri ngReserveCstruct  RingPool  *pool,  si ze_t  len) 

{ 

char  * p ; 


if  ( poo  l -> p k t bu f a l l o c >=  len) 
return  poo l -> p k t bu f ; 

p = (char  * ) pg pM em R e a l l o c ( poo l -> p k t bu f , len); 
if  ( ! p)  { 

ringAl  locErrCpool  ) ; 
return  NULL; 

> 

pool->pktbufalloc  = len; 
return  pool->pktbuf  = p; 


/ * 

* File  priorities 

* which  is  a mask 


are  handled  by  a "higherpri"  mask  with 
of  other  files  of  higher  priority  than 


each 

that 


file, 

file. 
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* If  obj->g.mask  & po o L -> f i L ma s k &&  f i l e-> h i g h e r p r i is  0, 

* this  is  the  highest-priori ty  file. 

* / 

/ * Set  file  to  the  highest  priority,  except  for  the  memory  file  * / 
void 

r i n g F i L e H i g h P r i ( s t r u c t RingFile  * f i l e ) 

{ 

struct  RingPool  * p o o l = file->set.pool; 
ringmask  mask  = f i le->set  .mask; 
i n t i ; 

/*  Add  this  file  to  everything  else's  higher  priority  mask  */ 
for  (i  = 0;  i < MEMRINGBIT;  i++) 

pool->filesCi].higherpri  |=  mask; 

/ * The  only  thing  higher  priority  than  this  file  is  MEMRING  * / 
fi le->higherpri  = MEMRINGMASK; 

> 

/*  Set  file  to  the  lowest  priority  */ 
void 

r i n g F i l e Lo w P r i ( s t r u c t RingFile  *file) 

{ 

struct  RingPool  *pool  = file->set.pool; 
ringmask  mask  = ~file->set.mask; 
i n t i ; 

/*  Remove  this  file  from  everything  else's  higher  priority  mask  */ 
for  (i  = 0;  i < MEMRINGBIT;  i++) 

pool->filesCi!l.higherpri  & = mask; 

/*  Everything  is  higher  priority  than  this  file  (except  itself)  */ 
file->higherpri  = mask; 

> 


/*  The  mask  of  sets  that  this  key  has  *any*  secret  components  in  */ 
static  ringmask 

ringKeySecMaskCunion  RingObject  const  * o b j ) 

{ 

ringmask  secmask  = 0; 
assert(OBJISKEY(obj )); 


> 


for  (obj  = obj->g.down;  obj;  obj  = obj->g.next) 
if  (OBJISSEC(obj)) 

secmask  |=  obj->g.mask; 

return  secmask; 


/ * 

* Given  an  object,  find  the  best  RingFile  to  fetch  it  from, 

* for  fetching  purposes.  Bits  set  in  "avoidmask"  are 

* NOT  valid  for  fetching. 

*/ 

static  struct  RingFile  * 

r i ng B e s t F i l e ( s t r u c t RingPool  *pool,  union  RingObject  const  *obj, 
ringmask  avoidmask) 

ringmask  mask  = obj->g.mask  & pool->filemask; 
struct  RingFile  *file; 
i n t bit; 
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if  ('.(mask  & "avoi  dmask)  ) 
return  NULL; 


/ * find  highest-priority  fetchable  file  */ 

for  ( ; ; ) { 

/*  Is  l e a s t - s i g n i f i c a n t bit  set  in 
if  ( ! (mask  S -mask  & avoidmask))  { 
bit  = ringLsBitFind(mask); 
file  = &pool->filesCbitd; 

/*  Is  it  highest  priority?  */ 
if  ( ! (mask  & f i l e-> h i g h e r p r i 
break; 

assertlf i l e - > f ) ; 


mask  fetchable?  * / 


S 'avoidmask)  ) 


mask  &=  mask-1 ; 
assert(mask); 


return  file; 


/*  Macro  wrapper  to  inline  the  important  part  */ 

#define  r i n g R e s e r v e ( poo  l , len)  \ 

( ( poo  l ) -> p k t bu f a l l o c < (len)  ? r i n g R e s e r ve ( poo  l , 


len)  : ( po o l ) -> p k t bu f ) 


This  is  the  routine  which  fetches  a packet  from  a keyring  file. 

It  tries  the  highest-priority  file  that  the  object  is  in  which  is  also 
listed  in  "avoidmask."  If  the  memory  keyring  is  one  of  those,  it  has 
absolute  priority.  (It  is  also  not  verified;  it  is  assumed  correct.) 
Otherwise,  the  object  is  fetched  from  the  highest-priority  open  file. 

The  files  are  assigned  priorities  for  fetching.  The  default  is 
that  the  first  opened  file  is  highest  and  subsequent  files  are  of 
lower  priority.  This  is  done  by  having  each  Ringfile  keep  a mask 
of  higher-priority  RingFiles.  We  walk  along  the  list  until  we  hit 
a RingFile  whose  h i g h e r - p r i o r i t y mask  doesn't  include  any  files  that 
the  object  being  sought  is  in. 

The  packet  fetched  must  pass  the  following  validity  checks: 

- It  must  be  of  the  given  packet  type. 

- It  must  be  no  longer  than  "maxlen". 

- If  those  pass,  it  must  be  read  into  memory  successfully. 

- It  must  then  pass  the  caller-supplied  "verify"  function, 
which  checks  o b j e c t - t y p e- s pe c i f i c information  against  the 
summary  information  stored  in  the  RingObject. 

Question:  what  to  return  when  the  avoidmask  doesn't  allow  anything  to 
be  fetched?  Is  this  case  just  an  error? 


struct 
struct 
wo  rd32 
i n t i ; 


RingFile  * f i l e ; 
FilePos  const  *pos; 
len; 
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void  *p; 

/*  find  h i g h e s t -p r i o r i t y 
file  = ringBestFile(pool, 
if  ( ! f i l e ) i 

fetchable  file  */ 
obj,  avoidmask); 

*Lenp  = (siz  e_t ) 0 ; 

return  NULL;  / * Is  this  The  Right  Thing?  * / 

> 

pos  = ringFilePosCobj,  file); 
assert(pos); 


/*  If  it's  in  memory,  that  was  easy...  */ 
if  (f  i le->set .mask  ==  MEMRINGMASK)  { 
assert  (Iverify 

||  verifyCobj,  (byte  * ) p o s -> p t r . b u f , pos->fpos) 
* l e n p = pos->f pos; 
return  pos->ptr.buf; 

> 


/*  We  now  have  h i g h e s t -p r i o r i t y fetchable  file  */ 
assert (fi le->f  ) ; 

if  (pgpFileSeek(file->f,  pos->fpos,  SEE  K_S  E T ) !=  0)  { 

i = PGPERR_KEYI 0_S  E E K I N G ; 
goto  err; 

} 


i = pktByteGet(file->f,  Slen,  ( w o r d 3 2 * ) N U L L ) ; 
if  ( i <=  0 ) 


goto  err; 

if  ( P K T B Y T E_T  Y P E ( i ) !=  pkttype  ||  len  > maxlen)  { 

i = P G P E R R_K  E Y I 0_B  A D P K T ; 
goto  err; 

} 

p = ringReserveCpool,  ( s i z e_t ) l e n ) ; 
if  ( ! p) 


goto  errmem;  / * ringErrC)  already  called  * / 

pool->pktbuflen  = (size_t) len; 

i = pgpFileRead(pool->pktbuf,  (size_t)len,  file->f); 
if  ((size_t)i  ! = (si ze_t) len)  { 

i = pgp F i l e E r r o r ( f i l e-> f ) ? PG P E R R_KE Y I 0_R E A D I NG  : 

P G P E R R_K  E Y I 0_E  OF; 


goto  err; 


> 

p = pool->pktbuf; 


/*  Okay,  now  verify  with  supplied  function  */ 
if  (verify  &&  (i  = verify(obj,  (byte  const  *)p, 
goto  err; 


len))  ! = 0 ) 


/*  Success!  * / 
*lenp  = len; 
return  p; 


/*  Error  cases  (out  of  line)  */ 

err: 

ringErr(file,  pos->fpos,  i); 

errmem: 

*lenp  = 0; 
return  NULL; 


0) 
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> 


/ * 

* The  verify  functions  here  should  *never*  fail  under  normal 

* conditions.  They  fail  only  if  the  keyring  file  has  been 

* changed  while  PGP  is  accessing  it  (which  causes  a fatal  error). 

* Did  I mention  that  this  code  is  *paranoid*? 

* ("The  computer  is  your  friend.  The  computer  wants  you  to  be  happy.") 

* 

* They  operate  by  re-parsing  the  fetched  data  and  checking  that 

* the  cached  data  matches  the  data  just  fetched. 

* / 


/*  Verify  that  the  key  we  just  read  looks  like  the  one  we  wanted  to  read.  */ 
static  i n t 

r i n g Key V e r i f y ( u n i on  RingObject  const  *obj,  byte  const  *p,  si ze_t  len) 

{ 

i n t i ; 

byte  pkalg,  keyIDC8Il; 
word16  keybits,  validity; 
w o r d 3 2 tstamp; 

i = r i n g Ke y Pa r s e ( p , len,  Spkalg,  keylD,  Skeybits, 

Ststamp,  Svalidity,  0); 


if  ( mem c mp ( key  I D , o b j -> k . k e y I D , 8)  ==  0 
SS  keybits  ==  o b j -> k . ke y b i t s 
SS  tstamp  ==  o b j -> k . t s t a mp 
88  validity  ==  o b j -> k . v a l i d i t y 
SS  pkalg  ==  obj->k. pkalg 

88  (i  ==  0)  ==  ! (ob j->g  . f lags  & KEY  F_E  R ROR ) ) 
return  0;  / * All  copascetic  * / 

return  P G P E R R_KE Y I 0_B A D P KT ; 


/*  Verify  that  the  secret  we  just  read  looks  like  the  one  we  wanted  to  read.  */ 
static  i n t 

ringSecVerify(union  RingObject  const  *obj,  byte  const  *p,  si ze_t  len) 

■C 

i n t i ; 

byte  pkalg,  keyIDC83; 
word16  keybits,  validity; 
word32  tstamp; 

union  RingObject  *key  = obj->g.up; 


assert(OBJISSEC(obj)); 

assert(OESJISKEY(key)); 


i = r i n g Key P a r s e ( p , len,  Spkalg,  keylD,  Skeybits, 

Ststamp,  Svalidity,  1); 

if  ( r i ng H a s h Bu f ( p , len)  ==  obj->c.hash 

SS  mem c mp ( k ey I D , k e y- > k . k e y I D , 8)  ==  0 
SS  keybits  ==  k e y-> k . k e y b i t s 
SS  tstamp  ==  k ey-> k . t s t amp 
SS  validity  ==  k e y-> k . va l i d i t y 
SS  pkalg  ==  key->k. pkalg 

gg  (i  ==  0)  ==  ! ( key->g . f lags  S KEY  F_E  R R 0 R ) ) 
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> 


return  0;  / * ALL  copasceti c * / 

return  PG P E R R_KE Y I 0_BA D PKT ; 


/ * 

* Verify  that  the  signature  we  just  read  Looks  Like  the  one  we  wanted  to  read. 

* / 

static  int 

r i ng S i g Ve r i f y ( un i on  RingObject  const  *obj,  byte  const  *p,  size_t  Len) 

{ 

int  i ; 

byte  pkaLg,  keyIDC8]; 

wo  rd32  tstamp; 

word16  vaLidity; 

byte  type,  hashaLg,  extraLen; 


i = r i n g S i g Pa r s e ( p , Len,  SpkaLg,  keylD,  Ststamp,  SvaLidity, 

Stype,  ShashaLg,  &extra  Len); 
if  ( mem cmp ( key  I D , o b j - > s . by-> k . k e y I D , 8)  ==  0 
88  tstamp  ==  o b j -> s . t s t a mp 
&&  vaLidity  = = obj->s. vaLidity 
&&  type  ==  obj->s.type 
&&  hashaLg  ==  o b j -> s . h a s h a L g 

88  (extraLen  ==  5)  ==  !(obj->g.fLags  8 S I G F_N 0 N F I V E ) 

88  (i  ==  0)  ==  ! (ob j->g . f Lags  8 S I G F_E  R R 0 R ) ) 
return  0;  / * ALL  copascetic  * / 

return  PG P E R R_KE Y I 0_B A D PKT ; 


/ * 

* Verify  that  the  unknown  we  just  read  Looks  Like  the  one  we  wanted  to  read. 
*/ 

static  int 

r i ngUnkVe r i f y ( un i on  RingObject  const  *obj,  byte  const  *p,  si ze_t  Len) 

{ 

if  ( r i n g H a s h Bu f ( p , Len)  ==  obj->u.hash) 

return  0;  /*  ALL  copascetic  */ 


> 


return  PG P E R R_KE Y I 0_B A D PKT ; 


/ * 

* Getting  names  is  speciaL  due  to  the  in-memory  cache  and  the 

* option  we  have  to  not  destroy  the  pktbuf  under  any  circumstances. 

* We  don't  have  to  support  "avoidmask",  though. 

* 

* Return  a pointer  to  a name  string.  Note  that  the  string  is  NOT 

* nuL  L-terminated;  a L L 256  vaLues  are  LegaL!  The  "Lenp"  argument 

* returns  the  Length.  Tries  to  get  it  from  memory  if  possibLe, 

* then  tries  to  Load  it  into  the  cache.  If  it  can't  Load  it  into 

* the  preferred  f i L e cache,  we're  Low  on  memory  and  behaviour  is 

* controL  Led  by  "pktbuf".  If  1,  Load  the  name  into  the  pooL's  pktbuf. 

* FaiLing  that,  try  to  find  another  cache  that  it  wiL  fit  into. 

* 

* aaa  Is  the  ability  to  hande  a pooL==NULL  stiLL  useful? 

* / 

static  char  const  * 
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r i n g P o o l G e t N a m e ( s t r u c t RingPooL  *pool,  struct  RingName  *name,  si ze_t 
{ 

i n t in- 
struct MemPooL  cut; 
ringmask  mask; 

struct  RingFile  * f i l e , * f i l e 2 ; 
struct  FilePos  const  * p o s ; 
char  *str; 
w o r d 3 2 Len; 

* l e n p = name->len; 

/*  If  we  already  have  it,  boom.  */ 
if  (NAMEISCACHED(name) ) 

return  name->name.ptr; 

/*  If  we  weren't  given  a pool,  we  can't  fetch  it  */ 
if  (Spool) 

return  NULL; 

/ * find  highest-priority  fetchable  file  * / 

file  = ringBestFileCpool,  (union  RingObject  * ) n a m e , 0 ) ; 

assert(fi  l e ) ; 

as se r t ( f i l e->f  ||  f i le->set .mask  ==  M E M R I NGM A S K ) ; 

pos  = r i n g F i l e Po s ( ( u n i on  RingObject  *)name,  file); 
assert(pos); 

/*  If  it's  in  memory,  that  was  fast  - set  cached  if  if  wasn't 
if  (f  i le->set  .mask  ==  MEMRINGMASK)  { 

assert(pos->fpos  ==  name->len); 

a s s e r t ( r i n g H a s h B u f ( ( by t e * ) p o s -> p t r . b u f , name->len)  = 
name->name.hash); 

NAMESETCACHED(name)  ; 

name->f lags  &=  ~ N A M E F_F I L E M A S K; 

name->f  lags  |=  MEMRINGBIT; 

return  name->name.ptr  = (char  *)pos->ptr.buf; 

> 

/*  Allocate  cache  space  for  it  */ 

/*  Dummy  loop  to  break  out  of  */ 
do  L 

/*  Try  the  preferred  cache  */ 
f i l e 2 = file; 

cut  = f i l e 2 -> s t r i n g s ; /*  Remember  cutback  position 

str  = (char  * ) m em Poo l A l l o c ( & f i l e 2 -> s t r i n g s , name->len 
if  (str) 

break; 

/*  Try  the  pktbuf  */ 

str  = ringReserve(pool,  name->len); 
if  (str)  { 

f i l e 2 = NULL; 

po o l -> p k t bu f l e n = name->len; 
break; 

> 

/*  Okay,  desperation  time  - look  for  any  cache  */ 
mask  = name->mask  & pool->filemask  & “MEMRINGMASK; 
pos  = &name->pos; 
for  (;;)  f 


* l e n p ) 


already*/ 


*/ 

, 1 ); 
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> 

> while  ( 0 ) ; 


i = ringLsBitFind(mask); 
assert ( i > = 0 ) ; 
assert  (i  < MEMRINGBIT); 
assert(pool->fi LesCiD.f); 
fi  l e 2 = &poo l -> f i l e s C i D ; 
cut  = file2->strings; 

str  = (char  *)memPoolAlloc(&file2->strings 

name->len,  1 ) ; 


if  (str) 


/ 


break; 

if  ( ! (mask  &=  mask-1))  { 

ringAllocErr(pool); 
return  NULL; 


pos  = pos->ptr.next; 


/*  Dummy  loop  to  break  out  of  */ 


/*  Okay,  we  got  buffer  space...  get  the  packet  */ 


if  (pgpFi leSeek(fi  l e->  f , pos->fpos,  SEE  K_S  E T ) !=  0)  i 

i = PGPERR_KEYIO_SEEKING; 
goto  error; 

> 

i = pk t By t eGe t ( f i l e-> f , Slen,  (word32  *)NULL); 

if  ( i < 0) 

goto  error; 

if  (PKTBYTE_TYPE(i ) !=  PKTBYTE_NAME  ||  len  !=  name->len) 

goto  badpkt; 


i 

i f 


> 


pgpFi  leRead(str,  (size_t)len,  fi Le  — >f) ; 

((size_t)i  !=  (size_t) len)  { 

i = pgp F i l eE r ro r ( f i l e->f  ) ? PG P E R R_KE Y I 0_R E A D I NG  : 

P G P E R R_K  E Y I 0_E  OF; 

goto  error; 


/*  Double-check  that  we  got  the  right  thing.  */ 
if  ( r i ngHashBuf ( (byte  *)str,  len)  !=  name->name . hash) 
goto  badpkt; 


/*  Success  at  last!  */ 
if  ( f i l e 2 ) ( 

/*  It's  cached  in  file2  - set  flags  appropriately  */ 

NAMESETCACHED(name)  ; 

name->f  lags  &=  ~NAMEF_FILEMASK; 

name->f  lags  |=  r i ng Ls B i t F i nd ( f i l e 2-> s e t . ma s k ) ; 
name->name.ptr  = str; 

> 

return  str; 


badpkt  : 

i = P G P E R R_K  E Y I 0_B  ADPKT; 

error: 

if  ( f i l e 2 ) 

memPoolCutBack(&fi  le2->strings.  Scut); 
ringErr(file,  pos->fpos,  i); 
return  NULL; 

> 
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void  const  * 

r i n g F e t c h Ob j e c t ( s t r u c t RingSet  const  *set,  union  RingObject  *obj,  si ze_t  *lenp) 
{ 

byte  const  * bu  f ; 

ringmask  secmask,  bestfile;  /*  Needed  in  RINGTYPE_KEY  */ 

struct  RingPool  * p o o l = set->pool; 
byte  pktbyte; 

assert(obj->g.mask  & set->mask); 
assert(obj->g.mask  & pool->filemask); 


switch 

case 


case 


case 


case 


case 


( r i n g 0 b j e c t Ty pe ( o b j ) ) i 


R I N G T Y P E_N  A M E : 
but  = (byte  const 
break; 

R I N G T Y P E_S I G : 
but  = (byte  const 

break; 

R I NGTYPE_UNK : 
but  = (byte  const 


ringPoolGetName(pool, 

Sob  j 

->  n 

, l e n p ) ; 

ringFetchPacket(pool, 

o 

cr 

V_i. 

N 

o. 

PKTBYTE 

_S  I G , 

R I N G S I G_M  A X L E N , 

lenp 

, r 

i n g S i g V e 

rify); 

ringFetchPacket(pool, 

ob  j , 

o. 

PKTBYTE_TYPE ( ob j 

-> u . 

pktbyte). 

R I N G U N K_M  A X L E N , 

lenp 

, ringllnkVe 

r i f y ) ; 

break; 

R I N G T Y P E_S  E C : 

pktbyte  = OB J I S T 0 PKE Y ( ob j ->g . u p ) ? PKTB Y T E_S E C KE Y : 
PKTBYTE_SECSUBKEY; 

but  = (byte  const  * ) r i ng Fe t c h Pa c ke t ( poo L , obj,  0, 

pktbyte,  R I NG S E C_M AX L E N , 
lenp,  ringSecVerify); 

/*  Compensate  for  version  bug  */ 


if  ( b u f 

SS  * L enp  > 0 

&&  obj->g. flags  & S E C F_V E R S I 0 N_BUG 
&&  bufCO]  ==  PGPVERSI0N_2_6) 

((byte  *)buf)C0]  = PG P V E R S I 0 N_2 ; 

break; 

R I N G T Y P E_K  E Y : 

/*  File  we'd  like  to  fetch  from  */ 

bestfile  = ringBestFile(pool,  obj,  0)->set .mask; 

/*  Where  secrets  are  located  */ 

secmask  = ringKeySecMask(obj); 


/ * 
i f 


Is  where  we  want  to  fetch  from  secret?  */ 

(bestfile  S secmask)  { 

pktbyte  = OB J I STOPKEY ( ob j ) ? P KT B Y T E_S E C K E Y : 
PKTBYTE_SECSUBKEY; 

/*  Have  to  fetch  the  secret  key  and  extract.  */ 
obj  = obj->g.down; 

while  ( ! ( o b j -> g . ma s k & bestfile)  ||  ! OB J I S S E C ( ob j ) ) 

obj  = obj->g.next; 
assert(obj  ); 

> 

buf  = (byte  const  * ) r i ng F e t c h Pa c ke t ( po o l , obj, 

“secmask,  pktbyte,  R I N G S E C_M AX L E N , 
lenp,  ringSecVerify); 

if  (buf)  { 
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s i z e_t  Len; 


> 


/*  Compensate  for  version  bug  */ 
if  ( * l e n p > 0 

&S  obj->g.  flags  & S E C F_V E R S I 0 N_BU G 
S&  bu  f [ 0 ] ==  PGPVERSI0N_2_6) 

((byte  *) buf)  COD  = PG P V E R S I 0N_2 ; 


> 


len  = r i ng Key  Pa r s e Pub l i c P re f i x ( bu f , *lenp); 
/*  If  unparseable,  take  the  whole  thing.  */ 
if  (len) 


> else 


> 


* l e n p = len; 

} 

C 

pktbyte  = OB J I S TO PKE Y ( o b j ) ? PKTBYTE_PUBKEY  : 

PKTBYTE_PUBSUBKEY; 

/*  Fetch  public  components  */ 

buf  = (byte  const  * ) r i n g F e t c h Pa c ke t ( poo  l , obj, 

pktbyte,  R I NG KE Y_M AX L E N , 
lenp,  ringKeyVerify); 


break; 

default: 

assert(O); 

break; 


secmask. 


return  buf; 


/***  Various  bookkeeping  helper  functions  ***/ 

/ * 

* Sort  all  the  keys  in  a pool  into  keylD  order.  This  uses  8 passes 

* of  a byte-wise  radix  sort.  Each  pass  is  stable,  so  sorting  on  the 

* least  significant  byte,  proceeding  to  the  most  will  result  in  a 

* completely  sorted  list. 

* 

* Actually,  it's  sorted  with  the  * v i s i b l e * part  (the  low  32  bits)  of  the 

* keylD  more  significant  than  the  invisible  part.  This  makes  the  ordering 

* more  sensible  to  a human  watching  what's  going  on. 

* 

* There  are  256  lists,  with  a head  and  a tail  pointer.  The  tail 

* pointer  is  a pointer  to  a pointer,  namely  the  slot  the  pointer  to 

* the  next  entry  to  be  added  to  the  list  goes  in.  It  is  initialized 

* to  point  to  the  head  pointer.  So  adding  an  element  to  the  list 

* consists  of  setting  * t a i l = object;  and  then  tail  = &object->next; 

* 

* After  each  pass,  concatenate  the  lists,  starting  at  the  end. 

* Begin  with  an  empty  list  and  keep  appending  the  current  list  to 

* the  tail  of  the  one  before  it,  grabbing  the  head  as  the  new 

* current  list. 

*/ 

static  i n t 

r i n g Key  I D c mp ( by t e const  id1C8],  byte  const  i d 2 C 8 □ ) 

{ 

i n t i ; 


i = memcmp(id1+4,  i d 2 + 4 , 4); 
return  i ? i : memcmp(id1,  id2,  4); 
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static  void 

r i n g S o r t Ke y s ( s t r u c t RingPooL  *pool) 

{ 

i nt  i , j ; 

union  RingObject  *list  = pool->keys; 
union  RingObject  *headC256]; 
union  RingObject  **tai  LC256II; 

i = 3; 
do  { 

/*  Clear  the  table  for  the  next  distribution  pass  ★ / 

for  (j  = 0;  j < 256;  j + + ) 
tailCj]  = head+j; 

/*  Distribute  the  list  elements  among  the  sublists  */ 

while  (list)  C 

j = list->k.keyIDCi]; 

★tailCj]  = list; 
tailCj]  = &list->k.next; 

List  = list->k.next; 

> 

j = 256; 

/*  list  is  already  0 from  the  previous  loop  ★ / 

/*  Gather  the  sublists  back  into  one  big  list  */ 

while  (j  — ) { 

★tailCj]  = list; 
list  = headCj]; 

} 

} while  ( ( i = ( i - 1 ) & 7)  !=  3); 

pool->keys  = list; 

> 


static  void 

ri ngPoo l Li nkKey ( s t ruct  RingPool  ★pool,  union  RingObject  ^parent, 
union  RingObject  *key,  byte  pkalg,  byte  const  keyIDC8D) 

{ 

union  RingObject  **ptr; 

assert(OBJISKEY(key)); 
m e m c py ( k e y-> k . k e y I D , keylD,  8); 
key->k.pkalg  = pkalg; 


if  (parent)  C 


key->g 

.up  = parent; 

p t r = 

Sparent->g . down; 

while 

( ★ p t r ) 

ptr  = 8(*ptr)->g 

> else 

{ 

p t r = 

8pool->keys; 

j 

key->g 

.next  = 

★ ptr; 

* p t r = 

key; 

RINGPOOLHASHKEY (pool,  key); 
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/*  Remove  specified  key  from  the  top-level  keys  list  */ 
static  void 

r i n g P o o l U n l i n k Ke y ( s t r u c t RingPool  *pool,  union  RingObject  *key) 
union  RingObject  *obj,  **objp; 
assertlpool  & & key); 


objp  = &pool->keys; 

while  ((obj  = *objp)  !=  NULL  &&  obj  !=  key)  { 
objp  = Sob j ->g . next ; 

> 

assertlobj  ==  key); 

* o b j p = key->g.next; 
key->g .next  = NULL; 
return; 


/ * 


* Same  as  r i ng Poo l F i n d Key , but  creates  a dummy  key  with  the  given  parent 

* if  one  is  not  found. 

* Note  that  a dummy  key  is  a RingObject  with  its  mask  set  to  0. 

* / 

static  union  RingObject  * 

r i ng Poo  l F i nd Dummy Key ( s t ru c t RingPool  *pool,  union  RingObject  *parent, 
byte  pkalg,  byte  const  keyIDH83) 
i 


union  RingObject  *key  = ringPoolFindKeyCpool,  pkalg,  keylD); 


if  ( ! key ) { 

key  = ringNewKey(pool); 
if  (key)  { 

if  (parent) 

key->k. flags  |=  R I N G OB J F_S UBKE Y ; 
r i ng Poo  l L i n kKey ( poo l , parent,  key,  pkalg,  keylD); 

> 

> 

return  key; 


/* 

* Free  an  entire  tree  of  objects. 

* This  does  not  do  anything  with  the  FilePos  chain,  but  since  the 

* first  entry  is  preallocated,  if  the  object  has  at  most  one  FilePos, 

* (as  is  the  case  in  newly  created  objects),  no  memory  is  leaked. 

* / 

static  void 

ringFreeTree(struct  RingPool  *pool,  union  RingObject  *obj) 

{ 

union  RingObject  *down; 

if  ( ! OBJ  ISBOKob  j ) ) < 

while  ((down  = obj->g.down)  !=  NULL)  { 
obj->g.down  = down->g . next; 
ringFreeTree(pool,  down); 

> 

> 

ringFreeObject(pool,  obj); 
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> 


/ * 

* Free  up  a newly  created  dummy  key. 

* Unlink  it  from  the  pool  and  free  it  and  all  descendents. 

*/ 

static  void 

r i ng F r e e D ummy Ke y ( s t r u c t RingPool  *pool,  union  RingObject  *key) 
{ 

union  RingObject  * * o b j p ; 
assert(OBJISKEY(key)); 


> 


/*  Find  head  of  list  this  object  is 
if  (OBJ ISTOPC key)  ) 

objp  = &pool->keys; 

else 


objp  = &key->g.up->g.down; 


on  * / 


while  (*objp  !=  key)  { 
asser t ( *ob j p)  ; 
objp  = S ( * o b j p ) -> g . n e x t ; 

> 

*objp  = key->g.next; 
ringFreeTreelpool,  key); 


/ * 

* Return  0 if  the  packet  in  the  pktbuf  is  the  same  as  the  packet  in 

* the  given  file  at  the  given  offset,  and  the  file  packet  is  of  type 

* pkttype.  Returns  1 if  they  differ,  and  -1  (and  sets  the  ring's  error 

* status)  if  there  is  an  error,  including  an  unexpected  packet  byte. 

* Compare  at  most  max  bytes. 

* 

* This  does  NOT  examine  any  more  of  the  object  than  its  filepos 

* chain;  in  particular,  it  does  NOT  examine  the  object's  type. 

* Thus,  it  is  possible  to  have  a key  object  and  use  it  to 

* fetch  a secret-key  packet. 

* 

* Special  case:  returns  pktbufEOD  if  pktbufCOH  is  2 or  3 and  the  file's 

* packet  begins  with  5 -p  k t bu  f C 0 II  . This  is  used  by  the  key  difference 

* code  to  detect  the  version  byte  bug.  The  other  things  can  ignore  it, 

* and  just  treat  all  positive  return  values  as  "different". 

*/ 

static  i n t 

r i ng P a c k e t D i f f e r s ( s t r u c t RingFile  *file,  union  RingObject  const  *obj, 
int  pkttype,  word32  max) 

{ 

struct  RingPool  * p o o l = file->set.pool; 
struct  FilePos  const  * p o s ; 
char  * p ; 

struct  PgpFile  * f ; 
word32  len; 
int  i ; 
byte  c ; 
int  magic; 

pos  = ringFilePos(obj,  file); 
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/*  Memory  file,  special  case  for  comparison  */ 
if  (f i le->set  .mask  ==  MEMRINGMASK)  f 
len  = pos->f pos; 
if  (len  > max) 

len  = max; 

if  (max  > po o l -> p k t bu f l e n ) 

max  = pool->pktbuflen; 
if  (len  !=  max) 

return  1;  / * Different  * / 

if  ( ! I e n ) 

return  0; 

/*  Check  first  character  specially  */ 
p = (char  *)pos->ptr.buf; 
magic  = 0 ; 

if  (pCOD  !=  poo l ->p k t bu f E 0 U ) { 

if  ((pCOIl  A pool->pktbufC0H)  !=  1 

||  (pHOU  & poo l -> p k t bu f 1 0 ] ) !=  2) 

return  1;  / * First  char  different  * / 

magic  = pool->pktbufC0H;  / * First  char  magic  * / 

> 

return  memcmp(p  + 1,  pool->pktbuf  + 1,  ( s i z e_t ) l en-1 ) ? 1 : magic; 

> 

/*  Usual  case  - external  file  */ 

f = fi  le  — >f; 

assert(f); 

i = pgpFileSeek(f,  pos->fpos,  SEEK_SET); 
if  ( i ! = 0)  f 

ringErr(fi  le,  pos->fpos,  PG P E R R_K E Y I 0_S E E K I N G ) ; 
return  PG P E R R_KE Y I 0_S E E K I NG ; 

} 

i = pktByteGet(f,  &len,  (word32  *)NULL); 
if  (i  < 0)  -C 

ringErr(file,  pos->f pos,  i); 
return  i ; 

> 

if  ( P KT  B Y T E_T  Y P E ( i ) !=  pkttype)  { 

r i ng E r r ( f i l e , pos->fpos,  PG P E R R_KE Y I 0_B A D PKT ) ; 
return  PG P E R R_KE Y I 0_B A D PKT ; 

> 

if  (len  > max) 

len  = max; 

if  (max  > po o l -> p k t b u f l e n ) 

max  = pool->pktbuflen; 
if  (len  !=  max) 

return  1;  /*  Different  */ 

if  ( ! I e n ) 

return  0; 

/*  Check  first  character  specially  */ 
if  ( pgp F i l eRead ( &c  , 1,  f)  !=  1)  { 

i = pgp F i l e E r ro r ( f ) ? P G P E R R_KE Y I 0_R E A D I N G : P G P E R R_K E Y I 0_E 0 F ; 
ringErr(file,  pos->f pos,  i); 
return  i ; 

> 

i = c S 255; 

magic  = 0;  /*  First  char  the  same  */ 

if  (i  !-  poo l -> p k t bu f C 0 ] ) ( 

if  ( ( i A po o l -> p k t bu f C 0 ] ) !=  1 ||  (i  S poo  l -> p k t bu f C 0 ] ) !=  2) 
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return  1 ; 

magic  = pool->pktbufCOII;  / * First  char  magic  * / 

> 

i = f i l ellnequa  l Buf  ( f , po o L -> p k t bu f + 1 , ( s i z e_t ) L e n- 1 ) ; 
if  (i  < 0) 

ringErrCfile,  pos->f pos,  i ) ; 
return  i ? i : magic; 

> 

/ * 

* Return  1 if  the  key  in  the  ring's  pktbuf  differs  from  the 

* key  in  its  other  homes,  0 if  it  is  the  same,  and  <0  if  there 

* is  some  sort  of  error. 

* Does  *not*  alter  filel's  read  position  unless  there  is  an  error. 

* 

* SPECIAL  CASE: 

* Returns  >1  if  the  version  byte  bug  was  detected.  This  is  the  case 

* wherein  version  2.6  would  write  out  an  edited  secret  key  with  a 

* version  byte  of  3 even  if  it  was  originally  2. 

* This  function  returns  the  current  pktbuf's  version  byte  (2  or  3) 

* if  the  keys  are  identical  except  that  the  version  byte  differs 

* from  something  read  previously. 

* The  caller  must  decide  what  sort  of  trouble  to  log. 

*/ 

static  i n t 

ke y s d i f f e r ( s t r u c t RingFile  * f i lei,  union  RingObject  const  *key,  int  pktbyte) 
{ 

struct  RingPool  * p o o l = file1->set.pool; 

struct  RingFile  * f i l e 2 ; 

si ze_t  savelen,  publen; 

ringmask  secmask; 

word32  max; 

int  i , t y p e ; 

long  r e t p o s = 0 ; 

assert(OBJISKEY(key)); 

assert ( fi  lei ->f  ||  f i l e 1 -> s e t . ma s k ==  MEMR I NGMASK) ; 


/ * 

* If  this  is  a secret  key,  find  the  prefix  which  is  a public  key, 

* and  limit  it  to  that  if  reasonable. 

*/ 


savelen  = pool->pktbuflen; 

if  ((PKTBYT  E_T  YPE(pktbyte)  ==  PKTB YT E_S E C KE Y || 

P KT  B Y T E_T  YPE(pktbyte)  ==  P KT B Y T E_S E C S U B K E Y ) 
&&  ! ( key->g . f lags  S KEY  F_E  R R 0 R ) ) 

i 


> 


publen  = r i n g Ke y Pa r s e Pu b l i c P r e f i x ( ( by t e const  * ) poo  l->pktbuf , 

pool->pktbuf  len); 


if  (publen) 

pool->pktbuflen  = publen; 


/*  Find  a file  containing  the  key  - try  for  public  first  */ 
secmask  = ringKeySecMask(key); 


f i l e 2 = ringBestFilelpool,  key,  secmask); 
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if  ( f i L e 2 ) f 

max  = (word32)-1; 

type  = OBJ ISTOPKEYC key)  ? P KT B Y T E_P U B K E Y : P KT B Y T E_P U B S U B K E Y ; 

> else  { 

f i L e 2 = ringBestFile(pool,  key,  0 ) ; 
assert(fi  l e 2 ) ; 

max  = (word32)pool->pktbuflen; 

type  = OBJ  I STOPKEY ( key ) ? P KT B Y T E_S E C K E Y : P KT B Y T E_S E C S U B K E Y ; 

> 

if  ( f i L e 2 ==  fiLel  &S  fi Lei— >f  &&  ( r e t po s = pg p F i l e T e L L ( f i l e 1 -> f ) ) < 0)  { 
ri ngErr( f i Lei  , pgpFi  LeTeLLCfi  Le1->f),  PG P E R R_KE Y I 0_FT E L L ) ; 
return  PG P E R R_KE Y I 0_FT E L L ; 

} 

i = r i n g Pa c k e t D i f f e r s ( f i l e 2 , key,  type,  max); 

/* 

* If  we  compared  against  a secret  key,  and  encountered  the  version 

* bug,  and  the  version  bug  has  already  been  noted,  ignore  the 

* difference. 

*/ 

if  (i  ==  PGPVERSIO  N_2 

&&  type  ==  PKTBYTE_SECKEY 
&&  key->g. flags  & SEC  F_V  E R S I 0 N_B  U G ) 

i = 0; 

if  ( f i l e 2 ==  filel  &&  fi  le1->f  SS 

pgpFi LeSeek(file1->f,  retpos,  SEEK_SET)  !=  0)  { 
ri ngEr r ( f i l el  , pg p F i l e T e l l ( f i l e 1 -> f ) , PG P E R R_KE Y I 0_S E E K I NG ) ; 
return  PG P E R R_KE Y I 0_S E EK I NG ; 

> 

/*  Restore  pktbuflen,  may  have  been  changed  above  */ 
pool->pktbuflen  = savelen; 

return  i ; 

> 

/ * 

* Return  1 if  the  secret  in  the  ring's  pktbuf  differs  from  the 

* key  in  its  other  homes,  0 if  it  is  the  same,  and  <0  if  there 

* is  some  sort  of  error. 

* Does  *not*  alter  filel  1 s read  position  unless  there  is  an  error. 

* 

* SPECIAL  CASE: 

* Returns  >1  if  the  version  byte  bug  was  detected.  This  is  the  case 

* wherein  version  2.6  would  write  out  an  edited  secret  key  with  a 

* version  byte  of  3 even  if  it  was  originally  2. 

* This  function  returns  the  current  pktbuf's  version  byte  (2  or  3) 

* if  the  keys  are  identical  except  that  the  version  byte  differs 

* from  something  read  previously. 

* The  caller  must  decide  what  sort  of  trouble  to  log. 

* / 

/ * 

* Return  1 if  the  signature  in  the  ring's  pktbuf  differs  from  the 

* sig  in  its  various  homes,  0 if  it  is  the  same,  and  <0  if  there 

* is  some  sort  of  error. 

* Does  *not*  alter  filel's  read  position  unless  there  is  an  error. 

*/ 
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static  i n t 

secsdi f ferCstruct  RingFile  * f i Lei,  union  RingObject  const  *sec) 

{ 

struct  RingPool  *pool  = f i L e 1 - > s e t . p o o L ; 
struct  RingFile  * f i l e 2 ; 
long  r e t p o s = 0 ; 
byte  pktbyte; 
i n t i ; 

assert(OBJISSEClsec)); 

/*  Find  a matching  signature  */ 

f i l e 2 = r i n g B e s t F i l e ( po o l , sec,  0); 

assert(file2); 

assert(file2->f  ||  file2->set.mask  ==  MEMRINGMASK); 

if  ( f i l e 2 ==  filel  &&  fi  lei— >f  &&  ( r e t po s = pg p F i l e T e l l ( f i l e 1 -> f ) ) < 0)  l 
ringErrlfi  lei,  p g p F i l e T e l l ( f i l e 1 - > f ) , PG P E R R_KE Y I 0_F T E L L ) ; 
return  P G P E R R_K E Y I 0_F T E L L ; 

> 


pktbyte  = OB J I S TO PKE Y ( s e c -> g . u p ) ? P KT B Y T E_S E C KE Y : 
PKTBYTE_SECSUBKEY; 

i = ringPacketDiffers(file2,  sec,  pktbyte,  (word32)-1); 
if  ( i < 0) 

return  i ; 

if  ( f i l e 2 ==  filel  &&  filel ->f  && 

pgpFileSeek(file1->f,  retpos,  SEEK_SET)  !=  0)  { 
ringErrlfi  lei , s e c -> g . p o s . f p o s , PG P E R R_K E Y I 0_S E E K I N G ) ; 
return  P G P E R R_K E Y I 0_S E E K I N G ; 

} 

return  i; 


static  union  RingObject  * 

r i ng F i nd S e c ( s t r u c t RingFile  *file,  union  RingObject  *parent) 
{ 

struct  RingPool  * p o o l = file->set.pool; 
union  RingObject  *sec,  **secp; 
i n t i ; 


/*  Properties  of  the  secret  */ 
word32  hash; 


hash  = r i n g H a s h Bu f ( ( by t e const  * ) po o l -> p k t b u f , p o o l - > p k t b u f l e n ) ; 


/*  Search  for  matching  sigs  * / 

for  ( secp=8parent->g . down;  (sec=*secp)  ! = NULL;  secp=&sec->g.next) 
if  (OBJISSEC(sec) 

&&  sec->c  . hash  ==  hash 
SS  (i  = s e c s d i f f e r ( f i l e , sec))  <=  0) 
return  i<0  ? NULL  : sec; 


> 


/*  Not  found  - allocate  a new  secret  */ 
sec  = ringNewSec(pool); 
if  (sec)  { 

/ * 

* Make  secret  object  the  first  thing.  This  is  assumed  by 
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* ringFindSig  which  tries  to  keep  sigs  together  just  past 

* the  sec  obj.  Especially  important  with  subkeys  where  it's 

* hard  to  tell  which  sigs  go  with  which  keys  as  we  read. 

*/ 

sec->g.next  = parent->g.down; 
parent->g.down  = sec; 
sec->g . up  = parent; 
sec->c . hash  = hash; 

> 

return  sec; 

} 

/* 

* Return  1 it  the  name  in  the  ring's  pktbut  differs  from  the 

* name  in  its  various  homes,  0 if  it  is  the  same,  and  <0  if  there 

* is  some  sort  of  error. 

* Does  *not*  alter  filel's  read  position  unless  there  is  an  error. 

*/ 

static  i n t 

namesdiffertstruct  RingFile  * f i Lei,  union  RingObject  const  *name) 

struct  RingPool  *pool  = file1->set.pool; 
struct  RingFile  * f i l e 2 ; 
long  retpos=0; 
i n t i ; 
i n t b i t ; 

/*  Find  a matching  name  */ 
f i l e 2 = ringBestFi  leCpool,  name,  0 ) ; 

bit  = ringLsBitFind(name->g.mask  S pool->filemask); 
assertlbi t >=  0); 
f i l e 2 = &pool->filesCbitd; 

assert  ( f i l e 2 - > f ||  file2->set.mask  = = MEMRINGMASK); 

if  ( f i l e 2 ==  filel  &&  fi  lei— >f  &&  ( r e t po s = pgp F i l eTe  l l ( f i l e 1 -> f ) ) < 0)  { 
r i ngE rr ( f i l el  , p g p F i l e T e l l ( f i l e 1 -> f ) , P G P E R R_K E Y I 0_F T E L L ) ; 
return  P G P E R R_K E Y I 0_F T E L L ; 

> 

if  ( pgp F i l eS ee k ( f i l e2-> f , na me-> g . po s . f po s , SEE  K_S  E T ) !=  0)  { 

r i ng E r r ( f i l e2 , n a m e -> g . p o s . f p o s , P G P E R R_K E Y I 0_S E E K I N G ) ; 
return  P G P E R R_K E Y I 0_S E E K I N G ; 

> 

i = ringPacketDiffersCfi  le2,  name,  PKTBYTE_SIG,  (word32)-1); 

if  C f i l e 2 ==  filel  &&  fi  lei— >f  && 

pgpFi leSeekCfi  l e 1 — > f , retpos,  SEE  K_S  E T ) !=  0)  { 

r i ng E r r ( f i l e 1 , n a m e-> g . po s . f po s , PG P E R R_KE Y I 0_S E E K I NG ) ; 
return  P G P E R R_K E Y I 0_S E E K I N G ; 

> 

return  i ; 

> 

/* 

* Get  a struct  RingName  on  the  given  chain  matching  the  one  in  the  ring's 

* pktbuf.  Returns  0 if  it  runs  out  of  memory  or  can't  read  the  file. 

* (The  ring's  error  is  set  to  reflect  this.) 

* It  does  *not*  add  the  FilePos  or  set  the  mask  bit. 

* Does  *not*  alter  the  given  file's  read  position  unless  there  is  an  error. 

*/ 
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static  union  RingObject  * 

r i n g F i nd Na m e ( s t r u c t RingFile  *file,  union  RingObject  *parent) 
{ 

struct  RingPool  * p o o l = file->set.pool; 
union  RingObject  *name,  * * n p , **pname=NULL; 
size_t  const  ten  = pool->pktbuflen; 
w o r d 3 2 hash; 
i n t i ; 

char  * b u f ; / * Used  when  trying  to  cache  name  * / 


hash  = ringHashBuf((byte  const  *)pool->pktbuf,  len); 


pname  = Sparent->g .down; 

for  (np  = &parent->g.down;  (name=*np)  !=  NULL;  np  = &name->g.next)  { 
/ * Position  name  after  names,  key-si gs,  sec's  ★ / 
if  (OBJ ISNAME(name)  ||  0 B J I S S I G ( n a m e ) ||  0 B J I S S E C ( n a m e ) ) 
pname  = &name->g.next; 

/*  If  not  a name  or  wrong  length,  no  match  */ 
if  (!OBJISNAME(name)  ||  name->n.len  ! = len) 
continue; 


> 


/*  If  in  memory,  compare  that  */ 
if  (NAMEISCACHED(&name->n)  ) { 


i f 


> else  { 


(memcmp(name->n.name.ptr,  pool->pktbuf, 
return  name;  / * Success  * / 


> 


if  ( name->n  . name . hash  ==  hash 

&&  (i  = n ame s d i f f e r ( f i l e , name))  <=  0) 
return  i<0  ? NULL  : name; 


len) 


0) 


/*  Failed  to  find  a name  - create  one  */ 
name  = r i ngNewName ( poo  l ) ; 
if  (name)  { 

name->g.next  = *pname; 

★pname  = name; 
name->g.up  = parent; 
name->n.  len  = len; 

name->n. name. hash  = hash;  /*  May  overwrite  below  */ 

/*  Default  new  names  to  unknown  trust  */ 
name->n.trust  = P G P_N  A M E T R U S T_U  N KN  0 W N ; 

#if  10LDTRUST 

name->n . va  l i d = name->n . va  l i di ty  = 0; 
name->n. confidence  = P G P_N  E W T R U S T_U  NDEFINED; 
NAMESETNEWTRUST(Sname->n); 

# e nd i f 
# i f 1 

/*  You  might  want  to  disable  this  for  MSDOS  */ 
if  ( ! ( f i le->set . mask  S MEMR I NGMASK) ) { 

/*  Don't  "cache"  in  memring,  it  is  for  new  creations  */ 
buf  = (char  *)memPoolAlloc(&file->strings,  len,  1); 
if  (buf)  { 

memcpy(buf,  poo l -> p k t bu f , len); 

name->n.name.ptr  = buf; 

name->g.f lags  &=  ~ N AM E F_F I L E M A S K ; 

name->g. flags  |=  ringLsBitFind(file->set.mask); 

NAMESETCACHED(&name->n); 

> 
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#end  i f 


y 


y 


y 

return  name; 


/ * 

* Return  1 if  the  signature  in  the  ring's  pktbuf  differs  from  the 

* sig  in  its  various  homes,  0 if  it  is  the  same,  and  <0  if  there 

* is  some  sort  of  error. 

* Does  *not*  alter  filel's  read  position  unless  there  is  an  error. 

*/ 

static  i n t 

s i g s d i f f e r ( s t r u c t RingFile  * f i lei,  union  RingObject  const  *sig) 

struct  RingPool  *pool  = f i l e 1 - > s e t . p o o l ; 
struct  RingFile  * f i l e 2 ; 
long  retpos=0; 
i n t i ; 
i n t bit; 

/*  Find  a matching  signature  */ 

bit  = ringl_sBitFind(sig->g.mask  S pool->filemask); 
assertCbit  >=  0); 
f i l e 2 = &pool->filesCbit]; 

assertCf i le2->f  ||  f i l e 2 -> s e t . ma s k ==  M E M R I NG M A S K ) ; 
if  ( f i l e 2 ==  filel  &&  fi  lei— >f  && 

(retpos  = pgpFileTell(file1->f))  < 0)  { 
ringErrlfi  lei,  pgpFileTell(file1->f),  PG P E R R_KE Y I 0_F T E L L ) ; 
return  P G P E R R_KE Y I 0_F T E L L ; 

> 

if  ( pg p F i l e S e e k ( f i l e 2 -> f , s i g -> g . po s . f po s , SEEK_SET)  !=  0)  f 

r i ng E r r ( f i l e2  , s i g - > g . p o s . f p o s , PG P E R R_KE Y I 0_S E E K I N G ) ; 
return  PG P E R R_KE Y I 0_S E E K I NG ; 

> 

i = ringPacketDiffers(file2,  sig,  P KT  B Y T E_S I G , (word32)-1); 

if  ( f i l e 2 ==  filel  &&  fi  lei— >f  && 

pg p F i l e S ee k ( f i l e 1 ->f , retpos,  SEE  K_S  E T ) !=  0)  { 
r i ng E r r ( f i l e 1 , s i g-> g . po s . f po s , PG P E R R_KE Y I 0_S E E K I N G ) ; 
return  P G P E R R_K E Y I 0_S E E K I N G ; 

> 

return  i; 

> 

static  union  RingObject  * 

r i n g F i nd S i g ( s t r u c t RingFile  *file,  union  RingObject  *parent) 
f 

struct  RingPool  *pool  = file->set.pool; 
union  RingObject  *key; 

union  RingObject  *sig,  **sigp,  **fsigp; 
i n t i ; 

/*  Properties  of  the  signature  */ 
i n t err; 

byte  pkalg,  keyIDC8]; 
word32  tstamp; 
word16  validity; 
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byte  type; 
byte  hashalg; 
byte  extra len; 

p k a L g = 0 ; 

err  = r i ng S i g Pa r s e ( ( by t e const  * ) po o L -> p k t bu f , poo  l -> p k t b u f l e n , 

Spkalg,  keylD,  Ststamp,  Svalidity,  Stype, 
Shashalg,  Sextralen); 


/*  Get  key  this  signature  is  by  */ 

key  = ringPooLFindDummyKeyCpool,  NULL,  pkalg,  keylD); 
if  ( ! k e y ) 

return  NULL; 


/*  Search  for  matching  sigs  */ 
fsigp  = &parent->g.down; 

for  (sigp  = fsigp;  (sig=*sigp)  ! = NULL;  sigp 
if  (OBJISSEC(sig)  ||  0 B J I S S I G ( s i g ) ) 

fsigp  = & s i g -> g . n e x t ; /*  predecessor 

if  (OBJISSIG(sig) 


&s i g->g  . nex  t ) { 


to  new  sig  * / 


&& 

&& 

&& 

S& 

&& 

&& 

ss 

&& 

&s 

&& 


s i g ->  s . by 
(sig->s.by->k 


g - > s 
g - > s 
g - > s 
s i g->  s 
s i g->  s 
! ( s i g->g 
! ( s i g->g 
( i 


t s t amp  = = 
type 

validity  == 
hashalg  == 
validity  == 
flags  S 
flags  S 


= = key 

pka  Ig  ==  pka  Ig  | 
= = t s t amp 
==  type 

validity 
hashalg 
validity 
SIG  F_E  R R 0 R ) = 
SIGF  NONFIVE) 


pkalg==1)  /*  ViaCrypt 


! err 

:=  (extralen  ==  5) 


s i g s d i f f e r ( f i l e , sig))  <=  0) 


return  i<0  ? NULL 


sig, 


/*  Not  found  - allocate  a new  sig  */ 
sig  = ringNewSig(pool); 
if  (sig)  { 

/*  Add  new  sig  before  any  user  ID's  */ 
sig->g.next  = *fsigp; 

★fsigp  = sig; 

sig->s.by  = (union  RingObject  *)key; 
sig->g.up  = parent; 
if  (err) 


> 


i 

i 

s 

s 

s 

s 

s 


sig->g.  flags  |=  SIG  F_E  R R 0 R ; 
f (extralen  !=  5) 

sig->g. flags  |=  S I G F_N 0 N F I V E ; 
f (OBJISKEY(parent)) 

sig->g.  flags  |=  SIG  F_KE  Y ; 
ig->s.tstamp  = tstamp; 
i g - > s . validity  = validity; 
ig->s.type  = type; 
i g - > s . hashalg  = hashalg; 
i g - > s . trust  = 0; 


return  sig; 


> 
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* Return  1 if  the  blob  in  the  ring's  pktbuf  differs  from  the 

* blob  in  its  various  homes,  0 if  it  is  the  same,  and  <0  if  there 

* is  some  sort  of  error. 

* Does  *not*  alter  filel's  read  position  unless  there  is  an  error. 

*/ 

static  i n t 

unkdi f f erlstruct  RingFile  *file1,  union  RingObject  const  *unk) 

{ 

struct  RingPool  * p o o l = file1->set.pool; 
struct  RingFile  * f i l e 2 ; 
long  retpos=0; 
i n t i ; 
i n t bit; 

/*  Find  a matching  unk  */ 
f i l e 2 = ringBestFileCpool,  unk,  0 ) ; 

bit  = ringLsBitFind(unk->g.mask  & pool->filemask); 
assertlbi t >=  0); 
f i l e 2 = &pool->filesCbitd; 

assert  ( f i l e 2 - > f ||  file2->set.mask  ==  MEMRINGMASK); 

if  ( f i l e 2 ==  filel  SS  fi  lei— >f  8&  ( r e t po s = pg p F i l e T e l l ( f i l e 1 -> f ) ) < 0)  t 
ringErrlf i lei  , pg p F i l e T e l l ( f i l e 1 - > f ) , P G P E R R_K E Y I 0_F T E L L ) ; 
return  PG P E R R_KE Y I 0_F T E LL ; 

> 

if  ( pg  p F i l e S e e k ( f i l e 2 ->  f , unk->g  . pos  . fpos,  SEEK_SET)  !=  0)  -C 

r i ngE r r ( f i l e2 , unk->g . pos . fpos,  PG P E R R_KE Y I 0_S E E K I N G ) ; 
return  PG P E R R_KE Y I 0_S E E K I NG ; 

> 

i = r i ng Pa c ke t D i f f e r s ( f i l e2 , unk,  PKTB Y T E_T Y P E ( u n k-> u . p k t by t e ) , 

pool->pktbuflen+1 ) ; 

if  ( f i l e 2 ==  filel  &&  filel — >f  && 

pgpFileSeek(file1->f,  retpos,  SEEK_SET)  !=  0)  { 
r i ng E r r ( f i l e 1 , unk->g . pos . fpos,  PG P E R R_KE Y I 0_S E E K I NG ) ; 
return  PG P E R R_KE Y I 0_S E E K I N G ; 

> 

return  i ; 

> 

/* 

* Get  a struct  RingUnk  on  the  given  chain  matching  the  one  in  the  ring's 

* pktbuf  with  the  given  pktbyte.  Returns  0 if  it  runs  out  of  memory 

* or  can't  read  the  file.  (The  ring's  error  is  set  to  reflect  this.) 

* It  does  *not*  add  the  FilePos  or  set  the  mask  bit. 

* Does  *not*  alter  the  given  file's  read  position  unless  there  is  an  error. 

* / 

static  union  RingObject  * 

r i ng F i nd U n k ( s t r u c t RingFile  *file,  union  RingObject  *parent,  byte  pktbyte) 

{ 

struct  RingPool  *pool  = f i l e -> s e t . po o l ; 
union  RingObject  * u n k , * * u n k p ; 
word32  hash; 
i n t i ; 

hash  = ringHashBuf((byte  const  *)pool->pktbuf,  pool->pktbuflen); 

for  (unkp  = &parent->g.down;  (unk=*unkp)  !=  NULL; 

unkp  = &unk->g  . next ) { 
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> 


> 


/* 


* If  the  type,  hash  and  pktbyte  match,  try  to  compare... 

* Note  that  the  pktbyte  *must*  match  or  na me s d i f f e r ( ) 

* will  complain  loudly. 

*/ 


i f 


> 


(OBJ  ISUNK(unk) 

SS  unk->u . hash  ==  hash 

&&  un k-> u . p k t by t e ==  pktbyte 

&&  (i  = u n kd i f f e r ( f i l e , unk)  ) <=  0) 

return  i<0  ? NULL  : unk; 


/*  Failed  to  find  a name  - create  one  */ 
unk  = ringNewUnk(pool); 
if  (unk)  { 

*unkp  = unk; 
unk->g  .up  = parent; 
unk->u. pktbyte  = pktbyte ; 
unk->u. hash  = hash; 

/*  Default  new  names  to  unknown  trust  */ 

> 

return  unk; 


/*  Return  the  list  of  trpuble  associated  with  a RingFile.  */ 
struct  RingTrouble  const  * 

ringFi  leTrouble(struct  RingFile  const  *file) 

{ 

return  file->trouble; 

> 


/ * 

* Functions  for  manipulating  the  Trouble  list. 
*/ 


/ * Zero  out  a RingFile' s Trouble  list;  it  has  been  dealt  with.  * / 
void 

ringFilePurgeTrouble(struct  RingFile  *file) 

{ 

memPoolEmpty(&file->troublepool); 
file->trouble  = NULL; 
file->troubletail  = &file->trouble; 

> 


/* 

* Log 

* / 

static 

ringFi 

{ 


some  trouble  with  a RingFile. 
i n t 

eLog(struct  RingFile  *file,  union 
word32  fpos,  int  type) 

struct  RingTrouble  * t ; 


RingObject 


*ob  j , 


word32  num. 


t 

i f 


(struct  RingTrouble  * ) m e m P o o l N e w ( S f i l e - > t r o u b l e p o o l , 
struct  RingTrouble); 

! t ) 

return  PG P E R R_N OM E M ; 
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> 


t ->  n e x t 
t->ob  j 
t->num 
t ->  f po  s 
t ->  t y pe 


NULL; 
obj; 
num; 
f p o s ; 
t y p e ; 


*file->troubletail  = t; 
file->troubletail  = &t->next; 
return  0; 


/ * 

* aaa  This  needs  fixing  - we  should  complain  about  a key 

* names  in  *this*  file,  even  if  it  has  names  in  others. 
*/ 

static  union  RingObject  const  * 
r i ngKey Ha s Name ( un i on  RingObject  const  *obj) 


> 


for  (obj  = obj->g.down;  obj; 

if  (OBJISNAMECobj ) ) 
break; 


return  obj; 


obj 


obj->g.next) 


w i t h o u t 


/* 

* How  to  skip  things.  Various  helper  functions  return  either 

* negative  fatal  error  codes  or  these  codes  indicating  what  to 

* do  to  recover  from  any  warnings.  These  never  exceed  15  bits, 

* so  "int"  is  the  right  type. 

* / 


t y p e d e f 

int  ski p_t ; 

# d e f i n e 

SKI P_T  RUST  1 

#def i ne 

SKI P_S I G 2 

# d e f i n e 

SKI P_N  A M E 4 

ft  d e f i n e 

SKI P_S  U B K E Y 8 

#def i ne 

SKI P_K  E Y 16 

#d  e f i n e 

SKI P_S I G S (SKIP 

_T  RUST 

| SKI P_S I G ) 

ti  d e f i n e 

SKI P_T  0_K  E Y (SKI P_S I G S 

| SKI P_N  A M E | 

#d  e f i n e 

PB_PUBKEY( key) 

(OBJ  I STOPKE Y ( key ) 

? \ 

P KT B Y T E_B  U I L D ( PKTBYTE_ 

PUBKEY,  0) 

: \ 

P KT  B Y T E_B  U I L D ( P KT  B Y T E_ 

PUBSUBKEY, 

0)  ) 

# d e f i n e 

P B_S  ECKEY(key) 

(OBJISTOPKEY(key) 

? \ 

P KT B Y T E_B U I L D ( P KTB  Y T E_ 

SECKEY,  0) 

: \ 

P KT  B Y T E_B  UILD(PKTBYT  E_ 

SECSUBKEY, 

0)  ) 

# d e f i n e 

/* 

P B_S I G P KT  B Y T E_ 

BUILD(PKTBYT  E_S I G , 

0) 

SKIP  SUBKEY) 


* Add  a new  key  to  the  Pool,  with  its  *parent*  at  the  given  level 

* (0  means  adding  top-level  key)  in  the  Ri nglterator . Leave  the 

* Ringlterator  pointing  to  the  newly  created  key.  Return  <0  on  error, 

* 0 if  the  key  was  created,  and  a skip  code  > 0 if  it  was  created  with 

* a warning  of  some  sort. 

*/ 


static  int 

r i n g Add Ke y ( s t r u c t RingFile  *file,  struct  Ringlterator  *i ter,  word32  fpos. 
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int  trusted,  byte  pkttype) 

union  RingObject  *key,  * s e c , *parent; 

byte  pkalg,  keyIDC8H; 

word16  keybits; 

w o r d 3 2 tstamp; 

word16  validity; 

int  i,  err,  level; 

pkalg  = 0 ; 

err  = ringKeyParsel (byte  const  * ) f i l e-> s e t . po o l -> p k t bu f , 

fi  le->set.pool->pktbuflen,  &pkalg, 
keylD,  Skeybits,  Ststamp,  Svalidity,  0); 

if  (pkttype  ==  PKTBYTE_PUBSUBKEY)  { 

/*  Subkey  * / 

if  ( ! i t e r->  l e v e l ) { 

i = r i n g F i l e Log ( f i l e , NULL,  0,  fpos, 

PG PE RR_TR0UBLE_UNX SUBKEY ) ; 
return  i < 0 ? i : SKIP_SIGS; 

> 

parent  = i t e r-> s t a c k L 0 ] ; 
level  = 1 ; 

> else  t 

parent  = NULL; 
level  = 0 ; 


if  ( i t e r->  l eve  l ) f 

key  = iter->stackC0D; 
assert(OBJISKEYCkey)); 


> 


> 


/* 
i f 


> 


Complain  about  a key  with  no  Names  */ 

( ! r i n g Ke y H a s N a me ( k e y ) ) { 

i = r i n g F i l e Log ( f i l e , key,  0, 

r i n g F i l e Po s ( k e y , file)->fpos, 
PG  P E R R_T  R 0 U B L E_B  A R E K E Y ) ; 

if  ( i < 0) 

return  i; 


/*  aaa  Should  we  not  care  about  this?  */ 

/*  If  keys  not  in  sorted  order,  dirty  */ 
if  ( r i ng Key  I D c mp ( k ey-> k . k e y I D , keylD)  > 0) 
ringFi  leMarkDirtyCfi  le); 


/*  Find  the  matching  key  structure  */ 

key  = ringPoolFindDummyKey(file->set.pool,  parent,  pkalg,  keylD); 
if  ( ! k e y ) 

return  ringFi  leErrorCfi  le)->error; 


/*  See  if  it's  a new  key  or  the  same  key  */ 
if  (key->g.mask  ==  0)  { 

/*  Newly  created  dummy  key;  fill  in  info  */ 
if  (pkttype  ==  PKTBYTE_PUBSUBKEY  &&  0 B J I S T 0 P KE Y ( k e y ) ) { 

/* 

* Here  on  a former  dummy  top-level  key  which 

* has  turned  out  to  be  a subkey.  Dummy  key 
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> 


* would  have  been  created  if  we  saw  a sig  by 

* it.  Change  key  to  a subkey. 

* / 

i = r i ng Fi  l eLog ( f i l e , NULL,  0,  fpos, 

PGPERR_TROUBLE_S I G SUB  KEY ) ; 

if  ( i < 0) 

return  i ; 

ringPoolUnlinkKeyCfi le->set.pool,  key)  ; 
key->k.  flags  |=  R I NGOB J F_SUBKE Y; 
r i n g P o o l L i n k Ke y ( f i l e - > s e t . p o o l , parent,  key, 

pkalg,  keylD); 


key->k.pkalg  = pkalg;  / * ViaCrypt  * / 
key->k.tstamp  = tstamp; 
key->k. validity  = validity; 
key->k.keybits  = keybits; 
key->k. trust  = 0 ; 
if  (err) 

key->g.  flags  |=  KEYF_ERROR; 

> else  if  (keybits  !=  key-> k . keyb i t s 

||  pkalg  ! = key->k. pkalg  /*  ViaCrypt  */ 

| | tstamp  !=  k ey-> k . t s t a mp 
||  validity  !=  key-> k . va  l i d i t y 

||  parent  !=  ( OB J I S TO P ( k ey ) ? NULL  : key->g.up) 

||  ! ( key->g . f lags  & KEY  F_E  R R 0 R ) !=  !err) 

{ 

i = r i ng F i l e Log ( f i l e , key,  0,  fpos, 

P G P E R R_T  R 0 U B L E_D  U P KE  Y I D ) ; 
return  i < 0 ? i : SKIP_TO_KEY; 


/* 


> else  if  ( ( i =keysd i f f er ( f i l e, key , PB_PUBKE Y ( key ) ) ) !=  0)  { 

if  ( i < 0) 

return  i ; 

if  ( ( OB J I ST0PKE Y ( key ) &&  pkttype==PKTBYTE_PUBSUBKEY ) || 

( OB J I SSUBKEY ( key ) &&  p k t t y p e == P KT B Y T E_P U B K E Y ) ) { 
i = r i ng F i l e Log ( f i l e , key,  0,  fpos, 

P G P E R R_T  R 0 U B L E_K  EYSUBKEY); 
return  (i  < 0)  ? i : SKIP_T0_KEY; 

> 


KLUDGE  : 


version 

/* 

* 

•k 

k 

k 

* 

* 

*/ 


byte  bug  * / 

A key  with  a version  byte  of  2 only  overrides  previous 
keys  with  a byte  of  3 if  they  are  all  untrusted 
secret  keys  and  this  is  either  a secret  key  or  from 
a trusted  public  keyring.  A key  with  a version  byte 
of  3 is  only  overridden  if  it's  secret  and  previous 
keys  include  a secret  key  or  a trusted  public  key. 


if  (i  ==  PGPVERSI0  N_2 
&&  trusted 

&&  ! ( key->g  . f lags  & R I N G 0B J F_T R U S T ) 

&&  ! ( ( r i n g Ke y S e c Ma s k ( k ey ) A key->g.mask) 

S f i l e -> s e t . po o l -> f i l ema s k ) ) 

i = r i ng F i l e Log ( f i l e , key,  0,  fpos, 

P G P E R R_T  R 0 U B L E_V  ERSI0N_BU  G_P  R E V ) ; 
if  ( i < 0) 
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> else 

/*  End  of  KLUDGE  */ 


> 


> 


return  i ; 

/*  Set  all  those  secret  version  bug  flags  */ 
for  (sec  = key->g.down;  sec;  sec  = sec->g.next) 
if  (OBJISSEC(sec)) 


{ 


sec->g  . flags 


SEC  F_V  E R S I 0 N_B  U G ; 


i = r i ng F i l e Log ( f i l e , key,  0,  fpos, 

PG  P E R R_T  ROUBLE_DUPKEYI D ) ; 

if  ( i < 0) 

return  i ; 

return  i < 0 ? i : SKIP_T0_KEY; 


/ * 

* Already  present  in  this  keyring? 

* If  so,  accept  following  sigs  S userids  (they  may 

* not  be  duplicates),  but  flag  a warning. 

* / 

if  (key->g.mask  S f i le->set .mask)  { 

i = r i ng F i l e Log ( f i l e , key,  0,  fpos,  P G P E R R_T R 0 U B L E_D U P KE Y ) ; 
if  (i  < 0) 

goto  failed; 
i = S K I P_T RUST; 

> else  { 

/*  Add  the  FilePos  */ 
i = r i n g Add Po s ( k ey , file,  fpos); 
if  ( i < 0) 

goto  failed; 

> 

/ * Add  successful;  indicate  it  in  the  mask  * / 
key->g.mask  |=  iter->set.mask; 
i ter->stackl leve  l ] = key; 
iter->level  = level+1; 
return  i ; 


f a i led: 


> 


if  (!key->g.mask) 

ringFreeDummyKey(f i le->set .pool,  key); 
return  i ; 


/ * 

* Add  a new  secret  to  the  Pool,  as  two  objects:  a key  (with  its  *parent* 

* at  the  given  level  in  the  Ringlterator;  0 means  add  a top-level  key) 

* and  a signature  as  its  child.  Leave  the  Ringlterator  pointing  to  the 

* newly  created  secret.  Return  <0  on  error,  0 if  the  key  was  created, 

* and  a skip  code  >0  if  they  key  was  created  with  a warning  of  some  sort. 

* 

* This  is  * r i d i c u l o u s l y * hairy.  Is  there  a way  to  clean  it  up? 

* aaa  TODO:  Add  PGPERR_TR0UBLE_0LDSEC  and  _NEWSEC  handling. 

*/ 

static  i n t 

r i ng Ad d S e c ( s t r u c t RingFile  *file,  struct  Ringlterator  *i ter,  word32  fpos, 
byte  pkt  type ) 

{ 

union  RingObject  *key,  *sec,  *parent; 
byte  pkalg,  keyIDC8H; 
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word16  keybits; 
word32  tstamp; 
wordld  validity; 
int  i , err; 
i n t level; 
int  flags  = 0; 

p k a l g = 0 ; 

err  = r i n g Ke y P a r s e ( ( by t e const  * ) f i l e-> s e t . po o l -> p k t bu f , 

fi  le->set .pool->pktbuflen,  & p k a l g , 
keylD,  Skeybits,  Ststamp,  &validity,  1 ) ; 

if  ( pkt  type  ==  PKTB Y T E_S E C S U BKE Y ) { 

/ * Subkey  * / 

if  ( ! iter->level)  { 

i = r i ng F i l e Log ( f i l e , NULL,  0,  fpos, 

PG PE RR_TR0UBLE_UNX SUBKEY ) ; 
return  i < 0 ? i : SKIP_SIGS; 

> 

parent  = iter->stackCOII; 
level  = 1 ; 

> else  i 

parent  = NULL; 

level  = 0 ; 


> 


if  ( i t e r->  level)  { 

key  = i ter->stack[01; 
assert(OBJISKEYCkey)); 


> 


/* 
i f 


> 


Complain  about  a key  with  no  Names  */ 

( ! r i n g Key H a s Na me ( key ) ) { 

i = r i ng F i l e Log ( f i l e , key,  0, 

ringFi  lePoslkey,  file)->fpos, 
P G P E R R_T R 0 U B L E_B A R E K E Y ) ; 

if  (i  < 0) 

return  i; 


/*  aaa  Should  we  not  care  about  this?  */ 

/*  If  keys  not  in  sorted  order,  dirty  */ 
if  ( r i n g Key  I D c mp ( k e y-> k . k e y I D , keylD)  > 0) 
ringFi  leMarkDirty(fi  le); 


/*  Find  the  matching  key  structure  */ 

key  = ringPoolFindDummyKey(file->set.pool,  parent,  pkalg,  keylD); 
if  ( ! k e y ) 

return  ringFi  leErrorCfi  le)->error; 

/*  See  if  it's  a new  key  or  the  same  key  */ 
if  (key->g.mask  ==  0)  C 

/*  Newly  created  dummy  key;  fill  in  info  * / 
if  (pkttype  ==  PKT B YT E_S E C S U BKE Y &&  0 B J I S T 0 P K E Y ( k e y ) ) { 

/ * 

* Here  on  a former  dummy  top-level  key  which 

* has  turned  out  to  be  a subkey.  Dummy  key 

* would  have  been  created  if  we  saw  a sig  by 

* it.  Change  key  to  a subkey. 
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> 


/*  KLUDGE 


> 


* / 

i = r i n g F i l e Log ( f i L e , NULL,  0,  fpos, 

P G P E R R_T  ROUBLE_SIGSUBKEY) ; 

if  (i  < 0) 

return  i ; 

ringPoolUnlinkKeyCfi  le->set  .pool,  key); 
key->k. flags  |=  R I N G 0 B J F_S  U B K E Y ; 
r i n g Po o l L i n k Key ( f i l e -> s e t . po o l , parent,  key, 

pkalg,  keylD); 


/*  Newly  created  dummy  key;  fill  in  info  */ 

key->k. pkalg  = pkalg;  /*  ViaCrypt  */ 

key->k.tstamp  = tstamp; 

key-> k . va  l i d i t y = validity; 

key->k.keybits  = keybits; 

key->k. trust  = 0; 

if  (err) 

key->g. flags  |=  KEY  F_E  R R 0 R ; 

else  if  (keybits  !=  k e y-> k . k ey b i t s 

||  pkalg  !=  key->k. pkalg  /*  ViaCrypt  */ 

| | tstamp  !=  k e y-> k . t s t amp 
||  validity  !=  k ey-> k . va  l i d i t y 

||  parent  !=  ( 0 B J I S T 0 P ( k e y ) ? NULL  : key->g.up) 

||  ! ( key->g .flags  & KEY  F_E  R R 0 R ) !=  !err) 

i = ringFi  leLoglfi  le,  key,  0,  fpos,  PG P E R R_T R 0 U B L E_D U P KE Y I D ) ; 
return  i < 0 ? i : SKIP_T0_KEY; 


else  if  ( ( i = k ey s d i f f e r ( f i l e , key , PB_S E C KE Y ( key ) ) ) !=  0)  T 
if  ( i < 0) 

return  i; 

if  ( ( 0B J I ST0PKE Y ( key ) &&  p k t t y p e == P KT B Y T E_P U B S U B K E Y ) 
( 0B J I SSUBKE Y ( key ) &&  p k t t y p e == P KT B Y T E_P U B K E Y ) ) t 
i = r i n g F i l e Log ( f i l e , key,  0,  fpos, 

PG PE RR_TR0UBLE_KEY SUBKEY ) ; 
return  (i  < 0)  ? i : SKIP_T0_KEY; 


I I 


version 

/* 

★ 

byte 

bug  * / 

A key 

with  a version  byte 

of  2 

only  overrides 

previous 

★ 

keys 

with  a byte  of  3 if  they 

are  all  untrusted 

★ 

secret  keys  and  this  is  either 

a secret 

key  or  from 

★ 

a trusted  public  keyring. 

A key  with  a 

versi 

on  byte 

★ 

of  3 

is  only  overridden  if 

i t ' 

s secret 

and  previous 

★ 

*/ 
i f 

keys 

include  a secret  key 

or  a 

trusted 

public 

key  . 

( i = = 

PGPVERSI0  N_2 

SS  ! 

( k ey-> g . f l a g s & RING0BJF_ 

TRUST) 

SS  ! 

((ringKeySecMask(key) 

A key->g.mask)  & 

fi l e->  s e t . po  o l - > f i lemask)  ) 


i = r i ng F i l e Log ( f i l e , key,  0,  fpos, 

P G P E R R_T  R 0 U B L E_V  E R S I 0 N_B  UG_PREV) 
if  ( i < 0) 


return  i ; 

/*  Set  all  those  secret  version  bug  flags  */ 
for  (sec  = key->g.down;  sec;  sec  = sec->g.next) 
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/*  End 


> else 


> else 

of  KLUDGE  */ 


> 


> 


if  (OBJISSEC(sec) ) 

sec->g. flags  |=  SEC  F_V  E R S I 0 N_B  U G ; 
if  (i  ==  PGPVERSI0N_2_6 

&&  ( key->g . f lags  & R I N G 0 B J F_T R U S T 
||  r i n g Key S e c Ma s k ( k e y ) ) ) 

i = r i n g F i l e Lo g ( f i l e , key,  0,  fpos, 

PGPERR_TROUBLE_VERSION_BUG_CUR); 
if  ( i < 0) 

return  i ; 

flags  |=  SEC  F_V  E R S I 0 N_B  U G ; 

/*  Fix  the  problem  */ 

file->set.pool->pktbufCO]  = PG P V E R S I 0 N_2 ; 

{ 


i = r i n g F i l e Lo g ( f i l e , key,  0,  fpos, 

P G P E R R_T  R 0 U B L E_D  U PKEYID); 

if  ( i < 0) 

return  i ; 

return  i < 0 ? i : SKIP_T0_KEY; 


/*  Okay,  we've  got  the  public  key.  Now  add  the  secret.  */ 


sec  = r i n g F i nd S e c ( f i l e , key); 
if  ( ! s e c ) f 

i = ringFileError(file)->error; 
goto  failed; 

> 

sec->c.  flags  |=  flags; 


if  (sec->g.mask  & f i l e -> s e t . ma s k ) { 

i = r i ng F i l eLog ( f i l e,  key,  0,  fpos,  PG P E R R_T R 0U B L E_D U P S E C ) ; 
if  ( i < 0) 

goto  failed; 
i = SKI P_T  RUST; 

> else  f 

/*  Add  the  FilePos  */ 
i = ringAddPoslsec,  file,  fpos); 
if  (i  < 0)  f 

assert(sec->g.mask); 
goto  failed; 

> 

> 

/ * 

* Already  present  in  this  keyring? 

* If  so,  accept  following  sigs  & userids  (they  may 

* not  be  duplicates),  but  flag  a warning. 

* If  the  previous  instances  were  all  public  keys, 

* but  this  is  a secret  key,  "upgrade"  the  reference. 

* / 

if  (key->g.mask  & f i l e-> s e t . ma s k ) { 

/*  Only  do  this  if  it  wasn't  a duplicate  *secret*  */ 
if  ( i ! = SKI P_T RUST)  { 

i = ringFileLogCfile,  key,  0,  fpos, 

P G P E R R_T  R0UBLE_DUPKEY ) ; 

if  ( i < 0 ) 
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goto  failed; 

ringAlterFilePos(key,  file,  fpos); 
i = SKI P_T  RUST; 

> 

> else  { 

/*  Add  the  FilePos  */ 
err  = i ; 

i = ringAddPosCkey,  file,  fpos); 
if  ( i < 0) 


goto  failed; 

i = err; 

> 

/ * Add  successful;  indicate  it  in  the  mask  * / 

key->g.mask  |=  i ter->set  .mask; 

sec->g.mask  |=  iter->set.mask; 

i t e r-> s t a c k C l e v e l d = key; 

i t e r-> s t a c k [ l e v e l + 1 d = sec; 

iter->level  = level+2; 

return  i ; 


f a i led: 


> 


if  (!key->g.mask) 

ringFreeDummyKeylfi le->set.pool,  key); 
return  i ; 


/ * 

* Add  the  name  in  the  RingPool's  pktbuf  to  the  sets  mentioned 

* in  the  given  iterator,  which  points  to  the  location  where  the 

* name  should  be  added.  Leaves  the  Ringlterator  pointing  to  the 

* name  just  added. 

*/ 

static  i n t 

r i ngAddName ( st  rue  t RingFile  *file,  struct  Ringlterator  *i ter,  word32  fpos) 

{ 

union  RingObject  *name; 
i n t i ; 

assert(iter->level  >=  1); 

name  = ringFindNamelfile,  iter->stackC0d); 
if  ( ! name  ) 

return  ringFi  leErrorlfi  le)->error; 

/ * 

* Already  present  in  this  keyring? 

* 

* If  so,  accept  following  sigs  (they  may  not  be 

* duplicates),  but  flag  a warning. 

* / 

if  ( name->g  . ma s k & f i l e-> s e t . ma s k ) { 

i = ringFileLogCfile,  name,  0,  fpos,  PG P E R R_T R 0 U B L E_D U PN A M E ) ; 
if  ( i < 0) 

return  i ; 
i = SKI P_T RUST; 

> else  { 

/*  Add  the  FilePos  * / 
i = ri ngAddPos (name,  file,  fpos); 
if  (i  < 0)  -C 

assert(name->g.mask); 
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return  i ; 

> 

> 

name->g.mask  |=  i ter->set .mask;  / * ALL  done  * / 
iter->stackC1]  = name; 
iter->LeveL  = 2 ; 
return  i ; 


static  i n t 

r i ng Add S i g ( s t r u c t RingFiLe  *fiLe,  struct  Ringlterator  *i ter,  word32  fpos) 
t 

union  RingObject  * s i g ; 
i n t L e v e L ; 
i n t i ; 

assert(iter->LeveL  >=  1 ) ; 

/*  Stack  position  of  parent:  0 or  1 */ 

LeveL  = (iter->LeveL  > 1 && 

( OB J I SNAME ( i t er->s t ac k[ 1 3 ) ||  0 B J I S S U B K E Y ( i t e r - > s t a c k L 1 ] ) ) ) ; 
sig  = ringFindSigCfiLe,  iter->stackELeveL3); 
if  ( ! s i g ) 

return  ringFi LeErrorCfi Le)->error; 


> 


/*  ALready  present  in  this  keyring?  CompLain.  */ 
if  ( si g->g .mask  & f i L e-> s e t . ma s k ) { 

i = r i ng F i L eLog ( f i L e,  sig,  0,  fpos,  P G P E R R_T R 0 U B L E_D U P S I G ) ; 
if  ( i < 0) 

return  i; 
i = SKI  P_TR LIST; 

> e L s e { 

/*  Add  the  FiLePos  */ 
i = ringAddPosCsig,  f i L e , fpos); 
if  (i  < 0)  C 

assert(sig->g.mask); 
return  i ; 

> 

> 

sig->g.mask  |=  i ter->set  .mask;  /*  ALL  done  */ 
iter->stackCLeveL+1]  = sig; 
iter->LeveL  = LeveL+2; 
return  i ; 


/* 

★ 

★ 

★ 


Add  the  unknown  object  in  the  RingPooL's  pktbuf  to  the  sets  mentioned 
in  the  given  iterator,  which  points  to  the  Location  where  the 
object  shouLd  be  added.  Leaves  the  Ringlterator 
object  just  added. 


pointing  to  the 


★ 

*/ 

static  i n t 

r i ng AddUn k ( s t r u c t RingFiLe 
byte  pktbyte) 

{ 


* f i L e , struct  Ringlterator  *i  ter,  word32  fpos. 


union  RingObject  *unk; 
i n t LeveL; 
i n t i ; 


assert(iter->LeveL  >-  1); 
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/*  Stack  position  of  parent:  0 or  1 */ 
level  = iter->level  - 1 ; 

/ * Place  this  * / 

if  ( OB J I S U N K ( i t e r-> s t a c k C l e v e l D ) &&  level) 
level--; 

unk  = ringFindUnk(file,  iter->stackClevel],  pktbyte); 
if  ( ! unk) 

return  ringFi  LeErrorCfi  le)->error; 


> 


/* 

* Already  present  in  this  keyring?  If  so,  warn... 

* / 

if  (unk->g . mask  & f i le->set  .mask)  { 

i = r i ng F i l eLog ( f i l e,  unk,  0,  fpos,  PG P E R R_T R 0 UB L E_D U PU N K ) ; 
if  ( i < 0) 

return  i ; 
i = SKI P_T  RUST; 

> else  { 

/ * Add  the  FilePos  * / 
i = ringAddPosCunk,  file,  fpos); 
if  (i  < 0)  -C 

assert(unk->g.mask); 
return  i ; 

> 

} 

/ * All  done,  we're  happy...  * / 
unk->g.mask  |=  i ter->set . mask; 
iter->stackllevel+1]  = unk; 
iter->level  = level+2; 
return  i ; 


/***  The  feature  presentation  ***/ 

/ * 

* KLUDGE:  PGP  2.6  had  a bug  wherein  if  you  changed  the  passphrase  on 

* a secret  key,  the  newly  encrpyted  secret  key  would  be  written  out 

* with  a version  byte  of  P G P V E R S 1 0 N_2_6  (=  3),  even  if  the  original 

* was  P G P V E R S I 0 N_2  (=  2).  PGP  2.6  didn't  notice  the  problem  and 

* would  continue  to  function  very  happily  with  the  problem. 

* 

* The  code  here  notices  and  attempts  to  undo  the  problem, 

* "overriding"  the  version  byte  of  3 and  forming  a consistent 

* idea  of  the  key's  version  byte. 

* The  only  problem  is  avoiding  a deni  a l-of-servi ce  attack  if 

* someone  sends  me  a public  key  with  a version  byte  of  2 and 

* I compare  it  with  my  secret  key  with  a (correct)  version 

* byte  of  3,  and  fix  my  secret  key  to  2 to  correspond. 

* It  could  cause  problems  unfixable  except  with  a binary  file 

* editor.  So  we  only  accept  evidence  of  the  bug  under  certain 

* conditions.  To  be  precise: 

* 

* - A key  with  a version  byte  of  2 can  only  override  the  previous 

* version  bytes  of  3 if  all  previous  keys  are  secret  keys 

* without  trust  information  and  the  key  is  either  a secret  key 

* or  from  a trusted  public  keyring. 

* - A key  with  a version  byte  of  3 is  only  overridden  by  previous 
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* keys  if  it  is  a secret  key  and  the  previous  keys  include  a 

* secret  key  or  a key  from  a trusted  keyring. 

* 

* A Trouble  record  is  logged  in  either  case.  T RO UB L E_V E R S I 0 N_B UG_P R E V 

* if  previous  keys  had  the  version  bug  and  T R 0 UB L E_V E R S I 0N_BUG_C U R if 

* the  current  key  has  it. 

* 

* - Fixing  instructions: 

* - We  want  to  split  out  a function  to  add  a single  object. 

* - Replace  parse  tree  state  with  ringlterator. 

* - Fiddle  with  trust  packets  somehow. 

* - Use  the  fact  that  r i n g F i l e D o C l o s e gets  rid  of  half-built 

* keys  to  simplify  the  public-key-gathering  part. 

* DANGER,  WILL  ROBINSON:  What  about  running  out  of  memory  when  creating 

* a new  key?  That's  one  case  when  it's  *not*  desirable  to  close 

* the  whole  file.  Grumble  moan  bitch  complain... 

* 

* Okay  a few  cases: 

* - The  secret  is  old,  as  is  the  key. 

* In  that  case,  we're  only  ZZ 
*/ 

struct  RingFile  * 

ringFi  leOpenlstruct  RingPool  * p o o l , struct  PgpFile  * f , int  trusted,  int 


/*  Oy, 

what  a lot  of 

variables!  * / 

/ * The 

RingFile  being 

opened 

* / 

struct 

RingFile  * f i l e 

f 

ringmask  mask; 

int  bit 

f 

/ * The 

current  state 

of  the 

parse  tree 

struct 

Ringlterator  i 

ter; 

union  RingObject  * o b j ; 

/*  Current  packet  info  */ 
int  pktbyte; 


word32  len,  fpos; 

char  * b u f ; 

/* 

Current  pktbuf  */ 

/*  Various  temporaries 

*/ 

int  i ; 

/* 

Multi-purpose  temp  */ 

# i f 10LDTRUST 

int  j , k ; 

/ * 

Additional  trust  packet  bytes  */ 

#end  i f 

byte  c ; 

/* 

for  pgpFileRead  */ 

s i z e_t  s i z e ; 

/ * 

Return  value  from  pgp F i l e Read ( ) */ 

byte  *tp; 

/* 

Pointer  to  trust  byte  */ 

struct  RingTrouble  const  * trouble; 


/ * Flags  * / 

int  dirty  = 0,  trustdirty  = 0 ; 
s k i p_t  skip; 

int  trustf;  /*  1 for 

int  trustmissing;  / * OR  of 


trust,  2 for  optional 
trustf  values  * / 


trust  * / 


/ * 

* The  code  starts  here 

* / 


★error) 
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if  ( ! f ||  ! poo  l ) { 

★error  = 0; 

return  (struct  RingFile  * ) N U L L ; 

> 

assertC ! (pool->f i Lemask  & "poo  L->a  L Locmask)  ) ; 

bit  = ringBitAlloc(pool); 
if  (bit  < 0)  { 

★error  = PG P E R R_N0_KE Y B I T S ; 
return  NULL; 

> 

assert (bi t < MEMRINGBIT); 

file  = &pool->filesCbitH; 
mask  = (ringmask)l  <<  bit; 
assert(file->set.mask  ==  mask); 

pool->fi  lemask  |=  mask; 
pool->al locmask  | = mask; 

/*  Set  this  file  as  the  lowest-priority  file  * / 
ringFi  LeLowPri (fi  le); 

assert( !fi le->set.next); 

f i l e — > f = f; 

file->destructor  = NULL; 
file->arg  = NULL; 
file->version  = PG PV E R S I 0 N_2 ; 

/*  Start  out  with  a clean  slate  */ 

★error  = 0; 

/★  Initialize  a null  Ringlterator  */ 
iter. set. pool  = pool; 
iter. set. mask  = 0; 

/★  There  is  no  current  key  */ 
iter. level  = 0; 

/*  There  is  no  current  packet  to  give  trust  to  */ 
trustf  = 0; 

/★  No  trust  is  missing,  yet  */ 
trustmissing  = 0; 

/★  Pay  attention  to  all  the  packets  */ 
skip  = 0 ; 


/ ★ 

* The  main  loop  over  each  packet. 

* / 

while  ((pktbyte  = p k t By t e G e t ( f i l e-> f , Slen,  &fpos))  > 0)  { 

switch  ( P KT  B Y T E_T  YPE(pktbyte) ) ( 

s k i p k e y : 

skip  = SKI P_T  0_KE  Y ; 
goto  skippkt; 

s k i pname  : 

skip  = SKI P_S I G S ; 
goto  skippkt; 
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s k i p s i g : 


s k i p p k t : 


skiptrust: 


skip  = SKI P_T RUST; 
goto  skippkt; 
default  : 

/* 

* Add  it  as  an  unknown  object  if  it's  not  the  first 

* thing  in  the  keyring... 

*/ 

if  (iter. level)  { 


i = 

ringAddUnk(fi le. 

S i t e r , 

fpos,  pktbyte); 

i f 

( i < 0) 

goto  failed; 

obj 

= iter.stackCiter 

. level 

-id; 

> else  { 

/*  Declare  keyring  bad  and  puke  here?  */ 

0 b j = N U L L ; 

> 

/*  Unexpected  packet  */ 

i = r i n g F i l e Lo g ( f i l e , obj,  pktbyte,  fpos, 

P G P E R R_T  R 0 U B L E_U  NKPKTBYTE) ; 

if  ( i < 0) 

goto  failed; 
goto  skippkt; 
case  P KT  B Y T E_C  0 M M E N T : 

/*  Silently  ignore  this  packet  */ 

trustmissing  |=  trustf; 
trustf  = 0; 
dirty  = 1 ; 

i = pgpFileSeek(file->f,  len,  SEEK_CUR); 
if  ( i ! = 0) 

goto  readerr; 

break; 

case  PKTBYTE_PUBKE Y : 
case  PKTBYTE_PUBSUBKEY : 

trustmissing  |=  trustf; 
trustf  = 1; 

if  (skip  & SKI P_K  E Y ) 
goto  skippkt; 
skip  = 0 ; 

/*  Check  for  grossly  oversized  key  */ 
if  (len  > R I N G K E Y_M  A X L E N ) { 

1 = r i ng F i l e Log ( f i l e , (union  RingObject  *)NULL, 

len,  fpos,  PGPERR_TROUBLE_KE Y2BIG ) ; 
if  ( i < 0) 

goto  failed; 
goto  skipkey; 

> 

buf  = ringReserve(pool,  ( s i z e_t ) l e n ) ; 
if  ( ! bu f ) 

goto  fatal; 

size  = pgpFileRead(buf,  (size_t) len,  fi  le  — >f) ; 
if  (size  !=  ( si ze_t ) len) 
goto  readerr; 
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po o L -> p k t bu f L e n = size; 

i = r i ng Add Ke y ( f i L e , Si  ter,  fpos,  trusted, 

PKTB YTE_TY PE ( pk tbyte ) ) ; 
if  ( i < 0) 

goto  failed; 
skip  = i ; 
trustf  = 1; 

break; 

case  PKTBYTE_SECKEY : 

case  PKTBYTE_SECSUBKEY : 

trustmissing  |=  trustf; 
trustf  = 1; 

if  (skip  & SKI P_KE  Y ) 
goto  skippkt; 
skip  = 0 ; 

/*  Check  for  grossly  oversized  key  */ 
if  (len  > R I N G S E C_M  A X L E N ) { 

i = r i ng F i l e Log ( f i l e , (union  RingObject  *)NULL, 
len,  fpos,  P G P E R R_T  R 0 U B L E_K  EY2BIG); 
if  ( i < 0) 

goto  failed; 
goto  skipkey; 

> 

buf  = ringReserve(pool,  (size_t) len); 
if  ( ! bu  f ) 

goto  fatal; 

size  = pg p F i l e R e a d ( bu f , (size_t) len,  fi Le  — >f) ; 
if  (size  !=  (si ze_t) len) 
goto  readerr; 
pool->pktbuflen  = size; 

i = r i ng Ad d S e c ( f i l e , Si  ter,  fpos, 

PKTB YTE_TY PE ( pk tbyte ) ) ; 

if  ( i < 0 ) 

goto  failed; 
skip  = i ; 
trustf  = 1; 

break; 

case  P KT  B Y T E_N  A M E : 

trustmissing  |=  trustf; 
trustf  = 1; 

if  (skip  S SKI P_N  A M E ) 
goto  skippkt; 
skip  = 0 ; 

if  (iter. level  < 1)  { 

i = r i ng F i l e Log ( f i l e , (union  RingObject  *)NULL, 
0,  fpos,  PG  P E R R_T  R 0 U B L E_U  NXNAME); 
if  ( i < 0) 

goto  failed; 
goto  skipname; 
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/*  Check  for  grossly  oversized  name  */ 
if  (len  > R I N G N A M E_M  A X L E N ) i 

i = ringFileLoglfile,  (union  RingObject  * ) N U L L , 
len,  fpos,  PG  P E R R_T  R 0 U B L E_N  AME2BIG); 
if  ( i < 0 ) 

goto  failed; 
goto  skipname; 

} 

buf  = r i n g R e s e r v e ( poo l , (si ze_t ) len); 
if  ( ! bu  f ) 

goto  fatal; 

size  = pgpFileRead(buf,  (size_t ) len,  fi  le  — >f) ; 
if  (size  !=  (si ze_t ) len) 
goto  readerr; 
pool->pktbuflen  = size; 

i = ringAddName(file,  Siter,  fpos); 
if  ( i < 0) 

goto  failed; 
skip  = i ; 

trustf  = 1; 

break; 

case  P KTB  Y T E_S I G : 

trustmissing  |=  trustf; 
trustf  = 1; 

if  (skip  & SKI P_S IG ) 
goto  skippkt; 
skip  = 0 ; 

if  (iter. level  < 1)  { /*  No  key  yet  - huh?  */ 

i = ringFileLoglfile,  (union  RingObject  *)NULL, 
0,  fpos,  PG  P E R R_T  ROUBLE_UNXSIG); 
if  ( i < 0) 

goto  failed; 
goto  skipsig; 

> 

if  (len  > R I N G S I G_M  A X L E N ) { /*  Sig  too  damn  big  */ 

i = r i ng F i l e Log ( f i l e , (union  RingObject  *)NULL, 
len,  fpos,  PGPERR_TR0UBLE_SIG2BIG); 
if  ( i < 0 ) 

goto  failed; 
goto  skipsig; 

> 

/*  Read  in  the  signature  for  future  analysis  */ 
buf  = r i ng Re s e r ve ( poo l , (si ze_t ) len) ; 
if  ( ! buf  ) 

goto  fatal; 

size  - pgpFileRead(buf,  (size_t)len,  fi  le  — >f) ; 
if  (size  !=  (si  ze_t  Hen) 
goto  readerr; 
pool->pktbuflen  = size; 


i = ringAddSig(file,  Siter,  fpos); 
if  ( i < 0) 
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# i f OLDTRUST 


goto  failed; 
skip  = i ; 
trustf  = 1; 

break; 

case  P KT  B Y T E_T  RUST: 

if  (! trustf)  { 

i = r i ng F i l eLog ( f i l e,  NULL,  len,  fpos, 

PG  P E R R_T  ROUBLE_UNXTRUST ) ; 

if  ( i < 0) 

goto  failed; 
goto  skippkt; 

> 

assertliter. level); 
trustf  = 0; 

if  (skip  S SKI P_T  RUST) 
goto  skippkt; 
skip  = 0 ; 

/*  If  not  a trusted  keyring,  ignore  trust  packets  */ 
if  (! trusted) 

goto  skiptrust; 

obj  = iter. stackLiter. level-id; 
i f (OBJ ISSEC(obj  ) ) i 

assert(iter.  level  >=  2 ) ; 

obj  = i t e r . s t a c k C i t e r . I e v e l -2 d ; 

} 

/*  Skip  bad  trust  packets  */ 
if  (len  !=  1)  { 

i = r i ng F i l eLog ( f i l e,  obj,  len,  fpos, 

P G P E R R_T R 0 U B L E_B  A D T R U S T ) ; 
goto  skippkt; 

} 

if  (pgpFileRead(Sc,  1,  fi  le  — >f)  !=  1) 

goto  readerr; 
i = c & 2 5 5 ; 

/*  Set  the  appropriate  flags  */ 
assert(  ! OBJ ISSEC (obj ) ) ; 
switch  ( r i n g 0 b j e c t Ty p e ( o b j ) ) { 
default: 

assert(O); 
case  R I N G T Y P E_KE  Y : 

tp  = Sobj->k.trust; 
break; 

case  R I N G T Y P E_N  A M E : 

tp  = &obj->n.trust; 
break; 

case  R I N G T Y P E_S I G : 

tp  = Sobj->s. trust; 
break; 

case  R I N G T Y P E_U  N K : 

tp  = Sobj->u.trust; 
break; 

} 

if  (ob j->g  . f lags  & R I N G OB  J F_T  RUST)  { 
if  ( i ! = * t p ) 
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trustdirty  = 1 ; 

> else  { 

* t p = (byte)i; 

obj->g. flags  |=  R I N G 0 B J F_T  RUST; 

> 

#else  /*  NEWTRUST  */ 

i f (OBJ  ISNAME(obj ) ) { 

/* 

* Name  trust  packets  can  be  up  to  3 bytes 

* long: 

* Byte  1:  old-style  trust  packet 

* Byte  2:  validity  of  name 

* Byte  3:  confidence  in  name  as  introducer 

*/ 

if  (len  < 1 ||  len  > 3)  { 

i = r i ng F i l e Log ( f i l e , obj,  len, 

fpos,  P G P E R R_T  R 0 U B L E_B  ADTRUST); 
goto  skippkt; 

> 

if  ( pgp F i l eRead ( &c , 1,  fi  le  — >f)  !=  1) 

goto  readerr; 
i = c & 255; 

/*  Default  trust  and  validity  bytes  */ 
switch  (i  S P G P_N  A M E T R U S T_M  ASK)  f 
case  PG  P_N  AMETRUST_COMPLETE : 

/ * j = pool->threshold;  * / 

j = pool->completeconfidence; 
break; 

case  P G P_N  A M E T R U S T_M  A R G I N A L : 

/ * j = pool->threshold/2;  * / 

j = pool->marginalconfidence; 
break; 
default : 

j = 0; 
break; 

} 

assert(OBJISKEY(obj->g.up)); 
k = obj->g.up->k. trust; 
switch  (k  S P G P_K  E Y T R U S T_M  ASK)  { 
case  PGP_KEYTRUS  T_U  L T I M A T E : 

k = P G P_N  E W T R U S T_I NFINITE; 
break; 

case  PG  P_K  E Y T R U S T_C  0 M P L E T E : 

k = pool->completeconfidence; 
break; 

case  P G P_K  E Y T R U S T_M  A R G I N A L : 

k = po o l ->ma r g i na  l c o n f i d e n c e ; 
break; 

case  PG  P_KE  Y T R U S T_U  NDEFINED: 

k = P G P_N  E W T R U S T_U  NDEFINED; 
break; 
default: 

k = 0; 
break; 

> 

if  (len  > 1 ) ( 

f i le->version  = PG P V E R S I 0 N_3 ; 

/*  Fetch  validity  */ 
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> else 


if  ( pgp Fi  L eRead ( &c  , 1,  fi Le  — >f)  !=  1) 

goto  readerr; 
j = c & 255; 
if  (Len  > 2)  f 

/*  Fetch  confidence  */ 
if  ( pg p F i l e R e a d ( & c , 1,  fi Le  — >f) 
! - 1 ) 

goto  readerr; 
k = c & 255; 

> 

> 

if  (obj->g  . f Lags  S R I N GOB J F_T R U S T ) { 
if  (i  !=  obj->n.  trust 

||  j !=  o b j -> n . va  l i d i t y 
||  k !=  o b j -> n . c on f i d e n c e 
||  ( Len  ==  1 ) ! = 

! NAMEHASNEWTRUST (&obj->n)  ) 
trustdi rty  = 1 ; 

> else  f 

obj->n. trust  = (byte)i; 
obj->n. validity  = (byte)j; 
obj->n. confidence  = (byte)k; 
obj->g. flags  |=  R I NGOB J F_T R U S T ; 
if  (len  > 1 ) 

NAMESETNEWTRUST (&obj->n); 
obj->n. valid  = ringTrustToIntern  ( j ) ; 

> 

{ /*  Not  a name  */ 

if  (len  ! = 1 ) { 

i = r i n g F i l e Log  ( f i l e , obj,  len, 

fpos,  PGPERR_TROUB  L E_B  ADTRUST); 
goto  skippkt; 

> 

if  ( pg p F i l e R e a d ( & c , 1,  fi  le  — >f)  !=  1) 

goto  readerr; 
i = c S 255; 

/*  Set  the  appropriate  flags  */ 
assert ( !OBJISSEC(obj  ) ); 
switch  ( r i n g Ob j e c t Ty pe ( o b j ) ) { 

default: 

assert(O) ; 
case  R I N G T Y P E_K  E Y : 

tp  = Sobj->k.trust; 
break; 

case  R I N G T Y P E_S I G : 

tp  = &obj->s.  trust; 
break; 

case  R I N G T Y P E_U  N K : 

tp  = &obj->u.  trust; 
break; 

> 

if  (ob j->g  . f lags  S R I N G OB J F_T RU S T ) { 
if  ( i ! = * t p ) 

trustdirty  = 1; 

> else  ( 

*tp  = (byte)i; 

obj->g. flags  |^  R I N G OB J F_T R U S T ; 
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ft  e nd  i f 


> 


break; 

> /*  switch  ( P KT  B Y T E_T  YPE(pktbyte) ) */ 


> /*  while  ((pktbyte  = p k t By t e G e t ( f i l e -> f ) ) > 0)  */ 


/* 
i f 


ioerror: 


> 


Okay,  we're  done  - handle  errors  in  pktByteGetC)  and  return  */ 
(pktbyte  < 0)  t 

len  = (word32)errno;  /*  Capture  before  *ANY*  libc  calls  */ 

★error  = pktbyte; 

i = r i ng F i l e Log ( f i l e , (union  RingObject  *)NULL,  len, 

fpos,  pktbyte)  ; 

if  ( i < 0) 

goto  failed; 

/ * A keyring  with  errors  is  *a  Iways*  dirty  * / 
dirty  = 1 ; 


/ * 

* Did  we  get  any  bad  trouble  reports?  "Dirty"  means  that 

* the  result  of  writing  out  the  RingFile's  set  will  not 

* be  the  same  as  the  original  file.  Some  troubles  don't 

* have  that  property. 

* / 


for 


> 


(trouble  = file->trouble;  trouble;  trouble  = trouble->next) 
if  (troubl  e->type  !=  P G P E R R_T R 0 U B L E_V E R S I 0 N_B U G_P R E V 
&&  troubl  e->type  !=  PG P E R R_T R OUB L E_0 L D S E C 
&&  troubl  e->type  !=  PG P E R R_T R OUB L E_N E W S E C 
&&  troubl  e->type  !=  P G P E R R_T R 0 U B L E_B A R E K E Y ) 


> 


break; 


if  (dirty  ||  trouble) 

ringPoolMarkDirty(pool,  mask); 
if  (trustdirty  ||  trustmissing  & 1) 

ringPoolMarkTrustChanged(pool,  mask); 


{ 


ringSortKeys(pool ); 
ringPoolListSigsBy(pool); 

return  file; 


/ * 

* Read  error:  figure  out  error  code  and  use  general  error 

* handler.  Not  fatal. 

* / 

readerr : 

/*  If  an  error,  or  neither  error  nor  eof  (i.e.  unknown),  error  */ 
len  = (word32)errno;  /*  Capture  before  * A N Y * libc  cals  * / 

if  ( pg p F i l e E r r o r ( f i l e-> f ) ||  ! pg p F i l e E o f ( f i l e-> f ) ) 

pktbyte  = PG P E R R_KE Y I 0_R E A D I NG ; 

else 

pktbyte  = PG P E R R_KE Y I 0_E 0 F ; 
goto  ioerror; 
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/ * 

* Fatal  errors:  undo  all  work  in  memory,  return  NULL, 

* * e r r o r is  non-zero. 

* / 

fatal: 

i = ringPoolError(pool)->error; 

failed:  /*  Generic  fatal  entry  point,  error  in  "i"  */ 

★error  = i; 

(void)ringFi leCloseCfi  le)  ; 
return  NULL; 

> 


/**  Keyring  writing  (this  is  a *lot*  simpler!)  **/ 


/ * 

* Write  out  the  trust  packet  for  an  object. 

* 


* This  is  generally  pretty  simple,  but  there  are 

* on  the  object  type  and  version,  and  there  is  a 

* writing  out  trust  on  signatures  on  keys  if  the 

* This  is  a PGP  2.x  compatibility  feature,  since 

* finds  a trust  packet  on  a key  signature. 

* / 


static  int 

ringCopyTrustCunion  RingObject  const 
PgpVersion  version) 


char  trustC3H; 
size_t  trust  len  = 1; 
int  i ; 


*ob  j , 


struct 


different  formats  based 
kludge  to  omit 
signature  is  good, 
that  chokes  if  it 


PgpFile  *f. 


switch  ( r i n g 0 b j e c t Ty pe ( o b j ) ) { 
case  R I N G T Y P E_KE  Y : 

trustCO]  = (char)obj->k. trust; 
break; 

case  R I N G T Y P E_S  E C : 

trustCOd  = (char)obj->g.up->k. trust; 
break; 

case  R I N G T Y P E_N  A M E : 

/* 

* Names  have  1 to  3 bytes  of  trust.  The  first  byte 

* is  a 2 . x-compati ble  trust  byte.  The  second  is 

* a validity  value  (how  sure  are  we  that  this  name 

* is  correct  - computed),  and  the  third  is  a confidence 

* in  the  named  individual  as  an  introducer. 

* 

* Note:  If  we  are  requested  to  write  out  a pre-PGP  3.0 

* keyring,  the  name  validity  is  not  converted  back  to 

* an  old  KEYLEGIT  value.  We  could  do  this,  but  it's 

* better  that  a maintenance  pass  is  run  prior  to 

* using  such  a keyring. 

* aaa  Is  this  really  the  best  way  to  handle  it? 

* / 

trustLOd  = (char)obj->n.  trust; 

# i f ! OLDTRUST 

if  (version  >=  PG P V E R S I 0 N_3 ) { 

trustCId  = (char)obj->n. validity; 
trustC2d  = (char)obj->n.  confidence; 
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#end i f 


> 


trust  Len  = 3; 

> 

break; 

case  R I N G T Y P E_S I G : 

/* 

* 2.x  compatibility  kludge:  Don't  write  trust 

* on  good  compromise  certificates.  PGP  2.x 

* maintenance  dies  (assert  fail)  if  it  finds 

* trust  packets  on  key  sigs. 

* / 

trustCO]  = (char)obj->s.trust; 
if  (version  < PG PV E R S I 0 N_3 

&&  0 B J I S K E Y ( o b j - > g . u p ) &&  obj->g.up  ==  obj->s.by 
&&  obj->s.type  ==  PG P_S I G T Y P E_KE Y_C OM P R OM I S E ) 
return  0; 

break; 
default  : 

assert(O); 

> 

i = pktBytePut ( f , P KT B Y T E_B U I L D ( P KT B Y T E_T R U S T , 0),  trustlen); 
if  ( i < 0) 

return  i; 

if  ( pg p F i l eW r i t e ( t r u s t , trustlen,  f)  !=  trustlen) 
return  P G P E R R_K E Y I 0_W R I T I N G ; 
return  0; 


/* 

* Copy  the  packet  to  the  given  file.  If  "trust"  is  non-negative, 

* it  is  appended  as  a trust  packet.  If  "file"  is  non-NULL  and  the 

* write  is  successful,  the  location  in  that  file  is  listed  as  a 

* position  for  the  object. 

* 

* This  function  is  careful  to  not  add  a FilePos  to  the  object  until 

* it  is  known  to  be  completely  written  out. 

*/ 

static  i n t 

r i ng C o py 0 b j e c t ( s t r u c t RingSet  const  *set,  union  RingObject  *obj, 
struct  PgpFile  *f,  int  wri  tetrust,  PgpVersion  version, 
struct  RingFile  *file) 

{ 

void  const  * b u f ; 
s i z e_t  len; 
int  i ; 

byte  pktbyte; 

long  pos  = 0;  / * Initialized  to  suppress  warnings  * / 

static  int  const  p k t by t e s [ R I N G T Y P E_M AX d = L 
P KT  B Y T E_B  UILD(PKTBYT  E_P  U B KE  Y , 1 ) , 

P KT  B Y T E_B  UILD(PKTBYTE_SECKEY,  1 ), 

P KT  B Y T E_B  UILD(PKTBYT  E_N  A M E , 0), 

P KT  B Y T E_B  UILD(PKTBYTE_SIG,  1) 

> ; 

buf  = ringFetchObject(set,  obj,  Slen); 
if  ( ! bu  f ) 

return  ringSetError(set)->error; 
if  (file)  ( 
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> 


> 


pos  = pgpFileTell(f); 
if  (pos  ==  -1) 

return  PG P E R R_KE Y I 0_F T E L L ; 


i = ringObjectType(obj); 

assertCi  > 0 SS  i <=  R I N G T Y P E_M A X ) ; 

i f (OBJ ISSUBKEY (obj  ) ) 

pktbyte  = P KT  B Y T E_B  UILD(PKTBYT  E_P  UBSUBKEY,  1); 
else  if  (OBJISSEC(obj  ) &&  OB J I S S UBKE Y ( o b j -> g . u p ) ) 

pktbyte  = PKTB Y T E_BU I L D ( PKTB Y T E_S E C S UBKE Y , 1); 

else 

pktbyte  = (i  ==  R I N G T Y P E_U NK ) ? obj->u. pktbyte  : pktbytesCi-IH; 

i = p k t By t e Pu t ( f , pktbyte,  ten); 
if  ( i < 0) 

return  i ; 

if  ( pg p F i l eW r i t e ( bu f , Len,  f)  !=  Len) 
return  P G P E R R_K E Y I 0_W R I T I N G ; 
if  (wri tetrust  ) ( 

i = ringCopyTrust(obj,  f,  version); 
if  ( i < 0 ) 


/*  All  successful  - add  to  file  */ 

return  file  ? ringAddPos(obj,  file,  (word32)pos)  : 0 ; 


i n t 

r i n g S e t W r i t e ( s t r u c t RingSet  const  *set,  struct  PgpFile  *f, 

struct  RingFile  **filep,  PgpVersion  version,  int  flags) 
t 

struct  RingFile  * f i l e ; 
struct  Ringlterator  * i t e r ; 
union  RingObject  *obj,  * s e c ; 
unsigned  level; 
ringmask  mask; 
int  i ; 

int  wri tetrust; 


assert(f); 


if  ( f i l e p ) ( 

/*  Set  up  a RingFile  to  add  to  */ 
assert(f); 

a s s e r t ( ! ( s e t -> poo  l -> f i l ema s k & "set->pool->a  l locmask)  ) ; 

i = ringBitAlloc(set->pool); 
if  (i  < 0)  C 

* f i l e p = (struct  RingFile  *)0; 
return  P G P E R R_N 0_K E Y B I T S ; 

> 

assert ( i < MEMRINGBIT); 

file  = Sset->pool->filesCiIl; 
mask  = (ringmask)l  <<  i; 
assert (fi le->set .mask  ==  mask); 
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> 


a s s e r t ( ! ( s e t -> po o L -> f i L e ma s k & mask)); 

set->pool->filemask  |=  mask; 
set->poo L->a  l locmask  |=  mask; 

assertC  ! fi  le->set.next) ; 

f i L e - > f = f ; 

file->destructor  = NULL; 
file->arg  = 0; 

*filep  = NULL;  /*  For  now,  to 

> else  { 

file  = NULL; 
mask  = 0 ; 

> 


/*  May  be  set  Later  */ 
be  fixed  Later  * / 


iter  = ringlterCreate(set); 
if  (liter)  { 

r i ng F i L eC L ose ( f i L e ) ; /*  Okay  for  f i L e to  be  NULL  */ 

return  ringSetError(set)->error; 

> 

/*  Okay,  the  main  Loop  */ 

L e v e L = 1 ; 

wri tetrust  = 0;  / * SiLence  warnings  * / 


w h i L e 


( ( i = r i n g 1 1 e r N e x t 0 b j e c t Any w h e r e ( i t e r ) ) > 0)  { 

obj  = ringlterCurrentObjectCiter,  (unsigned)i); 
assert (obj  ) ; 
if  (OBJ ISKEYCob j ) ) < 


wri tetrust  = fLags  & PG P_W R I T E T R U S T_P U B ; 
sec  = ringBestSec(set,  obj); 
if  (sec)  L 


> e L s e 

> 


obj  = sec;  / * Write  out  the  sec  */ 

if  (OBJISTOP(obj)) 

writetrust  = f L a g s S PG P_W R I T E T R U S T_S E C ; 

> 

if  (OBJ  ISSEC (ob j ) ) { 
continue; 


i = ringCopyObject(set,  obj,  f,  writetrust,  version,  f i L e ) ; 
if  ( i < 0) 


break; 

> /*  whiLe  r i n g 1 1 e r n e x t Ob j e c t A ny w h e r e */ 
ringlterDestroy(iter); 

/ * 

* If  we  broke  out  on  error,  cLose  the  output 

* the  partiaL  f i L e open,  as  a L L the  pointers 

* Is  that  useful? 

* / 

if  (i  < 0 SS  f i L e ) 

ringFi LeCLose(fi Le); 
eLse  if  (fiLep) 

*fiLep  = f i L e ; 

return  i ; 


fiLe.  We  couLd  Leave 
that  exist  are  vaLid. 
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/ * 

* Bring  an  object  into  the  MEMRING. 

*/ 

static  i n t 

r i n g C a c h e 0 b j e c t ( s t r u c t RingSet  *set,  union  RingObject  *obj) 

{ 

byte  *bu  f ; 
byte  const  *pktbuf; 
s i z e_t  b u f l e n ; 
struct  MemPool  cut; 
struct  RingFile  *file; 
i n t err; 

/*  Do  nothing  if  already  there  */ 
if  (obj->g.mask  & MEMRINGMASK)  C 
return  0; 

> 

/*  Get  the  object  into  the  pktbuf  */ 

pktbuf  = (byte  const  OringFetchObject  (set,  obj,  Sbuflen); 
if  (Ipktbuf)  ( 

return  ringSetError(set)->error; 

> 

/*  Allocate  space  in  memory  ringfile  */ 
file  = &set->pool->fi  lesCMEMRINGBITU; 
cut  = file->strings; 

buf  = (byte  *)memPoolAlloc(&file->strings,  (unsigned)buflen,  1 ) ; 
if  ( ! buf)  { 

return  PG P E R R_N 0M E M ; 

> 

/*  Copy  to  memory  file  buffer  */ 
memcpy(buf,  pktbuf,  buflen); 

/*  Add  the  FilePos  */ 

err  = r i n g Ad d P o s ( o b j , file,  ( w o r d 3 2 ) b u f l e n ) ; 
if  (err  < 0)  C 

memPoolCutBack(&fi  le->stri ngs.  Scut); 
return  ringSetError(set)->error; 

> 

ringFilePos(obj,  file)->ptr.buf  = buf; 
return  0; 

> 

/ * 

* Bring  the  ancestors  of  an  object  into  the  MEMRING. 

* 

* When  we  create  a new  object  using  the  routines  below,  it  is  necessary 

* that  any  parents  of  the  object  be  brought  into  the  MEMRING.  This  is 

* so  that  we  can  maintain  our  global  invariant  that  all  of  an  object's 

* ancestors  are  in  all  sets  that  the  object  is  in. 

* / 

static  int 

ri  ngCacheParents  (struct  RingSet  *set,  union  RingObject  *obj) 

{ 

int  err; 
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if  (OBJISTOP(obj))  f 
return  0 ; 

> 

do  { 

obj  = obj->g.up; 

err  = r i n g C a c h e Ob j e c t ( s e t , obj); 
if  (err  < 0 ) 

return  err; 

> while  (lOBJISTOP(obj)); 
return  0; 

> 


/* 

★ 

* Create  a new  name  in  a mutable  RingSet. 

* 

* This  is  example  code.  Modifying  it  a bit  is  probably  a good  idea. 

* / 

union  RingObject  * 

r i ng C r e a t e N a me ( s t r u c t RingSet  *dest,  union  RingObject  *key, 
char  const  *str,  si ze_t  len) 

struct  Ringlterator  iter; 
struct  MemPool  cut; 
struct  RingFile  * f i l e ; 
byte  *pktbuf,  *buf; 
i n t i ; 

assert(RINGSETISMUTABLE(dest)); 
assertCOBJISKEY(key) ); 
assert(key->g.mask  & dest->mask); 

iter. set  = *dest; 

if  (len  >=  R I N G N A M E_M  A X L E N ) { 

ringSimpleErr(dest->pool,  PG P E R R_T R 0U B L E_N AM E 2 B I G ) ; 
return  NULL; 

> 

pktbuf  = (byte  *)ringReserve(dest->pool,  len); 
if  ( ! pktbuf ) C 

ri ngAl  locErr(dest->pool ) ; 
return  NULL; 

> 

/*  Add  to  memory  file  */ 

file  = &dest->pool->filesCMEMRINGBITl; 
cut  = f i l e-> s t r i ng s ; 

buf  = (byte  * ) m em P o o l A l l o c ( S f i l e-> s t r i n g s , (unsigned)  len,  1); 
if  ( ! bu  f ) f 

ri ngAl  locErr(dest->pool ); 
return  NULL; 

> 


memcpy(pktbuf,  str,  len); 
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dest->pool->pktbuflen  = len; 
iter.stackCO]  = key; 
iter. Level  = 1 ; 

i = ringAddNameCfile,  S i t e r , (word32)len); 

assertCi  < 0 ||  iter. Level  = = 2);  / * error  or  object  created  * / 

/*  ringAddName  returns  <0  on  error,  and  >0  on  duplicate!  */ 
if  ( i ! = 0)  { 

memPoolCutBackCSfi le->strings.  Scut); 
return  i < 0 ? NULL  : iter.stackEID; 

> 

/*  Make  sure  name's  parent  key  is  in  the  MEMRING  too  */ 
i = ringCacheParentsCdest,  iter.stackClD); 
if  (i  < 0)  C 

memPoolCutBackCSfi le->strings.  Scut); 
return  NULL; 

> 

/*  Okay,  success  - we  can't  fail  */ 

/ * 

* Remember  that  the  memory  pool's  FilePos  pointers  are  a bit 

* wierd.  Instead  of  pos->ptr . next,  we  have  pos->pt r . buf , 

* a pointer  to  a buffer  holding  the  object.  And  pos->fpos 

* is  the  length  of  the  object.  That  is  already  filled  in 

* by  r i ng AddName ( ) , but  the  ptr->buf  needs  to  be  done 

* explicitly.  (The  r i ng AddName ( ) code  is  optimized  for 

* the  readi ng-f rom-a-f i le  case,  since  that's  by  far  the 

* most  common  one.) 

*/ 

memcpyCbuf,  str,  len); 

ringFi lePos(iter.stackC1d,  f i l e ) ->pt r . buf  = buf; 

/*  Ta-dah!  */ 
return  iter.stackCI]; 

> 

/* 

* Create  a new  signature  object  in  a mutable  RingSet. 

* / 

union  RingObject  * 

ringCreateSig(struct  RingSet  *dest,  union  RingObject  *obj, 
byte  *sig,  si ze_t  siglen) 

{ 

struct  Ringlterator  iter; 
struct  MemPool  cut; 
struct  RingFile  *file; 
union  RingObject  *newsig; 
byte  *pktbuf,  *buf; 
i n t i ; 

assert(RINGSETISMUTABLECdest)); 
assert(obj->g.mask  S dest->mask); 

iter. set  = *dest; 

iter. set. type  = R I N G S E T_I T E R A T 0 R ; /*  kludge  for  ringlterSeekToC)  */ 
assert  (ringlterSeekToCSiter,  obj)  >=  0); 
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if  (siglen  >=  R I N G S I G_M AX L E N ) { 

ringSimpleErr(dest->pool,  PGPER  R_T  R 0 U B L E_S I G2B  I G ) ; 
return  NULL; 

> 

pktbuf  = (byte  *)ringReserve(dest->pool,  siglen); 
if  (!  pktbuf  ) { 

ringAllocErr(dest->pool); 
return  NULL; 

> 

/*  Add  to  memory  file  */ 

file  = &dest->poo  l->f i l e s [ M E M R I NGB  I T T ; 

cut  = file->strings; 

buf  = (byte  *)memPoolAlloc(&file->strings,  (unsigned)siglen,  1); 
if  ( ! buf  ) { 

ringAllocErr(dest->pool); 
return  NULL; 

> 

memcpy(pktbuf,  sig,  siglen); 
dest->pool->pktbuflen  = siglen; 
i = ringAddSig(file,  Siter,  (word32)siglen); 
newsig  = iter.stackliter.  level  - ID; 

/*  ringAddSig  returns  <0  on  error,  and  >0  on  duplicate!  */ 
if  ( i ! = 0)  { 

memPoolCutBack(Sfi  le->strings,  Scut); 
return  i < 0 ? NULL  : newsig; 

> 

/*  Make  sure  sig's  parent  objects  are  in  the  MEMRING  too  */ 
i = ringCacheParents(dest,  newsig); 
if  ( i < 0 ) { 

memPoolCutBack(&fi  le->strings,  S c u t ) ; 
return  NULL; 

> 

/*  Okay,  success  - we  can't  fail  */ 

/* 

* Remember  that  the  memory  pool's  FilePos  pointers  are  a bit 

* wierd.  Instead  of  pos->pt r . next , we  have  pos->pt r . buf , 

* a pointer  to  a buffer  holding  the  object.  And  pos->fpos 

* is  the  length  of  the  object.  That  is  already  filled  in 

* by  r i ng AddName ( ) , but  the  ptr->buf  needs  to  be  done 

* explicitly.  (The  r i ng AddName ( ) code  is  optimized  for 

* the  r e a d i n g - f r om-a - f i l e case,  since  that's  by  far  the 

* most  common  one  . ) 

* / 

memcpy(buf,  sig,  siglen); 

r i n g F i l e Po s ( n e w s i g , f i le)->pt r . buf  = buf; 
return  newsig; 

} 


/ * 

* Create  a new  public  key  in  a mutable  RingSet.  To  create  a 

* public/secret  key  pair,  use  ringCreateSec  . That  is  normally 


901 


lib/ pgp/keys/ ringread.c 


* the  routine  to  use,  not  this  one. 

*/ 

union  RingObject  * 

ringCreateKeyCstruct  RingSet  *dest,  union  RingObject  *parent, 

struct  PgpPubKey  const  *key,  struct  PgpKeySpec  const  *ks,  byte  pkalg) 

{ 

struct  Ringlterator  iter; 
struct  MemPool  cut; 
struct  RingFile  * f i l e ; 
union  RingObject  *newkey; 
byte  *pktbuf,  * b u f ; 
si ze_t  Len,  prefixlen; 
byte  pkttype; 
i n t i ; 

assert(RINGSETISMUTABLE(dest)); 

prefixlen  = ringKeyBufferLengthCks,  pkalg); 
len  = prefixlen  + p g p P u b K e y B u f f e r L e n g t h ( k e y ) ; 
if  (len  >=  R I N G K E Y_M  A X L E N ) { 

ringSimpleErr(dest->pool,  PGPER  R_T R 0 U B L E_K E Y 2 B I G ) ; 
return  NULL; 

> 

/*  Add  to  pktbuf  for  compatibility  with  other  routines  */ 
pktbuf  = (byte  *)ringReserve(dest->pool,  len); 
if  (Ipktbuf)  { 

ri ngAl  locErr(dest->pool  ) ; 
return  NULL; 

> 

ringKeyToBuffer(pktbuf,  ks,  pkalg); 
pgpPubKeyToBuffer(key,  pktbuf+prefixlen); 
dest->pool->pktbuflen  = len; 

/*  Add  to  memory  file  as  permanent  home  for  data  */ 
file  = &dest->pool->f i lesCMEMRINGBIT]; 
cut  = file->strings; 

buf  = (byte  *)memPoolAlloc(&file->strings,  (unsigned)len,  1); 
if  ( ! buf  ) ( 

ringAllocErr(dest->pool); 
return  NULL; 

> 


memcpy(buf,  pktbuf,  l 

e n ) ; 

/*  Set  iter  to  point 

at  beginning 

iter. set  = *dest; 

if  (parent)  ( 

iter.stackCO] 

= parent; 

iter. level  = 

i; 

> else  { 

iter,  level  = 

0; 

> 

pkttype  = parent  ? PKTBYTE_PUBSUBKEY  : P KT B Y T E_P U B K E Y ; 
i = ringAddKey(file,  Siter,  (word32)len,  1/*trusted*/,  pkttype); 
/*  ringAddKey  returns  <0  on  error,  and  >0  on  duplicate!  */ 
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assert  ( i < 0 ||  (int)iter. level  = = 1 + (parent  !=  NULL)); 
if  (i  !=  0)  { 

memPoolCutBackCSfi  le->strings,  Scut); 
return  i < 0 ? NULL  : i t e r . s t a c k [ 1 ] ; 

> 

/*  Set  buffer  pointer  in  FilePos  */ 
newkey  = iter.stackCOd; 
assert(OBJISKEYCnewkey) ); 

ringFi LePosCnewkey,  file)->ptr.buf  = buf; 

/*  Put  key  into  right  place  in  key  ring  (sorted  by  keylD)  */ 
ringSortKeys(fi  le->set.pool); 

return  newkey; 

> 

/* 

* Create  a new  public/secret  keypair.  Return  pointer  to  the  RingKey  object, 

* which  will  be  followed  by  a RingSec. 

*/ 

union  RingObject  * 

ringCreateSec(struct  RingSet  *dest,  union  RingObject  *parent, 

struct  PgpSecKey  const  *sec,  struct  PgpKeySpec  const  *ks,  byte  pkalg) 

{ 

struct  Ringlterator  iter; 

struct  MemPool  cut; 

struct  RingFile  * f i l e ; 

union  RingObject  *newkey,  *newsec; 

byte  *pktbuf,  * b u f ; 

si ze_t  len,  prefixlen; 

byte  pkttype; 

i n t i ; 

assert(RINGSETISMUTABLE(dest)); 

prefixlen  = ringSecBufferLength(ks,  pkalg); 
len  = prefixlen  + pgpSecKeyBufferLength(sec); 
if  (len  >=  R I N G S E C_M  A X L E N ) { 

ringSimpleErr(dest->pool,  PG P E R R_T R OU B L E_S E C 2 B I G ) ; 
return  NULL; 

> 

/ * Add  to  pktbuf  for  compatibility  with  other  routines  */ 
pktbuf  = (byte  *)ringReserve(dest->pool,  len); 
if  (ipktbuf)  { 

ri ngAl  locErr(dest->pool  ); 
return  NULL; 

> 

ringSecToBuffer(pktbuf,  ks,  pkalg); 
pgpSecKeyToBuffer(sec,  pktbuf+prefixlen); 
dest->pool->pktbuflen  = len; 

/*  Add  to  memory  file  as  permanent  home  for  data  */ 
file  = Sd e s t -> po o l - > f i l e s C M E M R I N G B I T D ; 
cut  = file->strings; 
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buf  = (byte  *)memPoolAlloc(Sfile->strings,  (unsigned)  len,  1); 
if  ( ! bu  f ) f 

ringAllocErr(dest->pool); 
return  NULL; 

> 

memcpyCbuf,  pktbuf,  Len); 


/ * Set  iter  to  point 
iter. set  = *dest; 
if  (parent)  { 

a t 

beginning  */ 

iter.stackCOD 

= 

parent; 

iter. level  = 

> else  { 

i; 

iter,  level  = 

0; 

pkttype  = parent  ? PKT B Y T E_S E C S UBKE Y : P KT B Y T E_S E C KE Y ; 

/ * 

* Clear  trouble  list  so  we  can  distinguish  duplicate  keys  from 

* duplicate  sigs 

* / 

ringFi  LePurgeTroubleCfi  l e ) ; 

/*  Create  the  secret  object  and  the  parent  key  */ 
i = ringAddSecCfile,  &i ter,  (word32)len,  pkttype)  ; 


/*  ringAddSec  returns  <0  on  error,  and  >0  on  duplicate!  */ 
assertCi  < 0 ||  (int)iter.  level  ==  2 + (parent  !=  NULL)); 


if  ( i 


> 

if  ( i 


> 


> 


0)  { 

struct  RingTrouble  const  *trouble  = ringFi  leTrouble(file); 
assert  (trouble); 

/ * 

* If  this  sec  was  a dup,  just  return  it;  if  it  was 

* something  else  it  was  probably  a duplicate  key  and 

* so  we  can  ignore  it  and  use  the  new  mempool  data 
*/ 


if  ( t roub  l e->type  ==  PG P E R R_T ROUB L E_D U P S E C ) C 
memPoolCutBack(&fi le->strings,  &cut); 
return  iter.stackLID; 


> 


< 0)  { 

memPoolCutBack(Sfi  le->strings.  Scut); 
return  NULL; 


/*  Set  buffer  pointer  in 
newkey  = i t e r . s t a c k C i t e r . 
assert(OBJISKEY(newkey)); 
newsec  = i t e r . s t a c k C i t e r . 
assert(OBJISSEC(newsec)); 
r i n g F i l e Po s ( n e w k e y , file) 
ringFi  lePos(newsec,  file) 


F i l e Po  s * / 

level 

-2d; 

level 

-id; 

->pt  r 

.buf  = 

->  p t r 

.buf  = 

bu  f ; 
buf; 


/*  Put  key  into  right  place  in  key  ring  (sorted  by  keylD)  */ 
ringSortKeys(fi le->set.pool); 
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> 


return  newkey; 


/* 

* Takes  a name  and  moves  it  to  the  front 

* key.  Normally  ri ngCreateName  puts  the 

* move  it  up. 

* / 
i n t 

r i ng Ra i s eName ( s t r u c t RingSet  *dest,  union 
{ 


union  RingObject  * k e y ; 
union  RingObject  **np,  * * n p 1 ; 


of  the  list  of  names 
new  name  at  the  end; 


RingObject  *name) 


on  a 
this 


can 


assert  (RINGSETISMUTABLE(dest)); 

assert  ( 0 B J I S N A M E ( n a m e ) ) ; 

assert  (name->g.mask  & dest->mask); 

assert  (!0BJIST0P(name)); 

key  = name->g . up; 

assert  (OBJISKEY(key)); 


/* 

Guaranteed  to  hit  at  least  one 

name. 

ours  * / 

np 

= &key->g.down; 

w h i 

le  ( ! ( d e s t -> ma s k & (*np)->g. 

mask  && 

OB J I SNAME ( *np  ) ) ) { 

> 

np  = S(*np)->g.next; 

/ * 

Continue  till  we  hit  pointer 

t 0 

our 

name  */ 

n p 1 

= np; 

w h i 

le  ( *np1  !=  name) 

npl  = &(*np1)->g.next; 

/ * 

Swap  if  not  already  first  */ 

i f 

(np  !=  npl)  { 

*np1  = name->g.next; 

/* 

Delete  name  f 

rom  the  list  */ 

name->g.next  = *np; 

/ * 

Set 

its  tail 

pointer  as  *np  */ 

*np  = name; 

/* 

Insert  it  in 

new  spot  * / 

> 

return  0; 


/* 

* Signs  an  object  (and  its  parents);  then  deposits  the  new  signature 

* object  in  place  on  the  set. 

*/ 


i n t 

ringSignObjectCstruct 

struct 


{ 


RingSet  *set,  union  RingObject  *obj, 

PgpSigSpec  *spec,  struct  Pg p Ra nd omC o n t e x t const 


byte  * s i g ; 
i n t s i g l e n ; 

union  RingObject  *sigobj; 


* r c ) 


siglen  = pgpMakeSigMaxSize  (spec); 
sig  = (byte  *)pgpMemAlloc  (siglen); 


siglen  = ringSignObj  (sig,  set,  obj,  spec,  rc); 
if  (siglen  < 0)  ( 
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pgpMemFree  (sig); 
return  siglen; 

> 

if  (Isiglen)  f 

pgpMemFree  (sig); 
return  P G P E R R_N 0 M E M ; 

} 

sigobj  = ringCreateSig  (set,  o b j , sig,  siglen); 

s i gob j ->s  . t rust  = P G P_S I G T R U S T F_C H E C KE D_T R I E D | P G P_K E Y T R U S T_C 0 M P L E T E ; 
pgpMemFree  (sig); 

return  sigobj  ? 0 : PG P E R R_N0M E M ; 

> 

/ * 

* Given  a seckey,  two  mutable  ringsets,  and  some  other  information, 

* create  the  ring  objects  and  put  them  on  the  appropriate  ringsets. 

* Then  self-sign  the  pubkey. 

*/ 

i n t 

ringCreateKeypai r (struct  PgpEnv  const  *env,  struct  PgpSecKey  *seckey, 

struct  PgpKeySpec  const  *keyspec, 

char  const  *name,  size_t  namelen, 

struct  Pg p R a nd om C on t e x t const  *rc, 

struct  RingSet  *pubset,  struct  RingSet  *secset) 

{ 

union  RingObject  *keyobj,  *nameob j ; 
struct  PgpSigSpec  * s i g s p e c = NULL; 
int  error  = 0; 

#define  CHECKRETVAL(val,  err)  if  (val)  ( error  = err;  goto  cleanup;  > 

/*  SECRET  KEY  stuff  */ 

keyobj  = r i n g C r e a t e S e c (secset,  NULL,  seckey,  keyspec,  s e c k e y-> p k A l g ) ; 

CHECKRETVAL  (ikeyobj,  P G P E R R_N 0 M E M ) ; 

assert(OBJISKEY(keyobj)); 

memcpy(seckey->keyID,  keyobj->k.keyID,  sizeof(keyobj->k.keyID)); 
nameobj  = ringCreateName  (secset,  keyobj,  name,  namelen); 

CHECKRETVAL  (Inameobj,  P G P E R R_N 0 M E M ) ; 

/*  PUBLIC  KEY  stuff  */ 

error  = r i n g S e t A d d 0 b j e c t (pubset,  keyobj); 

CHECKRETVAL  (error,  error); 

error  = ringSetAddObject  (pubset,  nameobj); 

CHECKRETVAL  (error,  error); 

/*  Self-Sign  the  new  pubkey  */ 

if  ( p g p Ke y U s e ( p g p P k a l g By N u m b e r ( s e c k e y- > p k A l g ) ) & P G P_P KU S E_S I G N ) ( 
sigspec  = p g p S i g S p e c C r e a t e (env,  seckey, 

PGP_SIGTYPE_KEY_POSITIVE ) ; 
CHECKRETVAL  ('.sigspec,  P G P E R R_N  0 M E M ) ; 

error  = ringSignObject  (pubset,  nameobj,  sigspec,  rc); 

> 

/*  This  sets  both  key  and  name  trust  */ 
ringKeySetAxiomatic(pubset,  keyobj); 

cleanup: 
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> 


if  (sigspec) 

pgpSigSpecDestroy  (sigspec); 
return  error; 


/* 


* Given  a seckey,  two  mutable  ringsets,  and  some  other  information, 

* create  subkey  ring  objects  and  put  them  on  the  appropriate  ringsets. 

* Then  sign  the  pubkey  using  the  master  signature  key. 

* seckey  is  the  secret  key  coresponding  to  the  master  signature  key, 

* subseckey  is  the  secret  key  to  be  used  for  creating  the  new  subkey. 
*/ 


i n t 

ringCreateSubkeypair  (struct  PgpEnv  const  * e n v , struct  PgpSecKey  *seckey, 
struct  PgpSecKey  *subseckey,  struct  PgpKeySpec  const  *keyspec, 
struct  Pg p R a n d om C o n t e x t const  *rc, 
struct  RingSet  *pubset,  struct  RingSet  *secset) 


union  RingObject  *keyobj; 
union  RingObject  *subkeyobj; 
struct  PgpSigSpec  * s i g s p e c ; 
int  error; 


/*  Get  keyobj  for  the  master  key  */ 

keyobj  = ringKeyById8(secset,  seckey->pkAlg,  seckey->keyID); 
assert(keyobj); 


> 


/*  Create  the  subkey  object  on  the  secret  keyring  */ 
subkeyobj  = ri ngCreateSec  (secset,  keyobj,  subseckey, 

keyspec,  subseckey->pkAlg); 


if  ( ! subkeyobj  ) 

return  P G P E R R_N 0 M E M ; 

memcpy(subseckey->keyID,  subkeyobj->k. keylD, 
sizeof(subkeyobj->k.keyID)); 


/*  Add  it  to  the  public  keyring  */ 

error  = ringSetAddObject  (pubset,  subkeyobj); 

if  (error) 

return  error; 

/*  Sign  the  encryption  key  with  the  master  signature  key  */ 
sigspec  = pg p S i g S p e c C r e a t e (env,  seckey,  PG P_S I GT Y P E_KE Y_S UBKE Y ) ; 
if(lsigspec) 

return  PG P E R R_N OM EM ; 

error  = ringSignObject  (pubset,  subkeyobj,  sigspec,  re); 
pgpSigSpecDestroy  (sigspec); 
if  (error) 

return  error; 

ringKeySetAxiomati c (pubset,  subkeyobj ); 
return  0;  /*  success  */ 
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ringread.h 

/ * 

* $ I d : ringread.h, v 1.29  1996/11/12  02:17:54  mhw  Exp  $ 

* / 

//ifndef  PG P_R I N G R E A D_H 
//define  PG P_R I NG R E A D_H 

^include  <stdio.h>  /*  For  si ze_t  */ 

//include  " pg  p / u s u a l s . h " 

union  RingObject; 

# i f nde  f T Y P E_R I N G OB J E C T 

//define  T Y P E_R I N G 0 B J E C T 1 

typedef  union  RingObject  RingObject; 

# e nd  i f 

struct  RingPool; 

//  i f nd  e f T Y P E_R I NG POO L 

//define  T Y P E_R  I N G P0  0 L 1 

typedef  struct  RingPool  RingPool ; 

# e n d i f 

struct  RingSet; 

//ifndef  T Y P E_R  I N G S E T 

//define  T Y P E_R I N G S E T 1 

typedef  struct  RingSet  RingSet; 

//  e n d i f 

struct  PgpKeySpec; 

//ifndef  T Y P E_P  G P K E Y S P E C 

//define  T Y P E_P  G P K E Y S P E C 1 

typedef  struct  PgpKeySpec  PgpKeySpec ; 

U e n d i f 

struct  PgpSigSpec; 

//ifndef  T Y P E_PG  P S I G S P E C 

//define  T Y P E_P G P S I G S P E C 1 

typedef  struct  PgpSigSpec  PgpSigSpec; 

//end  i f 

struct  PgpRandomContext; 

//ifndef  T Y P E_P  G P R A N D 0 M C 0 N T E X T 
//define  TYPE_PGPRANDOMCONTEXT  1 

typedef  struct  PgpRandomContext  PgpRandomContext; 

U e n d i f 

/*  Semi-public  (you  can  use  this,  but  probably  don't  want  to)  */ 
void  const  * 

r i n g F e t c h 0 b j e c t ( s t r u c t RingSet  const  *set,  union  RingObject  *obj 
s i z e_t  * l e n p ) ; 

/ * Public  * / 

struct  RingFile  * r i n g F i l e 0 p e n ( s t r u c t RingPool  *pool,  struct  PgpF 
int  trusted,  int  *error); 
void  ringFileSetDestructorCstruct  RingFile  *file, 

void  (*destructor) (struct  RingFile  *,  struct  PgpFile  *, 


i l e * f , 

void  * ) , 
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void  *arg); 

void  ringFi LeHighPri (struct  RingFile  * f i l e ) ; 
void  ringFi  LeLowPri (struct  RingFile  * f i l e ) ; 


struct  RingTrouble  C 

struct  RingTrouble  const  *next 
union  RingObject  * o b j ; / * The 


w o r d 3 2 num;  / * 

w o r d 3 2 fpos;  / * 

int  type;  / * 


pertinent 
An  integer  parameter. 
File  position  related 


object,  if  applicable 
if  applicable  * / 
to  the  error  * / 


* / 


PGPERR_  code  from  pgp/pgperr.h  */ 


ft  i f nde  f 
ft  d e f i n e 
typede  f 
ft  e n d i f 


TYPE_RINGTROUBLE 
TYPE_RINGTROUBLE  1 
struct  RingTrouble 


RingTrouble; 


struct  RingTrouble  const  * r i n g F i l eT r o u b l e ( s t r u c t RingFile  const  *file); 
void  r i n g F i l e Pu r g e T r o u b l e ( s t r u c t RingFile  *file); 

int  ringFi LeCheckClose(struct  RingFile  const  * f i l e ) ; 
int  ringFi  leCloselstruct  RingFile  * f i l e ) ; 

# d e f i n e P G P_W R I T E T R U S T_P U B 1 

^define  PG P_W R I T E T R U S T_S E C 2 

int  ringSetWri telstruct  RingSet  const  *set,  struct  PgpFile  *f, 

struct  RingFile  * * f i l e p , PgpVersion  version,  int  flags); 

union  RingObject  * r i n g C r e a t e N a m e ( s t r u c t RingSet  *dest,  union  RingObject  *key, 
char  const  *str,  si ze_t  len); 

union  RingObject  *ri ngCrea teS i g ( s t ruct  RingSet  *dest,  union  RingObject  *obj, 
byte  *sig,  si ze_t  si  glen); 

union  RingObject  * r i n g C r e a t e Key ( s t r u c t RingSet  *dest,  union  RingObject  *parent, 
struct  PgpPubKey  const  *key,  struct  PgpKeySpec  const  * k s , byte  pkalg); 
union  RingObject  *ringCreateSec(struct  RingSet  *dest,  union  RingObject  ^parent, 
struct  PgpSecKey  const  * s e c , struct  PgpKeySpec  const  *ks,  byte  pkalg); 
int  ringRaiseNamelstruct  RingSet  * d e s t , union  RingObject  * n a m e ) ; 

int  r i ng S i g n 0 b j e c t ( s t r u c t RingSet  *set,  union  RingObject  *obj, 

struct  PgpSigSpec  *spec,  struct  PgpRandomContext  const  * r c ) ; 


int  ri ngCreateKeypai r (struct  PgpEnv  const  *env, 

struct  PgpSecKey  *seckey, 
struct  PgpKeySpec  const  *keyspec, 
char  const  *name,  size_t  namelen, 
struct  PgpRandomContext  const  *rc, 
struct  RingSet  *pubset,  struct  RingSet 
int  r i ng C r ea t e S u b key  pa i r (struct  PgpEnv  const  *env, 

struct 
struct 
struct 
struct 
struct 


*secset) 


PgpSecKey  *seckey, 
PgpSecKey  *subseckey, 
PgpKeySpec  const  *keyspec, 
PgpRandomContext 
RingSet  *pubset. 


const  *rc, 

struct  RingSet  *secset) 


#end i f /*  PGP  RINGREAD  H */ 
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trust.c 


/ * 

* $ I d : trust.c, v 1.1  5.2.1  1 996/1  1 /1  4 04:09:31  cbertsch  Exp  $ 
*/ 


//include  <math.h> 


//include  "ringpriv.h" 
//include  " trust. h" 
//include  "trustpkt.h" 


U if  ! OLDTRUST 
byte 

r i n g T r u s t T o E x t e r n ( w o r d 1 6 trust) 

{ 

if  (trust  ==  PGP_TRUST_IN  F I NITE ) 

return  (byte)  PG P_N E WT RU S T_I N F I N I T E ; 
trust  >>=  T R U S T_C  ERTSHIFT; 
if  (trust  > PGP_NEWTRUST_MAX ) 

trust  = PGP_NEWTRUST_MAX; 
return  (byte)  trust; 

> 


w o rd  1 6 


r i n g T r u s t T o I n t e r n ( by t e trust) 

( 

if  (trust  > PGP_NEWTRUST_MAX ) { 

if  (trust  ==  P G P_N  E W T R U S T_I NFINITE) 

return  (word16)  PG P_T R U S T_I N F I N I T E ; 

else 


} 


return  0;  / * Undefined  * / 


> 


return  (word16)  trust  <<  T R U S T_C ERTSHIFT; 


i n t 

r i n g T r u s t V a l i d ( s t r u c t RingSet  const  *set,  word16  validity) 

{ 

if  (validity  >=  ( s e t - > p o o l - > t h r e s h o l d <<  T R U S T_C E R T S H I F T ) ) 
return  1; 
else 

return  0 ; 

> 

static  double  k 1 , k 2 ; 

static  void 
ringTrustlnit(void) 

{ 

double  d = log(IO.O); 

kl  = d/ PGP_TRUST_DECADE; 
k2  = PGP_TRUST_DECADE/d; 

> 

//define  R I N G T R U S T I N I T ( k ) if  (!k)  r i ngT  r u s 1 1 n i t ( ) 
unsigned 

r i n g I n t T o T r u s t ( u n s i g n e d long  r) 
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{ 

RINGTRUSTINIT(k2); 

return  (unsigned)  (Log  ((double)  r)  * k 2 + 0.5); 

> 

unsigned  Long 

r i ngT ru s t To  I n t ( un s i gned  t) 

{ 

RINGTRUSTINIT(kl); 

return  (unsigned  Long)  (exp  (t  * kl)  + 0.5); 

> 

# i f d e f GNUC /*  XXX:  Should  be  something  Like  H A S_L 0 N G_L0 N G */ 

unsigned  Long  Long 
r i n g T r u s t To U L L ( u n s i g n e d t) 

RINGTRUSTINIT(kl); 

return  (unsigned  Long  Long)  (exp  (t  * kl)  + 0.5); 

> 

U e n d i f 
ft  e nd  i f 

ft  if  0 

//include  <stdio.h> 


static  void 

prettytrust(unsigned  t,  int  wid) 

int  d = t - P G P_T  R U S T_D  E C A D E - P G P_T R U S T_0 C T A V E ; 
char  bufCIOd; 
int  i ; 

unsigned  Long  l; 


> 


if  (d  >=  0)  { 

/*  Straightforward  */ 
d -=  d % P G P_T  R U S T_D  E C A D E ; 
i = d / P G P_T  R U S T_D  E C A D E ; 

L = ringTrustToInt(t-d); 
if  ( i ) 

wid  -=  printf("1/%lu%0*u" , L,  i,  0); 

else 

wid  -=  printf("1/%lu",  L); 


> else  { 


/*  Do  decimal  point  thing  */ 

i - o ; 

do  { 

i + + ; 

d +=  P G P_T  R U S T_D  E C A D E ; 
t +=  PGP_TRUST_DECADE; 
> while  (d  < 0); 


sprintf(bufr  "%Lu",  ringTrustToInt(t)); 
i = (int)strlen(buf)  - i; 


wid  -=  p r i n t f ( " 1 / % . * s . / s " , i,  buf,  buf  + i); 

> 

while  (--wid  >=  0) 

putchar(  ' '); 


/ * Tweak  this*/ 
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i n t 

main(void) 

{ 

unsigned  t ; 
unsigned  Long  Long  j ; 


for  (t  = 0;  t <=  65535  ; t + + ) f 
j = r i n g T r u s t Toll  L L ( t ) ; 
printf("%5u  = 1/%-9Lu  = ",  t,  j); 
prettytrustCt,  28); 
putcharC  1 \ n 1 ) ; 

> 

return  0; 

> 

# e n d i f 
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trust.h 

/* 

* $ I d : 
*/ 

# i f nde  f 

# d e f i n e 

U i n c l ud  e 

#def i ne 

# d e f i n e 
U d e f i n e 

# d e f i n e 

byte 
w o r d 1 6 
unsigned 
i n t 

unsigned 

# i f d e -f  _ 
unsigned 

# e nd i f 

#end  i f / 


trust. h,v  1.11  1996/11/12  02:17:56  mhw  Exp  S 


P G P_T  R U S T_H 
PGP_TRUST_H 

"pgp/usuals.h" 

P G P_T  R U S T_D  E C A D E (40*64) 

P G P_T  RUST_0CT  AVE  (12*64) 

P G P_T  R U S T_.M  A X Oxfffe 
PGP_TRUS  T_I N F I N I T E Oxffff 

r i n g T r u s t To E x t e r n ( wo r d 1 6 trust); 
ringTrustToIntern(byte  trust); 
ringIntToTrust(unsigned  long  r ) ; 

ringTrustValid(struct  RingSet  const  *set,  word16  validity); 
long  ringTrustToInt(unsigned  t ) ; 

_GNUC /*  XXX:  Should  be  something  like  HAS_L0NG_L0NG  */ 

long  long  r i ngTrustToU  l l (uns i gned  t); 


* PGP  TRUST  H */ 
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trusfpkt.c 


/* 

* trust. c - manage  translations  of  trust  description  strings 

* for  the  maintenence  display. 

* 

* Written  by  Colin  Plumb. 

* 

* $Id:  trustpkt . c,v  1.4. 2.1  1996/11/14  04:09:31  cbertsch  Exp  $ 

★ / 

//ifdef  HAVE  CONFIG  H 


//include 

" c on  f i g . h " 

# e n d i f 

//include 

<string.h> 

//include 

" trustpkt. h" 

//include 

"mempool  . h" 

//define 

USERTRANS(x)  x 

# d e f i n e 

userT  ransCx)  x 

char  const  * k e y T r u s t T a b l e C 1 4 ] = { 

USERTRANS ( "undefined"  ) , 

USERTRANS ( "unknown"  ) , 

USERTRANS ( "untrusted"), 

" < 3 > " , 

" <4>"  , 

USERTRANS ( "marginal"), 

USERTRANS ( "complete"  ) , 

USERTRANS ( "ultimate"), 

/*  Some  special  cases  displayed  in  the  same  column  */ 

n ii 

/ 

USERTRANS ( "retired"), 

USERTRANS ( "revoked" ) , 

USERTRANS ( "untested"  ) , 

USERTRANSC "INVALID"), 

USERTRANS ( "**  BAD  **") 

>; 


char 


>; 


const  * u i d Va l i d i t y Ta b l e C 4 ] 
USERTRANSC "undefined"), 
USERTRANS ("untrusted"), 
USERTRANS ( "ma  rg i na  1 ")  , 
USERTRANSC " complete"  ), 


{ 


/ * 

* Translate  the  trust  tables  at  once,  to  avoid  massive  overhead  while 

* displaying  the  output. 

*/ 

# i f 0 
void 

trustlnitTables(void) 

{ 

static  int  initialized  = 0; 
i n t i , len; 
char  const  *s; 
char  * p ; 
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if  (initialized) 
return; 


> 

//end  i f 


for  ( i 


> 

for  ( i 
{ 


> 


= 0;  i < sizeof(keyTrustTable)/sizeof(*keyTrustTable);  i + + ) { 
s = userTransCkeyTrustTableli]); 
if  (s  !=  keyTrustTableCiD)  { 
len  = strlen(s)+1; 

p = memPool  A l loc (&Hi scPool , len,  1 ) ; 
if  ( p ) f 

memcpyCp,  s,  len); 
keyTrustTableCi]  = p ; 

> 

> 

= 0;  i < sizeof(uidValidityTable)/sizeof(*uidValidityTable); 
i ++ ) 


s 

i f 


> 


userTransCuidValidityTableEiH); 
s !=  u i dVa  l i d i t y Ta b l e C i ] ) ( 
len  = strlen(s)+1; 
p = m em Po o l A l l o c ( &M i s c Poo  l , 
if  (p)  { 

memcpyCp,  s,  len); 
uidValidityTableli] 

> 


len. 


= p; 


i ) 
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trustpkt.h 

/ * 

* $Id:  trustpkt.h,v  1.9  1996/11/12  02:17:57  mhw  Exp  $ 

* / 


# i f nde  f T R U S T_H 
//define  TRUST  H 


/* 

* Key  trust  byte: 

* 8 + H 

* | | BUCKSTOP  bit  - this  is  an  axiomatic  key 

* 7 +--+ 

* I I 

* 6 +--+ 

* | | Disabled  - don't  use  at  user  request 

* 5 +--+ 

* | | Revoked  - don't  use  at  issuer  request 

* 4 + — + 


★ 

3 

+ - 

- + 

★ 

1 

1 

Introducer  trust. 

6 levels 

are  used 

* 

2 

+ 

+ 

000 

- undefined. 

need  to  ask  user 

* 

1 

1 

001 

- Unknown,  consider  to 

be  zero 

★ 

1 

+ 

+ 

010 

- Not  trusted 

★ 

I 

1 

01  1 

- unused 

★ 

0 

+ - 

- + 

1 00 

- unused 

★ 

101 

- Marginal  - 

partially 

trusted 

■ k 

1 1 0 

- Complete  - 

completely 

trusted 

* 

1 1 1 

- Ultimate  - 

ultimately 

trusted 

* / 

//define  PGP_KE  YTRUST  F_BUCKSTOP  0x80u 
//define  PG  P_KE  Y T R U S T F_D  I S AB  L E D 0x20u 
//define  PGP  KEYTRUSTF  REVOKED  OxlOu 


//define 
//define 
//define 
ft  d e f i n e 
# d e f i n e 
//define 
//define 


P G P_K  EYTRUST_MASK 

P G P_KE  Y T R U S T_U  N D E F I NED 

PGP_KEYTRUST_UNKNOWN 

P G P_K  E Y T R U S T_N  EVER 

P G P_K E Y T R U S T_M  A R G I N A L 

PGP_KEYTRUST_COMPLETE 

PGP  KEYTRUST  ULTIMATE 


0 x 7 u 
0 x 0 u 
0x1  u 
Ox  2 u 
Ox  5 u 
0x6u 
0x7u 


/* 

* Name  trust  byte: 

* 8 +--+ 

* | | WARNONLY  bit  - yes,  it's  okay  to  use  even  though  not  fully  trusted 

* 7 +--+ 

* | | unused 

* 6 +--+ 

* | | unused 

* 5 +--+ 

* | | unused 

* 4 +--+ 

* | | unused 

* 3 +--+ 

* | | unused 

* 2 + — + 
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* | | Confidence  in  name's  validity. 

* 1 + + 00  - Not  known 

* | | 01  - Not  trusted 

* 0 + — + 10  - Partially  trusted 

* 11  - Completely  trusted 

* 

* New  trust  packets  are  followed  by  up  to  two  more  bytes,  which  are  the 

* certainty  PGP  has  of  the  name's  validity  and  the  confidence  the  user 

* has  assigned  to  this  name  as  an  introducer,  respectively.  The  byte 

* b represents  probability  of  10A(-b/40)  that  the  name  is  incorrect, 

* up  to  252.  255  means  "total  confidence",  253  means  confidence  is 

* undefined,  and  254  is  reserved  for  now. 

* 

* 5)5)5)  Reserve  0 for  "undefined/I  dunno",  1 for  "untrusted"  and  offset 

* everything  that  way.  It  might  be  more  natural... 

* 

* The  following  pattern  repeats  each  40: 

* 


★ 

0 

= 

1 . 00000 

9 

= 

1 . 

67880 

1 8 

= 

2 .81838 

27  = 

4.73151 

36 

= 7. 

94328 

★ 

1 

. 

1 .05925 

1 0 

= 

1 . 

77828 

1 9 

= 

2 . 98538 

28  = 

5.01187 

37 

= 8. 

41395 

★ 

2 

- 

1 . 1 2202 

1 1 

= 

1 . 

88365 

20 

= 

3 . 16228 

29  = 

5 . 30884 

38 

= 8. 

91251 

★ 

3 

= 

1 . 1 8850 

1 2 

= 

1 . 

99526 

21 

= 

3 . 34965 

30  = 

5 .62341 

39 

= 9. 

44061 

★ 

4 

= 

1 . 25893 

1 3 

= 

2 . 

1 1 349 

22 

= 

3 .54813 

31  = 

5.95662 

40 

= 10 

. 0000 

★ 

5 

= 

1 .33352 

1 4 

= 

2 . 

23872 

23 

= 

3 .75837 

32  = 

6 . 30957 

41 

= 10 

. 5925 

★ 

6 

= 

1.41254 

1 5 

= 

2 . 

37137 

24 

= 

3.98107 

33  = 

6 . 68344 

42 

= 1 1 

.2202 

* 

7 

= 

1 . 49624 

1 6 

= 

2 . 

51189 

25 

= 

4 .21697 

34  = 

7 . 07946 

43 

= 1 1 

. 8850 

★ 

8 

_ 

1 . 58489 

1 7 

= 

2 . 

66073 

26 

— 

4 . 46684 

35  = 

7 . 49894 

44 

= 12 

. 5893 

X 

★ 

A s 

you  can  see. 

f ( 1 2 ) 

~=  2, 

f ( 1 9) 

~=  3,  * 

and  f ( 2 4 ) ~ = 

4 . 

★ 

The 

converse 

o f 

t h i 

s 

is  that 

f (40 

-12)  = f ( 2 8 ) = 

10/f(12)  ~= 

10/2  = 5 

★ 

and 

s i m i l a r l y 

f (21  ) 

~ 

= 10/3 

= 

3.33  and  f ( 1 6 ) “ = 

10/4  - 

2.5. 

★ 

The 

system  was  chosen 

because 

a l l 

of  those 

nice 

integer 

ratios 

* 

-l . 

work 

out. 

X 

★ 

T h i 

s 

is  very 

close 

t 0 

2A(-b/12), 

the  difference 

being  the  1024/1000 

* 

mismatch  that 

programmers  are 

used  to  ignoring. 

Thus, 

each 

1 2 

steps 

★ 

i s 

an  octave 

and 

each 

single 

step 

is  a semitone 

* 

* From  the  API,  these  values  are  translated  to  16-bit  values,  which  are 

* all  the  programmer  sees.  The  16-bit  values  are  shifted  by  6 bits, 

* giving  a minimum  representable  error  of  abut  2.5*10A-26. 

* / 

//define  PG  P_N  AM  E T R U S T F_W  A R N ON  L Y 0x80u 

0 x 3 u 
OxOu 
0x1  u 
Ox  2 u 
0x3u 

validity  and  confidence  bytes  on  names  */ 

252 

253 
255 

/ * 

* Signature  trust  byte: 

* 8 +--+ 

* | | unused 


ft  d e f i n e 
//define 
ft  define 
ft  define 
ft  d e f i n e 


P G P_N  AMETRUST_ 
P G P_N  AMETRUST_ 
P G P_N  AMETRUST. 
P G P_N  AMETRUST. 
PGP  NAMETRUST 


MASK 

.UNKNOWN 

.UNTRUSTED 

.MARGINAL 

COMPLETE 


/*  The  following  bytes  apply  to 
//define  PGP_NEWTRUST_MAX 
//define  P G P_N  E WT  R U S T_U  N D E F I N E D 
//define  PGP  NEWTRUST  INFINITE 
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* 7 +--+ 

* I I 

* 6 +--+ 

* I I 

* 5 + — + 

* I I 

* 4 + — + 

* I I 

* 3 +--+ 

* I I 

* 2 + + 

* I I 

* 1 + + 

* I I 

* 0 H h 

* / 

/ * 

* The  Low  3 bits  of  a signature's  trust  are  generally  the  same  as 

* the  corresponding  key's  trust  ( PG P_KE Y T R U S T_U N D E F I N E D if  none),  but 

* the  following  signature  p s e udo- t r u s t s used  in  some  printing  contexts: 
*/ 


//define 

PGP_ 

,SIGTRUST_ 

.NOKEY 

0x8u 

/* 

No  corresponding  key  */ 

//define 

PGP_ 

.S  IGTRUST_ 

.RETIRED 

0 x 9 u 

/* 

Retired/sig  revoked  */ 

U d e f i n e 

PGP_ 

.S  IGTRUST_ 

.REVOKED 

Ox  Au 

/* 

Signing  key  revoked  */ 

# d e f i n e 

PGP_ 

.S  IGTRUST_ 

.UNTRIED 

OxBu 

/* 

Signature  has  not  been  tried  */ 

# d e f i n e 

PGP_ 

.S  IGTRUST_ 

.INVALID 

Ox  C u 

/ * 

Invalid  signature  or  something 

//define 

PGP 

SIGTRUST 

BAD 

OxDu 

/ * 

BAD  SIGNATURE  */ 

Checked  - Signature  is  good 

Tried  - Signature  verification  attempted 

unused 

unused 

Introducer  trust,  copied  from  key  that  makes  it 


/* 

* There  are  four  possible  signature  states  worth  noting,  actually: 

* - No  verification  attempted  (includes  key  not  found) 

* - Verification  impossible  (format  problem  or  key  length) 

* - Verified  bad  (format  correct,  but  signature  is  no  good) 

* - Verified  good 

* 

* In  practice,  the  middle  two  can  be  merged,  and  the  last  marked  by 

* the  PG P_S I G T R U S T F_C H E C KE D bit  for  compatibility  with  2.x.  The  first  two 

* can  be  d i s t i n g u i d h e d through  the  use  of  the  PG P_S I G T R U S T F_T R I E D bit. 

* If  clear,  the  signature's  verification  has  never  been  attempted. 

* 

* At  some  future  point,  we  should  make  CHECKED=1  and  TRIED=0  mean  that 

* a signature  was  bad,  but  postpone  on  that  for  a while;  the  state  is 

* CHECKED=0,  TRIED=1  for  now.  If  we  see  CHECKED  set,  that  implies 

* TRIED . 

* / 

#define  PG P_S I G T R U S T F_T R I E D 0x20u  /*  Visited  by  sig  check  (-kc)  */ 

//define  PG P_S I G T RU S T F_C H E C KE D 0x40u  /*  Checked  out  good  */ 

//define  PG  P_S  I G T R U S T F_C  H E C KE  D_T  R I E D ( P G P_S  I G T R U S T F_C  H E C K E D | \ 

PGP_SIGTRUSTF_TRIED) 

extern  char  const  *keyTrustTableCH; 
extern  char  const  *uidValidityTableC]; 

//endif  /*  TRUST  H */ 
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pipe/ 
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.cvsignore 

Makef i Le  LIBDONE 


include 
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Makefile. in 

u 

# L i b / p i p e 
U 

# $ I d : Makef i le  . i n,v  1.1  4 1 996/1  1 /1  2 02:1  7:58  mhw  Exp  $ 

n 

S U B D I R S = u t i L s file  sig  crypt  text  parser 

LIBD0NE=utils/D0NE  file/DONE  sig/DONE  crypt/DONE  text/DONE  parser/DONE 

all::  LIBDONE 

do-c  lean:  : 

$ ( R M ) LIBDONE 
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makefile. msc 


Hnclude  " ma  k e f i L e . i n " 


all  check  clean  depend  headers  install  very-clean:: 
for  % d in  ( $(SUBDIRS)  ) do  \ 

cd  %d  &&  $ ( M A K E ) /$ (MAKE  FLAGS ) /f  makefile. msc  $3  &&  cd 

LIBDONE  : 
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crypt/ 
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lib  / pgp/ pipe/ crypt/. cvsignore 

.cvsignore 

Makefile  DONE 
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Makefile.in 

n 

# lib/pipe/crypt 

# 

ft  $ I d : Makef  i Le  . i n,v  1.1  1 1 996/1  1 /1  2 02:1  7:58  mhw  Exp  $ 

# 

LOCALINCLUDES=  - 1 . . / . . / i n c l u d e 

0 B J S = ciphrmod.o  convmod.o  makepke.o  pkemod.o 

PUBHDRS=  ciphrmod.h  convmod.h  pkemod.h 
PRI VHDRS= 

all::  DONE 
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makefile.msc 


C F L A G S = 

-I..\..\..\..\include  -I..\..\..\include  \ 

-I  . . \ . . \ . . \ . . -DHAVE  CONFIG  H $ ( DEBUG ) 

P G P L I B = . 

,.\..\..\pgplib.lib 

all:: 

l i b 

headers : 

: i n c l 

include  "makefile. in 


i n c l : 

if  not  "$( PUBHDRS ) " = = " " \ 

for  %f  in  ( $(PUBHDRS)  ) do  copy  %f  . . \ . . \ . . \ . . \ i n c l u d e \ p g p 
if  not  "$( PRIVHDRS ) " = = " " \ 

for  %f  in  ( $(PRIVHDRS)  ) do  copy  %f  . . \ \ \ i n c l ude 

DOB J S = 
lib: 

$ ( OB J S : . o=  . ob j ) 

$ ( DOB J S ) 

. c . o b j : 

$(CC)  $(CFLAGS)  -11  -c  $< 

lib  /out  : $( PGPLIB)  $(PGPLIB)  $*.obj 

clean: 

del  * . o b j 

DONE  : 

if  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(PGPLIB)  $(DOSOBJS) 
if  not  exist  $(PGPLIB)  l i b / ou t : $ ( PG P L I B ) $(DOSOBJS) 
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ciphrmod.c 

/* 

* ciphrmod.c  A module  to  perform  Block  Cipher  encryption  and  Decryption 

* 

* Written  by:  Derek  Atkins  <w a r l o r da M I T . E D U> 

* 

* $Id:  ciphrmod.c, v 1.39  1996/11/12  02:17:59  mhw  Exp  $ 

*/ 

# i f d e f HAVE  CONFIG  H 


//include 
U e nd i f 

" c o n f i g . h " 

//include 

<assert.h> 

//include 

< s t d i o . h > 

# i n c l ud  e 

"addhdr.  h" 

# i nc  l ude 

" c i ph  rmod  . h " 

# i n c l ud e 

"pktbyte.h" 

U i nc  l ude 

"pgp/cfb.h" 

# i nc  l ude 

"pgp/pgpmem.h" 

//include 

"pgp/pipeline.h" 

//include 

"pgp/usuals.h'' 

# d e f i n e 

CIPHERMODMAGIC  OxOcIfecOde 

//define 

CIPHERMO  D_D  E C R Y P T 

0 

//define 

CIPHERMOD  ENCRYPT 

1 

struct  Context  f 

byte  bufferCBUFSIZD; 
byte  *bufptr; 
s i ze_t  buf  l en; 
struct  PgpPipeline  * t a i l ; 
struct  Pg p C f b C o n t e x t *cfb; 
byte  encrypt; 

>; 


static  i n t 

DoFlush  (struct  Context  *context) 
{ 

int  error  = 0; 
s i z e_t  r e t l e n ; 


> 


/*  Try  to  flush  anything  that  we  have  buffered  */ 
while  ( c on t e x t -> bu f l e n ) { 

retlen  = c o n t e x t -> t a i l -> w r i t e ( c o n t e x t -> t a i l , 

context->bufptr, 
context->buf  len, 
Serror); 


context->buf  len  -=  retlen; 
memset  (context->bufptr,  0,  retlen); 
context->buf ptr  + = retlen; 
if  (error) 

return  error; 


> 


return  error; 
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static  i n t 

Flush  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
int  error; 

assert  (myself); 

assert  ( my s e l f ->ma g i c ==  C I PH E RMO D M AG  I C ) ; 

context  = (struct  Context  * ) myse  l f->pr i v; 
assert  (context); 
assert  (context->tail); 

error  = DoFlush  (context); 
if  (error) 

return  error; 

return  context->tail->flush  (context->tail); 

> 

static  siz  e_t 

Write  (struct  PgpPipeline  *myself,  byte  const  *buf,  si ze_t  size,  int  *error) 
C 

struct  Context  *context; 
size_t  written  = 0; 

assert  (myself); 

assert  (myse  lf->magi c ==  CIPHERMODMAGIC); 
assert  (error); 


context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 


do  C 


★error  = DoFlush  (context); 
if  (*error) 

return  written; 

/ * 

* Now  that  we  dont  have  anything  buffered,  bring  in  more 

* data  from  the  passed-in  buffer,  process  it,  and  buffer 

* that  to  write  out. 

*/ 


context->buf ptr  = context->buffer; 

context->buf  len  = min  (size,  sizeof  ( c on t e x t -> bu f f e r ) ) ; 
if  ( c on t e x t-> e n c r y p t ) 

pg p C f b E n c ry p t ( c o n t e x t -> c f b , (byte  *)buf, 

c o n t e x t -> bu f f e r , context->buf  len 


else 


pg p C f b D e c r y p t ( c on t ex t -> c f b , (byte  *)buf, 

context->buffer,  context->buf  len); 

buf  +=  context->buf  len; 
size  -=  context->buf  len; 
written  +=  context->buf  len; 


} while  ( context->buf  len  > 0); 

/*  Continue  until  we  have  nothing  buffered  */ 
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> 


return  written; 


static  i n t 

Annotate  (struct  PgpPipeline 
byte  const  * s t r i ng 


/ 


★myself 
size  t 


, struct 
size) 


struct  Context  *context; 
int  error; 


PgpPipeline  *origin. 


i n i 


assert  (myself); 

assert  (myself->magic  ==  CIPHERMODMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

error  = DoFlush  (context); 
if  (error) 

return  error; 


> 


return  c o n t e x t -> t a i l -> a n n o t a t e ( c on t e x t -> t a i l , origin,  type, 

string,  size); 


static  int 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

struct  Context  *context; 
int  error; 

assert  (myself); 

assert  (myse  l f->magi c ==  CIPHERMODMAGIC) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

error  = DoFlush  (context); 
if  (error) 

return  error; 


> 


return  c o n t e x t - > t a i l - > s i z e A d v i s e ( con t ex t-> t a i l , bytes); 


static  void 

Teardown  (struct  PgpPipeline  *myself) 

{ 

struct  Context  ^context; 
assert  (myself); 

assert  ( myse  l f->mag i c ==  CIPHERMODMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

if  (context->tail) 

context->tai l->teardown  (context->tai  l ); 


type. 
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pgpCfbDestroy  (context->cfb); 

memset  (context,  0,  sizeof  (*context)); 

pgpMemFree  (context); 

memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 


struct  PgpPipeline  ** 
pgpCi pherModDecryptCreate 


(struct 

struct 


struct  PgpPipeline  *mod; 
struct  Context  *context; 


PgpPipeline  **head, 
Pg p C f b C on t e x t *cfb) 


assert  (cfb); 


if  (!head)  i 

pgpCfbDestroy  (cfb); 
return  NULL; 

> 


context  = (struct  Context  OpgpMemAlloc  (sizeof  (*context)  ); 
if  (!  context)  C 

pgpCfbDestroy  (cfb); 
return  NULL; 

> 

mod  = (struct  PgpPipeline  *)pgpMemAlloc  (sizeof  (*mod)  ); 
if  ( ! m o d ) C 

pgpCfbDestroy  (cfb); 
pgpMemFree  (context); 
return  NULL; 

> 

mod->magic  = C I PH E RMODMAG I C ; 

mod->wri te  = Write; 

mod->flush  = Flush; 

mod-> s i z e Ad v i s e = SizeAdvise; 

mod->annotate  = Annotate; 

mod->teardown  = Teardown; 

mod->name  = "Cipher  Decryption  Module"; 

mod->pri v = context; 


memset  (context,  0,  sizeof  (*context)); 
c o n t e x t -> bu f p t r = c o n t e x t - > b u f f e r ; 
context->cfb  = cfb; 

context->encrypt  = C I P H E RMO D_D E C R Y PT ; 

context->tail  = *head; 

*head  = mod; 

return  &context->tail; 


struct  PgpPipeline  ** 

pg p C i p h e r Mod E n c r y p t C r ea t e (struct  PgpPipeline  **head,  PgpVersion 

struct  PgpFifoDesc  const  *fd, 
struct  Pg p C f b C o n t e x t *cfb, 
byte  const  i v C I V L E N- 2 ] ) 

{ 

struct  PgpPipeline  *mod,  * * t a i l ; 


version. 
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struct  Context  *context; 
byte  en c_i v C I V LE N ] ; 

assert  (cfb); 

if  ( ! h e a d ) 

return  NULL; 

context  = (struct  Context  *)pgpMemAlloc  (sizeof  (*context)); 
if  ( [context) 

return  NULL; 

mod  = (struct  PgpPipeline  * ) pgpMemA L L oc  (sizeof  (*mod) ); 
if  ( ! mod ) C 

pgpMemFree  (context); 
return  NULL; 

> 

mod->magic  = CIPHERMODMAGIC; 

mod->write  = Write; 

mod->flush  = Flush; 

mod->sizeAdvise  = SizeAdvise; 

mod->annotate  = Annotate; 

mod-> t ea rdown  = Teardown; 

mod->name  = "Cipher  Encryption  Module"; 

mod->priv  = context; 

memset  (context,  0,  sizeof  (*context) ) ; 
context->bufptr  = context->buffer; 
context->cfb  = cfb; 

context->encrypt  = C I PH E RMO D_E N C R Y PT ; 

/*  Splice  in  the  module  */ 
context->tail  = * h e a d ; 
tail  = &context->tail; 

/*  Created  the  encrypted  IV  */ 

memcpy  (enc_iv,  iv,  IVLEN-2); 

memcpy  ( e n c_i v + I V L E N-2 , e n c_i v + 1 V L E N- 4 , 2); 

pgpCf bEncrypt  (cfb,  enc_iv,  enc_iv,  IVLEN); 

pgpCfbSync  (cfb); 

tail  = pgpAddHeaderCreate  (tail,  version,  fd,  PKTB Y T E_C ON  V E N T I 0 N A L , 0, 

enc_iv,  IVLEN); 


memset  (enc_iv,  0,  IVLEN); 
if  ( ! tai  l ) f 

pgpMemFree  (context); 
pgpMemFree  (mod); 
return  NULL; 

> 

★head  = mod; 
return  tail; 
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ciphrmod.h 

/ * 

* ciphrmod.h  --  secret-key  cipher  module 

* 

* Written  by:  Derek  Atkins  < w a r l o r d 3M  I T . E D U > 

* 

* $Id:  ciphrmod.h, v 1.17  1996/11/12  02:17:59  mhw  Exp  $ 

* / 

# i f nd  e f PG P_C I P H E RMO D_H 
//define  PG P_C I P H E RM 0 D_H 

//include  "pgp/usuals.h" 

struct  PgpPipeline; 

# i f nd  e f T Y P E_PG P P I P E L I N E 

//define  T Y P E_PG P P I P E L I N E 1 

typedef  struct  PgpPipeline  PgpPipeline; 

//  e n d i f 

struct  PgpCfbContext; 

# i f nd  e f TYPE_PGPC FBCONTEXT 
//define  TYPE_PGPC FBCONTEXT  1 

typedef  struct  PgpCfbContext  PgpCfbContext; 

/tend  i f 

struct  PgpFifoDesc; 

//ifndef  T Y P E_P G P F I F 0 D E S C 

//define  T Y P E_P  G P F I F 0 D E S C 1 

typedef  struct  PgpFifoDesc  PgpFifoDesc; 

# e n d i f 


/ * 

* Create  a Cfb  Decryption  Module 

* This  module  assumes  control  of 

* it  upon  teardown. 

* / 

struct  PgpPipeline  ** 
pgpCipherModDecryptCreate  (struct 

struct 


using  the  passed-in  PgpCfbContext. 
the  PgpCfbContext  and  will  clear/free 


PgpPipeline  **head, 
PgpCfbContext  *cfb); 


/ * 

* Create  a Cfb  Encryption  Module  using  the  passed-in  PgpCfbContext.  The 

* user  must  pass  in  an  8-byte  iv,  which  will  be  encrypted  into  the 

* stream.  The  Cipher  Module  assumes  control  of  the  PgpCfbContext  and 

* will  clear/free  it  upon  teardown. 

*/ 

struct  PgpPipeline  ** 

pg p C i p h e r Mod E n c ry p t C r e a t e (struct  PgpPipeline  **head,  PgpVersion  version, 

struct  PgpFifoDesc  const  *fd, 
struct  PgpCfbContext  *cfb, 
byte  const  i v C I V L E N-2  ] ) ; 


//end  i f /*  PGP  CIPHERMO  D_H  */ 
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convmod.c 

/* 

* convmod.c  --  Convetional  Encryption  Module 

•k 

* Uses  the  cipher  module  to  encrypt  a message;  this  will  output  the 

* appropriate  PGP  headers  (ESK-type)  packets  associated  with  the 

* requested  encryption  type  and  pass  phrase  string. 

* 

* Written  by:  Derek  Atkins  <warlordS)MIT.EDU> 

* 

* $Id:  convmod.c, v 1.17  1996/11/12  02:17:59  mhw  Exp  $ 

*/ 


#ifdef  H A V E_C  0 N F I G_H 

ft  i nc  l ude 
ft  e nd  i f 

" c o n f i g . h " 

^include 

<assert . h> 

//include 

< s t d i o . h > 

//include 

" convmod  . h " 

ft  i n c l u d e 

"pktbyte.h" 

//include 

"pgp/cfb.h" 

ft  i n c l u d e 

"pgp/cipher.h" 

//include 

"pgp/convkey.  h 

ft  include 

"pgp/join.h" 

//include 

"pgp/pgpmem.  h" 

ft  i nc  l ude 

"pgp/pgperr.h" 

//include 

"pgp/pi pe l i ne  . 

//include 

"pgp/str2key  . h 

//include 

"pgp/usuals.h" 

/* 

conventional  ESK  has  the  following  format 
<packet  header>  (type,  lien,  length) 
versi onll ] 
cipherCID 

StringToKey  ObjectCxD 
ESK  (optional)Cyd 


(struct  PgpPipeline  *join,  PgpVersion 
struct  Pgp S t r i ngToKey  const  *s2k, 
struct  PgpConvKey  const  *convkeys, 
byte  const  *session) 


* 
ie 
* 

* 

* 

* 

* / 

static  i n t 
addConvESKs 


version,  byte  cipher. 


struct  PgpStringToKey  const  * s T o K ; 
struct  PgpCipher  const  *sc  = NULL, 
struct  PgpCfbContext  * c f b = NULL; 
si ze_t  esklen,  last  = 0; 
byte  *buf  = NULL,  *ptr; 
byte  *key  = NULL; 
int  err  = 0; 

if  ( ! c ) 

return  PG P E R R_B A D P A R AM ; 
if  (session)  { 


*c  = pgpCipherByNumber  (cipher); 
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sc  = pg p C i p h e r By N umb e r (*session); 
if  ( ! s c ) 

return  PG P E R R_B A D P A R AM ; 
cfb  = pgpCfbCreate  ( c ) ; 
if  ( ! c f b ) 

return  PG P E R R_N0M E M ; 
key  = (byte  *)pgpMemAlloc  (c->keysize); 
if  ( ! key ) C 

pgpCfbDestroy  (cfb); 
return  PG P E R R_N 0 M E M ; 

> 

> 

for  (;  convkeys;  convkeys  = convkeys->next)  f 

sToK  = (convkeys->stri  ngToKey  ? convkeys->stringToKey  : s 2 k ) ; 
esklen  = 1 + 1 + sToK->encodelen; 

if  (sc) 

esklen  +=  sc->keysize  + 1; 
if  (esklen  + 3 > last)  { 

buf  = (byte  *)pgpMemRealloc  (buf,  esklen  + 3 ) ; 
if  ( ! bu  f ) { 

err  = PG P E R R_N 0 M E M ; 
break; 

} 

last  = esklen  + 3 ; 

> 

if  (esklen  > 8192)  { 

err  = PG P E R R_E S K_T00 LONG ; 
break; 

} 

ptr  = buf+3; 

*ptr++  = (byte)  version; 

* p t r + + = cipher; 

memcpy  (ptr,  sToK->encoding,  sToK->encodelen); 
ptr  +=  sToK->encodelen; 

/*  Add  optional  ESK  */ 
if  (sc)  f 

pg p S t r i n g ToKey  (sToK,  c o n v k e y s -> p a s s , 

convkeys->passlen,  key,  c->keysize); 
pgpCfblnit  (cfb,  key,  NULL); 
memset  (key,  0,  c->keysize); 

pgpCfbEncrypt  (cfb,  session,  ptr,  sc->keysize+1 ); 

pgpCfbWipe  (cfb); 

ptr  +=  sc->keysize  + 1; 

> 

/*  Create  the  ConvESK  Packet  */ 
if  ( P KT  L E N_0  N E_B  YTE(esklen))  { 

bu  f C 1 ] = P KT B Y T E_B U I L D_N  E W ( P KT B Y T E_C 0 N V E S K ) ; 
b u f C 2 ] = PKTLEN_1 BYTE ( es k l en ) ; 
ptr  = buf+1; 
esklen  +=  2; 

> else  ( 

bu  f [ 0 ] = P KT  B Y T E_B  U I L D_N  E W ( PKT  B Y T E_C  ONVESK); 
bufCI]  = P KT  L E N_B  YTEO(esklen); 
b u f C 2 ] = PKTLEN_BYTE1 (esklen); 
ptr  = buf; 
esklen  +=  3; 

> 
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if  ( pgp J o i nBu f f e r (join,  ptr,  esklen)  !=  esklen)  { 
err  = P G P E R R_N  0 M E M ; 
break; 

> 

> 

if  (key)  { 

memset  (key,  0,  c->keysize+1); 
pgpMemFree  (key); 

> 

if  (buf)  { 

memset  (buf,  0,  last); 
pgpMemFree  (buf); 

> 

if  ( c f b ) 

pgpCfbDestroy  (cfb); 
return  err; 

> 


struct  PgpPipeline  *★ 
pgpConvModCreate  (struct 

struct 
struct 
struct 
byte  c 

{ 


PgpPipeline  * * h e a d , PgpVersion  version, 
PgpFifoDesc  const  *fd, 

Pg p S t r i n g To  Key  const  *s2k, 

PgpConvKey  const  *convkeys, 
pher,  byte  const  *session) 


struct  PgpPipeline  * j o i n = NULL,  * * t a i l = &join; 


/*  Only  allow  conventional  ESKs  with  PG PV E R S I 0N_3  packets  ★ / 
if  (version  <=  PG P V E R S I 0 N_2_6 ) { 

if  (cipher  !=  PGP_CIPHER_IDEA  ||  convkeys->next  ||  session) 
return  NULL; 


> 


if  ( c o n v k e y s -> s t r i n g ToKey ) 

if  ( ! pg p S 2 K i s 0 l dV e r s 
return  NULL; 


else 


(convkeys->stringToKey) ) 


if  ( ! pg p S 2 K i s 0 l dVe r s (s2k)) 
return  NULL; 


tail  = pgpJoinCreate  (Sjoin,  fd); 
if  ( ! t a i l ) 

return  NULL; 

/*  Add  the  conventional  ESKs  here  */ 
if  (version  > P G P V E R S I 0 N_2_6 ) { 

if  (addConvESKs  (join,  version,  cipher,  s2k,  convkeys, 

session))  { 

join->teardown  (join); 
return  NULL; 

> 

> 

/*  Splice  in  the  join  module  */ 

★tail  = *head; 

★head  = join; 
return  tail; 
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convmod.h 

/* 

* convmod.h  --  Conventional  Encryption  Module 

* k 

* Written  By:  Derek  Atkins  < w a r l o r d 3 M I T . E D U > 

* 

* $ I d : convmod.h, v 1.8  1 996/1  1 /1  2 02:1  8:00  mhw  Exp  $ 

★ / 

Z/ifndef  PGP_C0NVM0D_H 
//define  PGP_C0NVM0D_H 

//include  " pg p / u s u a l s . h " 

struct  PgpPipeline; 

//  i f nde  f T Y P E_PG P P I P E L I N E 

//define  T Y P E_PG P P I P E LI N E 1 

typedef  struct  PgpPipeline  PgpPipeline; 

//end  i f 

struct  PgpFifoDesc; 

# i t n d e f T Y P E_PG P F I F 0 D E S C 
//define  T Y P E_PG P F I F 0 D E S C 1 

typedef  struct  PgpFifoDesc  PgpFifoDesc; 

//end  i f 

struct  PgpConvKey; 

# i f nd  e f T Y P E_PG P C ON VKE Y 
//define  T Y P E_PG  P C ON  V KE  Y 1 

typedef  struct  PgpConvKey  PgpConvKey; 

# e nd i f 

struct  PgpStringToKey; 

# i f n d e f T Y P E_PG P S T R I NG T OKE Y 
//define  T Y P E_PG  P S T R I N G TO  KE  Y 1 

typedef  struct  PgpStringToKey  PgpStringToKey; 

# e nd i f 

struct  PgpPipeline  ** 

pgpConvModCreate  (struct  PgpPipeline  **head,  PgpVersion  version, 

struct  PgpFifoDesc  const  *fd, 
struct  PgpStringToKey  const  *s2k, 
struct  PgpConvKey  const  *convkeys, 
byte  cipher,  byte  const  *session); 

# e n d i f /*  PGP  CONVMOD  H */ 
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makepke.c 

/ * 

* $ I d : makepke.c, v 1.1  9 1 996/1  1 /1  2 02:1  8:00  mhw  Exp  $ 
*/ 


//ifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 
//end  i f 

//include  <assert.h> 


//include 

//include 

//include 

//include 


"makepke.h" 
"pgp/pgperr  . h" 
"pgp/pubkey.h" 
"pgp/usuals.h" 


/*  The  maximum  size  of  the  PKE  */ 
s i z e_t 

ma k e P k e Ma x S i z e (struct  PgpPubKey  const  *pub,  PgpVersion  version) 

/*  version  + keylD  + type  +bit  count  + mpi  */ 
return  10  + pg p Pu bKe y Ma x e s k ( pu b , version); 

> 


/* 

★ 

Given  a buffer  of  at 

least  "ma kePkeMaxS i ze"  bytes. 

★ 

J, 

into  it  and 

return  the  size  of  the  PKE,  or  <0. 

X 

★ 

Format  of  PKE  packets 

: 

X 

★ 

Offset 

Length 

Me  a n i ng 

★ 

0 

1 

Version  byte  (=2). 

★ 

1 

8 

KeylD 

★ 

9 

1 

PK  algorithm  (1  = RSA) 

★ 

1 0 

2 + ? 

MPI  of  PK-encrypted  integer 

★ / 

i n t 

makePke  (byte  *buf,  struct  PgpPubKey  const  *pub, 
struct  Pg p R a ndom C o n t e x t const  *rc, 
byte  const  *key,  unsigned  keylen,  PgpVersion 

{ 

s i z e_t  e s k 1 e n ; 
i n t i ; 


make  a PKE 


version) 


/*  XXX  Should  "die"  gracefully,  here  */ 
assert  ( p u b -> e n c r y p t ) ; 


i = pgpPubKeyEncrypt  (pub,  key,  keylen,  buf+10,  Sesklen,  re,  version); 
if  (i  < 0) 

return  i; 

/*  Okay,  build  the  PKE  packet  - magic  version  number.  */ 
bufCO]  = (byte)version; 

/*  KeylD  */ 

memcpy(buf+1,  pub->keyID,  8); 

/*  Type  */ 

bufC9]  = pub->pkAlg; 
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> 


return  (int)esklen+10; 


{ 
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makepke.h 

/ * 

* makepke.h  --  Make  a Public  Key  Encrypted  packet  from  a pubkey  and  a 

* session  key. 

* 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  functions  in  an  application. 

* 

* $ I d : makepke.h, v 1.8  1 996/1  1 /1  2 02:1  8:00  mhw  Exp  $ 

*/ 

# i f nd  e f PG P_M AKE PKE_H 
//define  PGP  MAKEPKE  H 


//include  <stddef.h> 

//include  "pgp/usua  l s . h" 

struct  PgpPubKey; 
struct  Pg p Ra nd om C o n t e x t 


/ * For  s i z e_t  * / 

/*  For  byte  and  PgpVersion  */ 


/*  The  maximum  size  of  the  pu b l i c - k e y-e n c ry p t ed  packet  */ 

si ze_t  makePkeMaxSi  zelstruct  PgpPubKey  const  *pub,  PgpVersion  version); 


/ * 

* Given  a buffer  of  at  least  "makePkeMaxSize"  bytes,  make  a PKE  packet 

* into  it  and  return  the  size  of  the  PKE,  or  0. 

* / 

int  makePkeCbyte  *buf,  struct  PgpPubKey  const  *pub, 
struct  Pg p R a ndomC o n t e x t const  *rc, 

byte  const  *key,  unsigned  keylen,  PgpVersion  version); 
//endif  /*  PGP  MAKEPKE  H */ 
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pkemod. 


/ * 

* $Id:  pkemod. c,v  1.27 
*/ 


#ifdef  H A V E_C  0 N F I G_H 

^include 
ft  e nd  i f 

" c o n f i g . h " 

^include 

<assert  . h> 

ft  i nc  l ude 

< s t d i o . h > 

^include 

"ma  kepke . h " 

//include 

"pkemod. h" 

//include 

"pktbyte . h" 

//include 

"pgp/fifo.h" 

//include 

"pgp/join.h" 

# i nc l ude 

"pgp/pgpmem. h" 

//include 

"pgp/pgperr . h" 

# i n c l u d e 

"pgp/pi pe l i ne . h 

//define 

PKEMODMAG  I C 

1 996/1 1/12 


0x90b1 1 c 4 7 


02:18:01 


mhw  Exp  $ 


struct  Context  { 

byte  * k e y ; 
size_t  key  l en; 
byte  *bu  f ; 
si ze_t  bu  f l e n ; 

PgpVersion  version; 
struct  PgpPipeline  * t a i L ; 

>; 

static  int 

Flush  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert  (myself); 

assert  ( my s e l f ->ma g i c ==  PKE MO  DM AG  I C ) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

return  context->tail->flush  (context->tail); 

> 

static  s i z e_t 

Write  (struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  int 
{ 

struct  Context  *context; 
assert  (myself); 

assert  (myself->magic  ==  PKEMODMAGIC); 
assert  (error); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 


★error) 


941 


lib/ pgp/ pipe/ crypt/ pkemod.c 


assert  (context->tail); 

/*  Once  data  is  written,  clear  out  the  key!  */ 
if  ( c o n t e x t -> k ey ) ( 


> 

memset  (context->key,  0,  context->key len)  ; 
pgpMemFree  (context->key); 
context->key  = NULL; 
if  ( c on t e x t -> bu f ) { 

memset  (context->buf,  0,  context->buf  len); 
pgpMemFree  (context->buf); 
context->buf  = NULL; 
context->buf  len  = 0; 

> 

return 

> 

context->tai  l->wri te  (context->tail,  buf,  size,  error); 

static  int 

Annotate  (struct  PgpPipeline  *myself,  struct  PgpPipeline  *origin,  int  type. 


byte 

{ 

struct 

const  *string,  si ze_t  size) 

Context  *context; 

assert 

assert 

(myself); 

(myself->magic  ==  PKE MO  DM AG  I C ) ; 

context  = (struct  Context  *)myself->priv; 


assert 

assert 

(context); 

(context->tai  l); 

return 

c on t e x t -> t a i l -> a n no t a t e ( c o n t e x t -> t a i l , origin,  type, 

string,  size); 

> 

static  int 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 


struct 

Context  *context; 

assert 

assert 

(myself); 

(myself->magic  = = PKEMODMAGIC); 

context  = (struct  Context  * ) myse  l f->pr i v; 


assert 

assert 

(context); 

(context->tai  l); 

return 

> 

context->tail->sizeAdvise  (context->tail,  bytes); 

static  void 

Teardown  (struct  PgpPipeline  *myself) 


struct 

Context  *context; 

assert 

assert 

(myself)  ; 

(myse  l f->magi c ==  PKEMODMAGIC); 

context  = (struct  Context  *)myself->priv; 
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assert  (context); 
if  (context->tai  L) 

context->tai  l->teardown  (context->tai  l ) ; 
if  ( c o n t e x t -> k ey  ) { 

memset  (context->key,  0,  context->keylen); 
pgpMemFree  (context->key); 
context->key  = NULL; 

> 

if  (context->buf)  { 

memset  (context->buf,  0,  context->buflen); 
pgpMemFree  (context->buf); 
context->buf  = NULL; 
context->buf  Len  = 0; 

> 

memset  (context,  0,  sizeof  (*context)); 
pgpMemFree  (context); 

memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 

> 

/* 

* This  adds  a new  PKE  packet  to  the  head  of  the  message.  If 

* context->key  is  NULL,  return  an  error.  Also,  return  an  error  if 

* what  we  buffer  is  not  as  much  as  we  thought  we'd  written 
*/ 

i nt 

pgpPkeAddKey  (struct  PgpPipeline  *myself,  struct  PgpPubKey  const  *pubkey, 
struct  PgpRandomContext  const  *rng) 

struct  Context  *context; 
byte  * p ; 
s i z e_t  size; 
i n t i ; 

assert  (myself); 

assert  (myse l f->magi c ==  PKEM0DMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

size  = makePkeMaxSize(pubkey,  context->version)+3; 
if  ( c on t e x t -> bu f l e n < size)  f 

p = (byte  *)pgpMemRealloc(context->buf,  size); 
if  ( ! p) 

return  PG P E R R_N0M E M ; 
context->buf  = p; 
context->buf  len  = size; 

> 

i = ma k e P k e ( c o n t e x t -> b u f +3 , pubkey,  rng, 

context->key,  context->key  len,  context->version); 

if  ( i < 0) 

return  i ; 

if  ( c o n t e x t -> v e r s i o n > PG PV E R S I 0N_2_6 ) f 
if  ( PKTLEN  ONE  BYTE(i))  { 
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context->buf Cl ] = P KT B Y T E_B U I L D_N E W ( P KT B Y T E_E  S K ) ; 
c on t e x t -> bu f C 2 ] = PKTLEN_1 BYTE ( i ) ; 
p = context->buf+1; 
size  = (size_t)i  + 2; 

> else  C 

context->buf CO]  = PKTB Y T E_B U I L D_N E W ( PKTB Y T E_E S K ) ; 
context->bufC1 ] = P KT  L E N_B  YTEOCi ) ; 
context->bufC2]  = PKT L E N_B Y T E 1 ( i ) ; 
p = context->buf; 
size  = (size_t)i  + 3; 

> 

} else  C 

ft  i f 0 

/*  PGP  2.X  wants  to  see  2 byte  Length  field  */ 

i f ( i < 256)  C 

context->buf Cl ] = P KT  B Y T E_B  U I L D ( P KT B Y T E_E S K , 0); 
context->bufC2]  = (byte)i; 
p = context->buf+1; 
size  = (siz  e_t ) i + 2 ; 

> else  O 


ft  e nd  i f 

context->buf CO]  = P KT  B Y T E_B  U I L D ( P KT B Y T E_E S K , 1); 
context->bufC1]  = (byte)(i  >>  8 ) ; 
context->bufC2]  = (byte)i; 
p = context->buf; 
size  = (siz  e_t ) i + 3 ; 


if  ( pg p J o i nBu f f e r ( c o n t e x t -> t a i l , p,  size)  !=  size) 
return  P G P E R R_N 0 M E M ; 


} 


return  0; 


struct  PgpPipeline  ** 
pgpPkeCreate  (struct  PgpPipeline 
s i z e_t  key  l en ) 


{ 


struct  PgpPipeline  *mod, 
struct  Context  *context; 
byte  *buf; 


**head,  PgpVersion  version, 

*joinhead  = NULL,  * * t a i l ; 


byte  const  *key. 


assert  (key); 


if  ( ! h e a d ) 

return  NULL; 


context  = (struct  Context  * ) pgpMemA  l l oc  (sizeof  (*context)  ) ; 
if  ( ! context) 

return  NULL; 

mod  = (struct  PgpPipeline  *)pgpMemAlloc  (sizeof  (*mod)  ) ; 
if  ( ! mod)  C 

pgpMemFree  (context); 
return  NULL; 

> 

tail  = pgpJoinCreate  (Sjoinhead,  SpgpByteFifoDesc); 
if  ( ! tai  l ) ( 

pgpMemFree  (context); 
pgpMemFree  (mod); 
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return  NULL; 

> 

but  = (byte  *)pgpMemAlloc  (keylen); 
if  ( ! b u f ) { 

pgpMemFree  (context); 
pgpMemFree  (mod); 
joinhead->teardown  (joinhead); 
return  NULL; 

> 

memcpy  (but,  key,  keylen); 

mod->magic  = PKEMODMAGIC; 
mod->wri te  = Write; 
mod->flush  = Flush; 
mod->sizeAdvise  = SizeAdvise; 
mod-> a n n o t a t e = Annotate; 
mod-> t e a rd o w n = Teardown; 
mod->name  = "PKE  Module"; 
mod->priv  = context; 

memset  (context,  0,  sizeof  (*context)); 
context->key  = buf; 
c o n t e x t -> k e y l e n = keylen; 
context->version  = version; 

context->tail  = joinhead; 

*tail  = *head; 

*head  = mod; 
return  tail; 
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pkemod.h 

/ * 

* pkemod.h  --  A Module  to  create  Public  Key  Encrypted  packets 

★ 

* This  is  a Public  API  Function  Header. 

★ 

* $Id:  pkemod.h, v 1.14  1996/11/12  02:18:01  mhw  Exp  $ 

* / 

# i f n d e f PGP_PKEMOD_H 

# d e f i n e PGP_PKEM0D_H 

#include  " pg p / u s ua l s . h " 

struct  PgpPipeline; 

# i f n d e f T Y P E_P G P P I P E L I N E 

# d e f i n e T Y P E_PG P P I P E L I N E 1 

typedef  struct  PgpPipeline  PgpPipeline; 
if  e nd  i f 

struct  PgpRandomContext; 

# i f n d e f T Y P E_PG P R A N D 0 M C 0 N T E X T 

# d e f i n e TYPE_PGPRAND0MC0NTEXT  1 

typedef  struct  PgpRandomContext  PgpRandomContext; 
if  e n d i f 

struct  PgpPubKey; 

# i f nd  e f TYPE_PGPPUBKEY 

# d e f i n e T Y P E_P  G P P U B K E Y 1 

typedef  struct  PgpPubKey  PgpPubKey; 

#endi  f 

/ * 

* Create  a module  to  output  PKE  packets.  The  key  is  a block  of  data 

* of  size  keylen  which  is  the  session  key  and  cipher  type  which  should 

* be  encrypted  in  the  public  keys  of  the  recipients. 

*/ 

struct  PgpPipeline  ** 

pgpPkeCreate  (struct  PgpPipeline  **head,  PgpVersion  version,  byte  const  *key, 
s i z e_t  keylen); 


/* 

★ 

Encrypt  the 

session 

key  i 

n 

the  passed-i 

n public 

key 

and  add 

that 

★ 

to  the  PKE 

list.  This  w i 

l l 

return  0 on 

success 

o r 

an  error 

code  . 

★ 

★ 

Note:  Once 

any  data 

is  wr 

itten  to  this 

modu  l e. 

no  more  publi 

c 

★ 

keys  can  be 

added  . 

C a l l i 

ng 

this  functi 

on  after 

any 

data  has 

been 

* 

* / 

written  will  always 

return 

an  error. 

int  pgpPkeAddKey  (struct  PgpPipeline  *myself,  struct  PgpPubKey  const  *pubkey, 
struct  PgpRandomContext  const  * r n g ) ; 

#end i f /*  PGP  PKEMOD  H */ 
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file/ 
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.cvsignore 

Makefile  DONE 


— 


lib/ pgp/ pipe/file/ Makefile. in 


Makefile.in 

# 

# lib/pipe/file 

n 

ft  $ I d : Makefi  le  . i n,v  1.1  3 1 996/1  1 / 1 2 02:1  8:01  mhw  Exp  $ 

U 

LOCALINCLUDES=  - I ../../ i n c L u d e 

OBJS=  armor. o armorfil.o  filemod.o  crc.o  header. o parseasc.o  radix64.o 

PUBHDRS=  armor. h armorfil.h  filemod-h  header. h parseasc.h 

PRIVHDRS= 

all::  DONE 
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makefile.msc 

C F L A G S = -I..\..\..\..\include  -I..\..\..\include  \ 
-I . . \ . . \ . . \ . . -DHAVE_CONFIG_H  $(DEBUG) 

P G P L I B = . .\.  .\.  . \ pgp  L i b . Lib 

all::  Lib 

headers:  incL 

lincLude  " m a k e f i L e . i n " 


i n c L : 

if  not  "$(PUBHDRS)"==""  \ 

for  %f  in  ( $(PUBHDRS)  ) do  copy  %f  ..\..\..\..\incLude\pgp 
if  not  "$ ( PRI  VHDRS  ) " = = " " \ 

for  %f  in  ( $(PRIVHDRS)  ) do  copy  %f  . . \ \ . \inc Lude 

DOB J S=  $ ( OB J S : . o=  . ob j ) 

Lib:  $(DOBJS) 

. c . o b j : 

$(CC)  $(CFLAGS)  -11  -c  $< 

Lib  /out  : $( PGPLIB)  $(PGPLIB)  $*.obj 

c L e a n : 

d e L * . o b j 

DONE  : 

if  exist  $(PGPLIB)  Lib/out:$(PGPLIB)  $(PGPLIB)  $(DOSOBJS) 
if  not  exist  $(PGPLIB)  L i b / o u t : $ ( P G P L I B ) $(DOSOBJS) 
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armor.c 


/* 

* armor.c  --  a module  to  perform  Ascii  Armor 

* 

* Written  by:  Derek  Atkins  < w a r l o r d 3 M I T . E D U > 

* 

* $Id:  armor. c,v  1.57  1996/11/12  02:18:02  mhw  Exp  $ 
*/ 

ZHfdef  HAVE  CONFIG  H 


^include 
#end  i f 

" c o n f i g . h " 

# i nc  l ude 

<assert.h> 

//include 

< s t d i o . h > 

U i nc  l ude 

"armor.h" 

//include 

"crc.h" 

//include 

"pktbyte.h’' 

//include 

"radix64.h" 

//include 

"pgp/annotate.h 

//include 

"pgp/fifo.h" 

^include 

"pgp/hash.h" 

//include 

"pgp/join.h" 

//include 

"pgp/pgpmem.h" 

//include 

"pgp/pgpenv  . h" 

//include 

"pgp/pipeline.h 

//include 

"pgp/ random  . h" 

//include 

"pgp/usuals.h" 

//define  ARMORMAGIC  0xa4904f11 


struct 


Context 

struct 

struct 

struct 

struct 


PgpPipeline  * t a i l ; 
PgpFifoDesc  const  * f d ; 
PgpFifoContext  * f i f o ; 
PgpFifoContext  * header; 


unsigned 

long  crc; 

unsi gned 

long  armorlines 

unsigned 

long  lineno; 

unsigned 

thispart; 

unsigned 

maxparts; 

i n t 

scop  e_d  e p t h ; 

byte 

inputC48D;  /* 

char 

outputC65];  /* 

char  * 

outpt  r; 

char 

char 

char 

char 


const 

const 

const 


messageid; 
* 

* 

★ 


Maximum 

Maximum 


/ * This  is 


PgpVersi on 


blocktype; 

comment; 

charset; 

version; 


byte  inlen; 

byte  outlen; 

byte  clearsign; 

byte  didheader; 

byte  didfooter; 

byte  sizevalid; 

byte  state; 


48  bytes  * / 
63  buyes  + 

allocated  i 


r and/or  \n  * / 
create  * / 
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>; 


byte  linebuf; 


/* 

* Armor  3 raw  bytes  into  4 

* If  armoring  n < 3 bytes,  make  the  trailers  zero,  and 

* then  overwrite  the  trailing  3-n  bytes  with  '=' 

*/ 

static  void 

armorMorsel (byte  const  rawC3D,  char  armor[41) 

{ 


> 


armorlOl 
armorCI ] 
armorC23 
armor[3] 


armorTablelrawlOl  >>  2 & 0x3fH; 
armorTableKrawlO]  <<  4 & 0x30)  + (rawCI] 
armorTableKrawlI]  <<  2 S 0x3c)  + (rawC20 
armorTableCrawC20  & 0 x 3 f ] ; 


>>  4 S 0 x 0 f ) ] ; 
>>  6 S 0x03)]; 


static  void 

armorWri teClassi fy  (struct  Context  *context,  byte  const  *buf) 
{ 

if  ( c o n t e x t -> b l o c k t y p e ) 
return; 


} 


if  ( P KT  B Y T E_T  YPE(*buf)  ==  PKT B Y T E_P U B K E Y ) 
c on t e x t -> b l o c k t y pe  = "PUBLIC  KEY" 

else 

context->blocktype  = "MESSAGE"; 


static  i n t 

armorFlushHeader  (struct  Context  *context) 

{ 

byte  const  * p t r ; 
unsigned  len; 
int  error; 
s i z e_t  r e t l e n ; 

ptr  = pgpFifoPeek  (context->fd,  context->header,  Slen); 
while  (len)  { 

ret  len  = c o n t e x t -> t a i l -> w r i t e ( c o n t e x t - > t a i l , ptr,  len, 

Serror)  ; 

pgpFifoSeek  (context->fd,  context->header,  retlen); 
if  (error) 

return  error; 

ptr  = pgpFifoPeek  ( c on t e x t -> f d , c o n t e x t -> h e a d e r , &len); 

> 

return  0; 

> 


static  void 

a r mo rMa k e H e a d e r (struct  Context  *context) 

{ 

char  temp[20]; 

pgpFifoWrite  ( c o n t e x t -> f d , c on t e x t -> h e a d e r , 

(byte  const  *)" BEGIN  PGP  ",  15); 

pgpFifoWrite  ( c o n t e x t - > f d , c on t e x t -> h e a d e r , (byte  * ) c on t e x t -> b l o c k t y p e , 
strlen  (context->blocktype)); 
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> 


i f 


> 


( c on t e x t ->ma x pa r t s ) { 

pgpFi foWri te  ( c o n t e x t -> f d , c o n t e x t -> h e a d e r , 

(byte  const  *)",  PART  ",  7); 
sprintf  (temp,  "%02u",  context->thispart); 

pgpFifoWrite  (context->fd,  c on t e x t -> h e a d e r , (byte  const  * ) temp 
strlen  (temp)); 

if  ( context->versi on  <=  PG P V E R S I 0N_2_6  || 

c o n t e x t -> t h i s pa r t ==  c on t e x t ->ma x pa r t s ) { 
pgpFifoWrite  ( c o n t e x t -> f d , c on t e x t -> h e a d e r , 

(byte  const  *)"/",  1); 
sprintf  (temp,  "%02u",  context->maxparts); 
pgpFifoWrite  ( c o n t e x t -> f d , c o n t e x t -> h e a d e r , 

(byte  const  *)temp,  strlen  (temp)); 


} 


/ 


pgpFifoWrite  ( c on t e x t -> f d , c o n t e x t -> h e a d e r , 

(byte  const  *)" \nVersion:  ",  15); 

pgpFifoWrite  ( c o n t e x t -> f d , c o n t e x t - > h e a d e r , 

(byte  const  * ) pg p L i bVe r s i on S t r i ng  , 
strlen  (pgpLibVersionString)); 

if  ( c o n t e x t ->me s s a g e i d ) { 

pgpFifoWrite  ( c o n t e x t -> f d , c o n t e x t -> h e a de r , 

(byte  const  *)"\nMessageID:  ",  12); 
pgpFifoWrite  (context->fd,  context->header, 

(byte  const  * ) c on t e x t ->me s s a g e i d , 
strlen  (context->messageid)); 

> 


if  ( c o n t e x t -> c omme n t ) i 

pgpFifoWrite  ( c o n t e x t -> f d , c on t e x t -> h e a d e r , 

(byte  const  *)"\nComment:  ",  10); 
pgpFifoWrite  ( c o n t e x t - > f d , c on t e x t -> h e a d e r , 

(byte  const  * ) c o n t e x t -> c omme n t , 
strlen  (context->comment)  ) ; 

> 


if  ( c on t e x t -> c h a r s e t ) { 

pgpFifoWrite  ( c o n t e x t -> f d , c o n t e x t - > h e a d e r , 

(byte  const  *)"\nCharset:  ",  10); 
pgpFifoWrite  ( c o n t e x t -> f d , c o n t e x t -> h e a d e r , 

(byte  const  * ) c on t e x t -> c h a r s e t , 
strlen  (context->charset)); 

> 

pgpFifoWrite  (context->fd,  context->header,  (byte  *)"\n\n",  2); 
context->di dheader  = 1; 


static  void 

armorMakeFooter  (struct  Context  *context) 

char  tempC203; 
byte  c r c C 3 ] ; 

/*  Emit  CRC,  MSB-first  */ 

crcCOD  = (byte)(context->crc  >>  16); 
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> 


crcCI]  = (byte) (context->crc  >>  8); 
c r c C 2 D = (byte)context->crc; 
armorMorsel  ( c r c , temp); 

pgpFifoWrite  ( context->f d,  context->header,  (byte  const  *)"=",  1); 
pgpFifoWrite  (context->fd,  context->header,  (byte  const  * ) t e m p , 4 ) ; 

/*  Now  emit  the  end  */ 

pgpFifoWrite  ( c o n t e x t - > f d , c on t e x t -> h e a d e r , 

(byte  const  *)"\n END  PGP  ",  14); 

pgpFifoWrite  ( c o n t e x t -> f d , c o n t e x t - > h e a d e r , 

(byte  const  * ) c on t e x t -> b L o c k t y pe , 
strlen  (context->blocktype)); 


i f 


> 


( c o n t e x t ->ma x pa r t s ) { 

pgpFifoWrite  ( c o n t e x t-> f d , c o n t e x t -> h ea d e r , 

(byte  const  *)",  PART  ",  7); 
sprintf  (temp,  "%02u",  context->thispart); 
pgpFifoWrite  ( c o n t e x t -> f d , c on t ex t -> h e a d e r , 

(byte  const  * ) t e m p , strlen  (temp)); 
if  ( c on t e x t -> v e r s i on  <=  P G P V E R S I 0 N_2_6  || 

c on t e x t -> t h i s pa r t ==  c on t e x t ->ma x pa r t s ) { 

pgpFifoWrite  ( c on t e x t -> f d , c on t e x t -> h e a d e r , 

(byte  const  *)"/",  1); 
sprintf  (temp,  "%02u",  context->maxparts); 
pgpFifoWrite  (context->fd,  context->header, 

(byte  const  *)temp,  strlen  (temp)); 


> 


pgpFifoWrite  ( c o n t e x t -> f d , c o n t e x t - > h e a d e r , 
(byte  const  *)" \n",  6); 


context->didfooter  = 1; 
context->crc  = CRC_INIT; 


static  i n t 

armorNewFi le  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context  = (struct  Context  * ) my s e l f -> p r i v ; 
int  error; 
unsigned  thispart; 

/ * 

* First,  if  we're  already  in  a part,  then  close  off  the  last 

* one. 

* / 

if  ( c o n t e x t -> t h i s pa r t ) { 

if  ( ! c o n t e x t ->d i d f o o t e r ) 

armorMakeFooter  (context); 

error  = armorFlushHeader  (context); 
if  (error) 

return  error; 

error  = context->tail->sizeAdvise  (context->tail,  0); 
if  (error) 

return  error; 
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> 


> 


error  = c o n t e x t -> t a i l -> a n n o t a t e 

if  (error) 

return  error; 


( c on t e x t -> t a i l , myself, 

P G P A N N_M  ULTIARMO  R_E  N D , 0,  0); 


thispart  = context->thispart+1; 

error  = c o n t e x t -> t a i l -> a n n o t a t e ( c o n t e x t -> t a i l , myself, 

PG  P A N N_M  ULTIARMO  R_B  E G I N , 
(byte  const  *)&thispart, 
sizeof  (thispart)); 

if  (error) 

return  error; 


context->thi spart++; 
context->di dheader  = 0; 
context->di df ooter  = 0; 
context-Hineno  = 0 ; 

/*  And  give  it  an  appropriate  header  */ 
armorMakeHeader  (context); 

return  0; 


/* 

* The  method  here  to  do  the  armoring  is  somewhat  tricky. 

* Most  lines  just  have  inlen  = 48  which  maps  to  48*4/3  = 64 

* output  characters.  But  the  last  line  has  a short  inlen. 

* This  leads  to  a truncated  last  group,  which  looks  like  one  of: 

* xx==  (if  the  last  group  contains  1 byte  - 4 bits  of  padding  are  zero) 

* xxx=  (if  the  last  group  contains  2 bytes  - 2 bits  of  padding  are  zero) 

* xxxx  (if  the  last  group  contains  3 bytes) 

* To  do  this,  we  make  sure  that  we've  added  an  extra  0 byte  to  the 

* end  of  the  input,  then  encode  it  in  blocks  of  3 bytes,  then  note  by 

* how  much  the  encoding  overshot  the  input  length,  len  - inlen. 

* This  is  2,  1,  or  0.  Overwrite  that  many  trailing  characters  with  '='. 

* Then  a newline  can  be  appended  for  output. 

*/ 

static  i n t 

armorLi ne  (byte  const  *in,  unsigned  inlen,  char  *out) 

{ 

unsigned  len; 
int  t; 

char  const  *out0  = out; 

/*  Fill  the  output  buffer  from  the  input  buffer  */ 
for  (len  = 0;  len  < inlen;  len  +=  3)  { 
armorMorsel  (in,  out); 
in  + = 3 ; 
out  + = 4 ; 

> 

/*  Now  back  up  and  erase  any  overrun  */ 

t = (int) (inlen  - len);  /*  Zero  or  negative  */ 

while  ( t ) 

outCt++D  = '='; 

return  (out  - outO); 
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> 

static  void 

armorProcessLine  (struct  Context  *context) 

{ 

/ * Update  CRC  * / 

context->crc  = crcUpdate  ( c o n t e x t -> c r c , c on t e x t -> i n pu t , 

context->inlen); 

/*  Apply  padding  so  that  we  can  overshoot  */ 
if  ( c o n t e x t -> i n l e n < sizeof  ( c on t ex t -> i n pu t ) ) 
context->input[context->inlenl  = 0; 

/*  Refill  the  output  buffer  from  the  input  buffer  */ 
c o n t e x t -> o u t l e n = armorLine  ( c o n t e x t - > i n p u t , c o n t e x t -> i n l e n , 

context->output); 

context->output  [context->outlen++]  = ' \ n 1 ; 

context->outptr  = context->output; 
context->inlen  = 0 ; 

> 


static  i n t 

Flush  (struct  PgpPipeline  * m y s e l f ) 

{ 

struct  Context  *context; 
int  error; 
s i z e_t  r e t l e n ; 

assert  (myself); 

assert  (myself->magic  ==  ARMORMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

/*  Try  to  flush  anything  that  we  have  buffered.  */ 
while  ( c o n t e x t -> o u t l e n ) { 

retlen  = c on t e x t -> t a i l -> w r i t e ( c o n t e x t -> t a i l , 

(byte  * ) c o n t e x t -> o u t p t r , 
context->out  len, 

Serror); 

context->outlen  - = retlen; 
c o n t e x t -> o u t p t r +=  retlen; 

if  ( ! c o n t e x t - > o u t l e n ) 

context->  l i neno  + + ; 


> 


if  (error) 

return  error; 


> 


return  0; 


/ * 

* First,  try  to  flush  out  the  output  buffer.  Once  that  is  empty, 

* refill  the  output  buffer  from  the  input  buffer,  append  a newline, 

* and  set  the  input  buffer  to  0 input.  Then  try  to  write  that  out. 
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* too. 

*/ 

static  int 

DoFlush  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context  = (struct  Context  *)myself->priv; 
int  error  = 0 ; 

/ * 

* Try  to  flush  anything  that  we  have  buffered.  I know  that 

* the  first  time  Flush  is  called,  outlen  WILL  be  zero! 

* / 

error  = Flush  (myself); 
if  (error) 

return  error; 

/*  Next,  try  to  output  anything  in  the  header  fifo  */ 
error  = armorFlushHeader  (context); 
if  (error) 

return  error; 


/*  Finally,  process  the  input  buffer  and  flush  it  out  again  ★ / 
if  ( c o n t e x t -> i n l e n ) { 

armorProcessLine  (context); 
error  = DoFlush  (myself); 

> 


> 


return  error; 


/* 

* Write  a single  line. 

* / 


static  si z e_t 
armorWri teBytes 


(struct  PgpPipeline  *myself,  byte 
int  *error) 


struct  Context  *context  = (struct  Context 
si ze_t  sizeO  = size; 
unsigned  t; 


const  * bu  f , size 


*)myself->priv; 


t 


/ * 

* Try  to  flush  anything  that  we  have  buffered.  I know  that 

* the  first  time  Flush  is  called,  outlen  WILL  be  zero! 

*/ 


★error  = Flush 

(myself); 

i f 

(★error) 

return 

0; 

/* 

try  to  fill 

up  the  input  buffer  */ 

t = min  ((sizeof  ( context->i nput ) - context->inlen),  size); 
memcpy  (context->input  + context->inlen,  buf,  t); 
b u f + = t ; 
size  -=  t ; 

context->inlen  +=  t; 


size. 


/*  If  we've  filled  it  up,  then  flush  it  out  */ 
if  ( c o n t e x t -> i n l e n ==  sizeof  ( c on t e x t -> i n pu t ) ) { 
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armorWriteClassify  (context,  context->i nput  ) ; 


/ * 


★ 

check  if 

we  need  a 

new  file. 

This  is 

called  if  we 

★ 

exceed  armorlines. 

or  when  we 

do  have 

multiparts  and  we  do 

★ 

★ / 

not  have 

a current 

part. 

if  ( c o n t e x t -> a rmo r L i n e s &&  ( c o n t e x t -> L i n e n o >= 

c o n t e x t -> a rmo r L i n e s |j 
! c o n t e x t -> t h i s pa r t ) ) C 

/ * 

* Set  maxparts  to  -1  if  this  _i s_  multipart  armor 

* using  one-pass  processing. 

* / 

if  ( c on t ex t -> v e r s i on  > PG PV E R S I 0N_2_6  88 

! c on t e x t ->ma x pa r t s SS  ! c o n t e x t -> s i z e v a l i d ) 
c o n t e x t ->ma x pa r t s = -1; 


> 


★error  = armorNewFile  (myself); 
if  (*error) 

return  sizeO-size; 


if  ( ! c o n t e x t ->d i d h e a d e r SS  c on t e x t -> i n l e n ) 
armorMakeHeader  (context); 


> 


★error  = DoFlush  (myself); 
if  (*error) 

return  sizeO-size; 


return  sizeO-size; 

> 

/ * 

★ Minimally  perform  a DoFlush(),  but  try  to  flush  the  fifo,  too! 

★ 

* If  c on t e x t -> v e r s i on  > PG P VE R S I 0N_2_6  then  we  only  start  writing 

* things  out  c o n t e x t -> a r m o r l i n e s ==  0 or  when  we  have  a full  block 

* worth  of  data  (48  * ( c o n t e x t -> a r mo r l i n e s - c o n t e x t -> l i n e no ) ) . If 

* c on t e x t -> s i z e va  l i d ==  2,  we  have  an  EOF  and  should  flush  the  rest 

* of  the  fifo  regardless. 

* / 

static  int 

a rmo r F l u s h F i f o (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context  = (struct  Context  *)myself->priv; 
byte  const  *ptr; 
unsigned  len; 
s i z e_t  ret len; 
int  error; 

ptr  = pgpFifoPeek  (context->fd,  context->fifo,  Slen); 
while  (len)  { 

if  ( c on t e x t -> v e r s i on  > PG PVE R S I 0N_2_6  88 
c o n t e x t -> s i z e v a l i d < 2 88 
c o n t e x t -> a rmo r l i n e s 88 

pgpFifoSize  ( c o n t e x t -> f d , c o n t e x t -> f i f o ) < 48  * 
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( context-> L i neno  == 
context->armorlines 
(context->armorlines 
return  0; 

retlen  = armorWri teBytes 
pgpFifoSeek  ( c on t e x t -> f d , 
if  (error) 

return  error; 


c o n t e x t -> a r m o r l i n e s ? 

- context->li neno)  ) ) 

(myself,  ptr,  len,  Serror); 
context->fifo,  retlen); 


} 


ptr  = pgpFifoPeek  (context->fd,  context->fifo,  Slen); 
return  0 ; 


/* 

* This  is  the  function  that  processes  a c lea  rsi gned  message. 

* context->state  to  tell  it  what  it  is  doing: 

* 0)  at  the  beginning  --  check  it 

* 1)  middle  of  line,  pass  it  through 

* 2 ) end  of  line  with  \r  — check  next  character  for  \n  * / 
static  s i z e_t 

armorDoClearsign  (struct  PgpPipeline  *myself,  byte  const  *buf, 

int  * e r r o r ) 


( 


It  uses 


s i z e_t  size. 


struct  Context  *context  = (struct  Context  *)myself->priv; 

size_t  written,  sizeO  = size; 

byte  const  * p t r ; 

byte  const  from [5  = "From  "; 


int  i , 

t , flag; 

while 

(size)  { 

if  ( c on t e x t -> s t a t e ==  2)  ( 
context->state  = 0; 
if  ( * bu  f ==  '\n')  { 
ptr  = buf+1; 
goto  d o_w  rite; 

} 

> 


/ * 

* Here,  we  check  the  beginning  of  the  line.  We  use  the 

* flag  to  denote  what  we've  f o und  / bu f f e r ed  : 

* 0)  nomatch 

* 1)  full  match 

* 2)  partial  match  (and  we  buffered  data) 

* / 

if  ( ! c on t ex t -> s t a t e ) ( 
flag  = 0 ; 


i f 

( ! context->linebuf) 

/ * 

nothing  is 

buffered 

i f 

( *buf  ==  ' - 

' ) 

flag  = 

i; 

> 

i f 

( ! f lag) 

t = min  (5,  size  - context->linebuf); 
for  (i  = 0;  i < t;  i++) 

if  (bufCiD  !=  f r omC c on t ex t->  l i nebu f + 
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do  write: 


i D ) { 

pgpFi foWri te 

(context ->fd, 
context -> header, 
context->i n pu  t , 
context->linebuf); 
context->  L i nebuf  = 0; 
break; 

> 

if  ( i - - t ) { 

/*  We  matched  the  whole  input  buffer  */ 
if  (i  + c on t e x t ->  l i n e b u f ==  5) 
flag  = 1 ; 


else  { 


memcpy  ( c on t e x t -> i n pu t + 

c on t e x t -> l i n e bu f , buf, 
t ) ; 

c on t ex t -> l i n e bu f +=  t; 
size  -=  t ; 
buf  +=  t ; 
flag  = 2 ; 


if  (flag  ==  1 ) { 

pgpFifoWrite  ( c on t e x t -> f d , c o n t e x t -> h e a d e r , 
(byte  const  *)"-  ",  2); 

if  ( c o n t e x t ->  l i n e b u f ) f 

pgpFifoWrite  ( c o n t e x t -> f d , 

context->header, 
context->i nput, 
context-> l i nebuf ) ; 
context->linebuf  = 0; 

> 


if  (flag  !=  2) 

c o n t e x t -> s t a t e = 1; 


★error  = armorFlushHeader  (context); 
if  (*error) 

return  sizeO  - size; 


for 


> 


( p t r = 
i f 


> 


buf;  ptr  < buf+size;  ptr++)  { 
(*ptr  ==  ' \ r ' ||  *ptr  ==  '\n') 

c on t ex t -> s t a t e = (*ptr++ 

2:0; 

break; 


1 \ r ' ) ? 


written  = c o n t e x t -> t a i l -> w r i t e ( c o n t e x t -> t a i l , buf, 

ptr-buf,  error); 

buf  +=  written; 
size  - = written; 
if  (*error) 

return  sizeO  - size; 
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> 


return  sizeO  - size; 

> 

static  s i z e_t 

Write  (struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  i 

struct  Context  *context; 
si ze_t  retval,  written  = 0; 

assert  (myself); 

assert  (myself->magic  = = ARMORMAGIC); 
assert  (error); 

context  = (struct  Context  * ) my s e l f -> p r i v ; 
assert  (context); 
assert  (context->tail); 


i f 


> 


( c o n t e x t -> o u t l e n ) C 

★error  = DoFlush  (myself); 
if  (*error) 

return  0; 


if  (context->clearsign) 

return  armorDoClearsign  (myself,  buf,  size,  error); 

if  ( ! context->s i zeva  l i d ||  c on t e x t -> v e r s i on  > PG PV E R S I 0N_2_ 
written  = pgpFifoWrite  ( c o n t ex t -> f d , c on t ex t -> f i f o , 


> 


if  ( con t ex t->ve r s i on  <=  PG P V E R S I 0N_2_6 ) 
return  written; 


} 


★error  = armorFlushFifo  (myself); 

if  (*error  ||  c on t e x t -> v e r s i o n > PG PV E R S I 0N_2_6 ) 
return  written; 

/*  Try  to  write  all  the  data  we  were  given  * / 
do  { 

retval  = armorWri teBytes  (myself,  buf,  size,  error) 

written  + = retval; 

buf  + = retval; 

size  - = retval; 

if  (*error) 

return  written; 

> while  (size); 
return  written; 


static  i n t 

Annotate  (struct  PgpPipeline  *myself,  struct 
byte  const  *string,  size_t  size) 


C 


struct  Context  *context; 
int  error  = 0; 


PgpPipeline  *origin. 


l 


★error) 


6)  { 

buf,  size); 


n t type. 
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> 


assert  (myself); 

assert  (myself->magic  ==  ARMORMAGIC); 


context  = (struct  Context  *)myself->priv; 
assert  (context); 


if  (context->tail) 

error  = c o n t e x t - > t a i l -> a n n o t a t e ( c o n t e x t - > t a i l , origin, 

string,  size); 


if  ('.error) 

PGP_SCOPE_DEPTH_UPDATE ( c o n t e x t -> s c o p e_d e p t h , type)  ; 
a s s e r t ( c o n t e x t -> s c o pe_d e p t h !=  -1); 
return  error; 


type. 


static  i n t 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 
( 

struct  Context  *context; 
int  error  = 0; 
unsigned  long  total; 

assert  (myself); 

assert  (myself->magic  ==  ARMORMAGIC); 


context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  ( c o n t e x t -> t a i l ) ; 


/*  Only  handle  bytes  until  EOF  */ 
if  ( c o n t e x t -> s c op e_d e p t h ) 
return  0; 


/*  Then  compute  maxparts  */ 
if  ( ! c on t e x t -> s i z e va  l i d ) C 

if  ( c on t e x t -> a rmo r l i n e s ) C 

total  = bytes  + pgpFifoSize  ( c on t e x t -> f d , 

context->fifo); 


> 


if  ( c o n t e x t -> v e r s i o n > PG PV E R S I 0N_2_6  && 
c on t e x t -> t h i s pa r t ) C 

total  +=  48  * c o n t e x t -> a rmo r l i n e s * 
(context->thi spart  - 1); 
total  +=  48  * c on t e x t ->  l i n e no ; 

> 

/ * 48  bytes  / line  */ 

context->maxparts  = total  / (context->armorlines  * 48); 
if  ( c on t e x t->ma x pa r t s ) 

context->maxparts++; 


> 

context->sizevalid  = 1; 
if  (bytes) 

return  0;  /*  dont  handle  any  more  non-zero  sizeAdvises  */ 


/*  This  is  the  end  */ 
context->sizevalid  = 2; 
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/*  Clear  out  the  clearsign  buffer,  if  we  have  it. 
if  ( con  t ex  t->  c l ea  r s i gn  &&  c o n t e x t ->  l i n e bu  f ) -C 

pgpFifoWrite  (context->fd,  context->header 
context->linebuf); 
context->linebuf  = 0 ; 

> 


> 


error  = armorFlushFifo  (myself); 
if  (error) 

return  error; 


error  = DoFLush  (myself); 
if  (error) 

return  error; 

if  ( ! c o n t e x t -> c l e a r s i g n ) { 

armorMakeFooter  (context); 

/ * Set  clearsign  so  we  don't  emit  another 
context->clearsign  = 1 ; 


> 


error  = DoFlush  (myself); 
if  (error) 

return  error; 


if  (context->tail) 

error  = c o n t e x t -> t a i l - > s i z e Ad v i s e (context 
return  error; 


static  void 

Teardown  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert  (myself); 

assert  (myself->magic  = = ARMORMAGIC) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

if  (context->tail) 

context->tai l->teardown  (context->tai  l ) ; 

pg p F i f o D e s t r oy  ( c o n t e x t -> f d , c o n t e x t -> f i f o ) ; 
pgpFifoDestroy  (context->fd,  context->header); 
if  ( c on t e x t ->me s s a g e i d ) 

pgpMemFree  (context->messageid); 
memset  (context,  0,  sizeof  (*context) ); 
pgpMemFree  (context); 

memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 

> 

#de  f i ne  A T Y P E_N 0 R M A L 0 
#def i ne  A T Y P E_C L E A R S I G 10 
#define  ATYPE  SEPSIG  20 


* / 

, context->input. 


CRC  */ 


- > t a i l , bytes); 
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static  struct  PgpPipeline  ** 

armorDoCreate  (struct  PgpPipeline  **head,  struct  PgpEnv  const  *env, 

PgpVersi on  version,  struct  PgpFifoDesc  const  *fd, 

struct  Pg p Ra ndom C on t e x t const  *rc,  unsigned  long  armorlines, 

int  armortype,  byte  const  *hashlist,  unsigned  hashlen) 

{ 

struct  PgpPipeline  * m o d ; 

struct  Context  *context; 

struct  PgpFifoContext  * f i f o ; 

struct  PgpFifoContext  *header; 

char  *m i d ; 

byte  messageC243; 

int  l e n ; 

if  ( ! h e a d ) 

return  NULL; 

assert  ( f d ) ; 

context  = (struct  Context  OpgpMemAlloc  (sizeof  (*context)  ) ; 
if  (! context) 

return  NULL; 

mod  = (struct  PgpPipeline  OpgpMemAlloc  (sizeof  (*mod)); 
if  ( ! mod  ) C 

pgpMemFree  (context); 
return  NULL; 

> 

fifo  = pgpFifoCreate  (fd); 
if  ( ! f i f o ) C 

pgpMemFree  (context); 
pgpMemFree  (mod); 
return  NULL; 

> 

header  = pgpFifoCreate  (fd); 
if  ( ! header)  { 

pgpFifoDestroy  (fd,  fifo); 
pgpMemFree  (context); 
pgpMemFree  (mod); 
return  NULL; 

> 

mid  = (char  *)pgpMemAlloc  (((4*(sizeof(message)+3))/3)+1); 
if  ( ! m i d ) { 

pgpFifoDestroy  (fd,  fifo); 
pgpFifoDestroy  (fd,  header); 
pgpMemFree  (context); 
pgpMemFree  (mod); 
return  NULL; 

> 

mod->magic  = ARMORMAGIC; 

mod->write  = Write; 

mod->flush  = Flush; 

mod->si zeAdvi se  = SizeAdvise; 

mod->annotate  = Annotate; 

mod->teardown  = Teardown; 

mod->name  = "ASCII  Armor  Write  Module"; 

mod->priv  = context; 
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memset  (context,  0,  sizeof  (*context)); 
context->outptr  = context->output; 
context->armorli nes  = armorlines; 
context->crc  = CRC_INIT; 
context->fd  = f d ; 
context->fifo  = fito; 
context->header  = header; 
context->versi on  = version; 
c on t e x t -> c omme n t = pg p e n vG e t S t r i n g (env. 


PG  P E N V_C 0 M M E N T , NULL,  NULL); 


/*  Create  a random  message  id  */ 
if  ( r c ) { 

pgpRandomGetBytes  (rc,  message,  sizeof  (message)); 
Len  = armorLi ne  (message,  sizeof(message),  mid); 
midtlenD  = ' \ 0 ' ; 
context->messageid  = mid; 

> else 

pgpMemFree  (mid); 


if  (armortype  ==  AT Y P E_C L E A R S I G ) { 

# d e f i n e CLRSIGN  " BEGIN  PGP  SIGNED  MESSAGE 

int  dohash=0; 

struct  PgpHash  const  * h a s h ; 


pgpFifoWrite  (fd,  header,  (byte  const  OCLRSIGN, 
strlen  (CLRSIGN)); 
context->clearsign  = 1; 
context->armorlines  = 0; 


/ * 

* Now  deal  with  multiple  hash  types.  If  we  don't  specify 

* the  hash  type,  or  the  only  hash  used  is  MD5,  then  ignore 

* the  Hash  header.  Otherwise,  we  should  print  the  out 

* / 

if  (lhashlen  ||  (hashlen  ==  1 &&  *hashlist  ==  PGP__HASH_MD5 ) ) 
goto  c l e a r s i g_e  n d ; 

pgpFifoWrite  (fd,  header,  (byte  const  *)"\nHash:  ",  7); 
while  (hashlen--)  { 

hash  = pgpHashByNumber  (*hashlist++); 
if  (hash)  { 

if  (dohash) 

pgpFifoWrite  (fd,  header, 

(byte  const  *)",  ",  2); 
pgpFifoWrite  (fd,  header, 

(byte  const  * ) h a s h -> na me , 
strlen  (hash->name)); 

dohash  = 1 ; 

> 


> 


c l ea  r s i g_end : 

pgpFifoWrite  (fd,  header,  (byte  const  *)"\n\n" , 2); 

> 

if  (armortype  ==  AT Y P E_S E P S I G ) 

context->blocktype  = "SIGNATURE"; 


context->tail  = *head; 

*head  = mod; 

return  &context->tail; 
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struct  PgpPipeLine  ** 

pgpArmorWri teCreate  (struct  PgpPipeLine  **head,  struct  PgpEnv  const  *env, 

struct  PgpFifoDesc  const  *fd, 

struct  Pg p Ra nd om C on t e x t const  *rc,  PgpVersion  version, 
byte  armortype) 

{ 

i n t type; 

unsigned  Long  armorLines; 

if  ( ! h e a d ) 

return  NULL; 

if  (armortype  ==  PG P_A RMO R_N 0 RM A L ) 
type  = A T Y P E_N  0 R M A L ; 
eLse  if  (armortype  ==  PG P_A RMO R_S E P S I G ) 
type  = ATYPE_SEPS IG; 

eLse 

return  NULL; 

armorLines  = pgpenvGetlnt  (env,  PG P E N V_A R MO R L I N E S , NULL,  NULL); 

return  (armorDoCreate  (head,  env,  version,  fd,  re,  armorLines, 

type,  NULL,  0)); 

> 

struct  PgpPipeLine  ** 

pg p A r mo r W r i t e C r e a t e C L e a r s i g (struct  PgpPipeLine  **texthead, 

struct  PgpPipeLine  **signhead, 
struct  PgpEnv  const  *env, 
struct  PgpFifoDesc  const  *fd, 

PgpVersion  version,  byte  *hashList, 
unsigned  hashLen) 
i 

struct  PgpPipeLine  *txthead  = NULL,  *sighead  = NULL; 
struct  PgpPipeLine  **joinhead,  **sigtaiL,  * * t a i L ; 
struct  Context  *context; 

if  (Itexthead  ||  isignhead) 
return  NULL; 

joinhead  = armorDoCreate  (Stxthead,  env,  version,  fd,  NULL,  0, 

AT YPE_C LEARS IG,  hashList,  hashLen); 

if  (Ijoinhead) 

return  NULL; 

t a i L = pgpJoinCreate  (joinhead,  fd); 
if  ( ! t a i L ) { 

t x t h e a d-> t e a rd o w n (txthead); 
return  NULL; 

> 


sigtaiL  = armorDoCreate  (Ssighead,  env,  version,  fd,  NULL,  0, 

A T Y P E_S  E P S I G , NULL,  0); 

if  (IsigtaiL)  { 

txthead->teardown  (txthead); 
return  NULL; 

> 
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/*  Add  the  charset  used  when  generating  the  clearsigned  message 
context  = (struct  Context  *)sighead->priv; 
assert  (context)  ; 

c o n t e x t -> c h a r s e t = pg pe n vG e t S t r i n g (env,  PG P E NV_C H A R S E T , NULL, 

* s i g t a i l = pgpJoinAppend  (*joinhead); 
if  (!*sigtail)  C 

txthead->teardown  (txthead); 
sighead->teardown  (sighead); 
return  NULL; 

> 

pgpJoinBuffer  (*sigtail,  (byte  *)"\n",  1); 

★texthead  = txthead; 

★signhead  = sighead; 
return  tail; 


* / 

NULL) ; 
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armor.h 

/* 

* armor.h  --  Create  an  armor  write  module 

* 

* Written  by:  Derek  Atkins  <warlord3MIT. EDU> 

★ 

* $ I d : armor. h,v  1.24  1 996/1  1 /1  2 02:1  8:02  mhw  Exp  $ 

*/ 

//ifndef  P G P_A  R M 0 R_H 

# d e f i n e P G P_A  R M 0 R_H 

//include  " pg p / u s u a l s . h " 

struct  PgpPipeline ; 

//ifndef  T Y P E_PG P P I P E L I N E 
//define  T Y P E_PG  P P I P E L I N E 1 
typedef  struct  PgpPipeline  PgpPipeline; 
ft  e n d i f 

struct  PgpFifoDesc; 

//ifndef  T Y P E_PG  P F I F 0 D E S C 

//define  T Y P E_PG  P F I F 0 D E S C 1 

typedef  struct  PgpFifoDesc  PgpFifoDesc; 

# e n d i f 

struct  PgpRandomContext; 

# i f nd  e f TYPE_PGPRANDOMCONTEXT 
//define  T Y P E_PG P R A N D 0M C 0 N T E XT  1 

typedef  struct  PgpRandomContext  PgpRandomContext; 

//end  i f 

struct  PgpEnv; 

//ifndef  T Y P E_P  G P E N V 

//define  T Y P E_P  G P E N V 1 

typedef  struct  PgpEnv  PgpEnv; 

# e n d i f 

/ * 

* This  creates  a module  that  will  take  its  input  and  mask  it  in  ASCII 

* Armor.  The  armortype  should  be  one  of  A R M 0 R_N  0 R M A L , for  a normal 

* armor,  or  A R M 0 R_S E P S I G , which  is  a separate  signature. 

* / 

struct  PgpPipeline  ** 

pgpArmorWri teCreate  (struct  PgpPipeline  **head,  struct  PgpEnv  const  *env, 

struct  PgpFifoDesc  const  *fd, 

struct  PgpRandomContext  const  *rc,  PgpVersion  version, 
byte  armortype); 

/* 

* These  are  the  valid  armortypes 

* / 

//define  P G P_A  R M 0 R_N  0 R M A L 
//define  PG  P_A  R MO  R_S  E P S I G 

/ * 

* Create  an  armor  pipeline  for  clear  signatures.  You  should  pass  in  the 

* tail  pointers  for  the  end  of  the  text  stream  and  the  end  of  the  signature 


that  can  be  passed  into  pgpArmorWri teCreate 

0 

1 
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* stream.  This  will  return  a pointer  to  the  stream  that  will  contain  the 

* c Learsi gned  message.  Pass  in  a List  of  h a s h - 1 y pe -by t e s so  it  can  say 

* what  is  being  used. 

*/ 


struct  PgpPipeline  ** 
pgpArmorWriteCreateClearsig 


(struct  PgpP 
struct  PgpP 
struct  PgpE 
struct  PgpF 
PgpVersion 
byte  * h a s h l 


ipeline  **texthead, 
ipeline  **signhead, 
nv  const  *env, 
ifoDesc  const  * f d , 
version, 

ist,  unsigned  hashlen) 


ft  end  if  /*  P G P_A  R M 0 R H */ 
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armorfil.c 


/ * 

* armorfil.c  --  an  Armor  File  Write  module.  It  watches  for 

* annotation  scopes  and  will  open  multiple  files  if  it 

* Otherwise,  it  will  only  a single  file  when  data  is  f 

* 

* Written  by:  Derek  Atkins  <wa r l o rd3M  I T . E DU> 

* 

* $Id:  armorfil.c, v 1.13  1996/11/12  02:18:02  mhw  Exp  $ 

*/ 


# i f d e f H A V E_C  0 N F I G_H 

# i nc  l ude 
U e nd i f 

" c on  f i g . h " 

//include 

<assert . h> 

# i n c l u d e 

< s t d i o . h > 

tt  i n c l ud e 

"armorfil.h" 

#include 

"pgp/annotate.h" 

//include 

"pgp/fi  lemod.h" 

//include 

"pgp/ pgpmem.  h" 

//include 

"pgp  / pgperr  . h" 

//include 

"pgp/pgpf i l e . h" 

//include 

"pgp/pipeline.h" 

//define 

ARMORWRITEFILEMAGIC 

0xa434f 1 1 e 


struct  Context  { 

struct  PgpPipeline  * t a i l ; 

struct  PgpFile  * (*fileOpen)  (void  *arg, 

void  const  *baseName, 

void  * a r g ; 

void  const  *baseName; 
i nt  s cope_dept  h ; 

>; 


static  i n t 

Flush  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert  (myself); 

assert  ( my se  l f->mag i c ==  A R MO RW R I T E F I L E M A G I C ) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
if  (!  context -> tail) 
return  0; 

return  context->tail->flush  (context->tail); 

} 

static  int 

openFile  (struct  Context  *context,  unsigned  num) 

{ 

struct  PgpPipeline  * t a i l = NULL; 
struct  PgpFile  * f p ; 
int  error; 


MULTI  ARMOR 
occurs, 
irst  written. 


unsigned  number); 
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assert  (!context->tail); 


fp  = c o n t e x t -> f i L e 0 p e n ( c o n t e x t -> a r g , c o n t e x t -> ba s e Na me  , num) 
if  ( ! f p) 

return  PG P E R R_N 0_F I L E ; 

if  ( ! pg p F i L e W r i t e C r e a t e (&tail,  fp,  1))  { 

error  = pgpFileClose  (fp); 
if  (error) 

return  error; 
return  PG P E R R_N0M E M ; 

> 

c o n t e x t -> t a i l = tail; 
return  0; 


static  siz  e_t 

Write  (struct  PgpPipeline  *myself,  byte  const  *buf,  si ze_t  size,  int 
{ 

struct  Context  *context; 
assert  (myself); 

assert  ( my s e l f ->ma g i c ==  A R MO R W R I T E F I L E M AG  I C ) ; 
assert  (error); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 


i f 


> 


(!context->tail)  ( 

★error  = openFile  (context,  0 ) ; 
if  (*error) 

return  0; 


> 


return  c o n t e x t -> t a i l -> w r i t e (context 


static  int 

Annotate  (struct  PgpPipeline  *myself,  struct 
byte  const  *string,  si ze_t  size) 


{ 


struct  Context  *context; 
int  error  = 0; 
unsigned  num; 


>tail,  buf,  size,  error) 


PgpPipeline  *origin,  int 


(void)origin; 
assert  (myself); 

assert  ( my s e l f ->ma g i c ==  A RMO R W R I T E F I L E M AG  I C ) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

/ * See  what  we  should  do  here  * / 

switch  (type)  t 

case  P G P A N N_M  ULTIARMO  R_B  E G I N : 

assert  (!context->tail); 
assert  (size  ==  sizeof  (num)); 
num  = *( (unsigned  * ) s t r i n g ) ; 


★error) 


type. 
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error  = openFile  (context,  num); 
break; 

case  P G P A N N_M  ULTIARMOR_END : 

assert  (context->tail); 

error  = context->tail->sizeAdvise  (context->tail,  0 ) ; 
if  (error) 

return  error; 

context->tai L->teardown  (context->tai L); 

context->tail  = NULL; 

break; 

default: 

> 

if  ( lerror) 

PGP_SCOPE_DEPTH_UPDATE(context->scope_depth,  type); 
a s s e r t ( c o n t e x t -> s c op e_d e p t h !=  -1); 
return  error; 

> 

static  int 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

{ 

struct  Context  *context; 
assert  (myself); 

assert  (myself->magic  ==  ARMORWRITEFILEMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
if  (! context -> tail) 
return  0; 

return  c o n t e x t -> t a i l - > s i z e A d v i s e ( c o n t e x t - > t a i l , bytes); 

> 

static  void 

Teardown  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert  (myself); 

assert  (myself->magic  ==  ARMORWRITEFILEMAGIC)  ; 

context  = (struct  Context  * ) my s e l f -> p r i v ; 
assert  (context); 

if  (context->tail) 

context->tai l->teardown  (context->tai  l)  ; 

memset  (context,  0,  sizeof  (*context)  ) ; 
pgpMemFree  (context); 

memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 

> 

struct  PgpPipeline  * 

pg p A rmo r F i l e W r i t e C r e a t e (struct  PgpPipeline  **head, 

struct  PgpFile  * (*file0pen)  (void  *arg. 
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void  const  *baseName, 
unsigned  number), 

void  * a r g , 

void  const  *baseName) 

{ 

struct  PgpPipeline  * m o d ; 
struct  Context  *context; 

if  (!head  ||  ! f i l eOpen  ) 

return  NULL; 

context  = (struct  Context  OpgpMemAlloc  (sizeof  (*context) ) ; 
if  ([context) 

return  NULL; 

mod  = (struct  PgpPipeline  OpgpMemAlloc  (sizeof  ( * m o d ) ) ; 
if  ( ! mod  ) { 

pgpMemFree  (context); 
return  NULL; 

> 

mod->magic  = ARMORWR  ITE F I LEMAG I C; 

mod->write  = Write; 

mod->flush  = Flush; 

mod-> s i z e Ad v i s e = SizeAdvise; 

mod->annotate  = Annotate; 

mod->teardown  = Teardown; 

mod->name  = "Armor  File  Write  Module"; 

mod->priv  = context; 

memset  (context,  0,  sizeof  (*context) ); 
context->f i leOpen  = fileOpen; 
context->arg  = arg; 
context->baseName  = baseName; 

*head  = mod; 
return  mod; 
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armorfil.h 

/ * 

* armorfil.h  --  Armor  Write  File  module 

* 

* Creates  output  files  based  upon  a "name".  If  the  data  is  within  a 

* MULTIARMOR  scope,  multiple  files  will  be  opened  for  the  output. 

* Otherwise,  just  a single  file  will  be  output  when  data  is  first 

* written  into  this  module. 

* 

* Written  By:  Derek  Atkins  < w a r l o rd 3 M I T . E D U > 

* 

* $Id:  armorfil.h, v 1.8  1996/11/12  02:18:03  mhw  Exp  $ 

*/ 

# i f nd  e f PGP_ARM0R FI LE_H 
//define  PG  P_A R M 0 R F I L E_H 

struct  PgpPipeline ; 

it  i f nd  e f T Y P E_PG P P I P E L I N E 

//define  T Y P E_PG  P P I P E L I N E 1 

typedef  struct  PgpPipeline  PgpPipeline; 

//end  i f 

struct  PgpFile; 

//ifndef  T Y P E_P  G P F I L E 
//define  T Y P E_P  G P F I L E 1 
typedef  struct  PgpFile  PgpFile; 
it  e n d i f 

struct  PgpPipeline  * 

pgpArmorFi leWri teCreate  (struct  PgpPipeline  **head, 

struct  PgpFile  * (*file0pen)  (void  *arg, 

void  const  *baseName, 
unsigned  number), 

void  *arg, 

void  const  *baseName); 

//end  if  / * PGP  ARMORFILE  H * / 
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crc.c 

/* 

* crc.c  - CRC  computation  routines  (wow,  how  thrilling!) 

★ 

* Written  by  Colin  Plumb 

* 

* $Id:  crc.c, v 1.6  1996/11/12  02:18:03  mhw  Exp  $ 

★ / 

flifdef  H AV  E_C  0 N F I G_H 
^include  "config.h" 

# e nd  i f 

^include  "crc.h" 

^include  " pgp/usua  l s . h " 

/*  PRZ's  magic  24-bit  polynomial  - (x+1)  * (irreducible  of  degree  23)  */ 
^define  P0LY24  0x1864cfbu 

/ * 

* Build  the  CRC-24  table. 

* 

* A by t e-a t -a - 1 i me  CRC  table  is  simply  a table  of  the  CRCs 

* of  the  individual  bytes. 

* 

* From  basic  CRC  theory,  crc(cAy)  = crc(x)  A crc(y). 

* (A  is  XOR,  which  is  addition  to  CRCs.) 

* 

* Through  this  code,  h holds  the  CRC  of  i.  (i  is  a power  of  2.) 

* The  CRCs  of  the  values  from  i to  2 * i — 1 are  the  CRCs  of  the 

* values  from  0 to  i-1,  XORed  with  h. 

* 

* Then  when  you  get  to  2*i,  shift  h up  one  bit,  XOR  in  the  polynomail 

* if  necessary  to  get  the  right  high  8 bits,  and  continue  for  2*i 

* through  4* i - 1 . 

* 

* This  drastically  reduces  the  amount  of  b i t- t w i dd l i n g necessary 

* to  generate  a CRC  table. 

* / 

static  void 

c r c I n i t ( w o rd3 2 tableC256J) 

{ 

unsigned  i,  j; 

word32  h;  / * CRC  of  i,  where  i is  a power  of  2 */ 

tableCO]  = 0; 
tabled]  = h = P0LY24; 

for  (i  = 2;  i < 256;  i *=  2)  C 

if  ( ( h <<=  1)  & 0x1000000)  /*  h <<=  1 (mod  poly)  */ 

h A=  P0LY24; 
for  (j  = 0;  j < i;  j + + ) 

tableli+j]  = tablelj]  A h; 


> 
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* Update  a CRC  to  reflect  the  addition  of  some  more  bytes. 

* It  doesn't  matter  how  the  bytes  are  broken  up;  the  CRC  is  the  same. 

* I.e.  c r c Upda t e ( 0 , "abed",  3)  ==  c r c U pd a t e ( c r c U pd a t e ( 0 , "ab",  2),  "cd",  ); 

* / 

w o r d 3 2 

c r c Upda t e ( wo rd32  crc,  byte  const  *buf,  unsigned  len) 

{ 

static  word32  tableC256D;  / * Initialized  to  0 * / 

if  ( ! tabled  3) 

crclnit(table); 

while  (len--) 

crc  = crc<<8  A tableC*buf++  A (byte)(crc>>16)]; 
return  crc  & Oxffffff; 

> 
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crc.h 

/* 

* crc.h  --  this  is  used  for  CRC  Checksums. 

* 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  functions  in  an  application. 

* 

* Sid:  crc.h, v 1.5  1996/11/12  02:18:03  mhw  Exp  $ 

* / 

^include  " pg p / u s u a l s . h " 

word32  c r c U pd a t e ( w o r d 3 2 crc,  byte  const  *buf,  unsigned  len); 

# d e f i n e CRC_INIT  0xb704ceu 


977 


lib/ pgp/ pipe/file/filemod.c 


filemod.c 


/ * 

* File  I/O  modules. 

★ 

* Written  by:  Derek  Atkins 

* 

* $Id:  filemod.c, v 1.64.2.1 
*/ 


<warlord3MIT. EDU> 
1996/11/14  04:09:32 


cbertsch 


Exp  $ 


//ifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 

# e nd  i f 


//include  <assert.h> 
//include  <stdio.h> 
//ifdef  H A V E_U  NIST  D_H 
//include  <unistd.h> 

# e n d i f 


//ifdef  MACINTOSH 


//include 

//include 

//else 

//include 

//include 

# e n d i f 


< u n i x 

< s t a t 


h > 
h > 


<sys/types  . h> 
<sys/stat.h> 


//include 

//include 

//include 

//include 

//include 

//include 

//include 


" f i l emod  . h " 
"pgp/annotate.h" 
"pgp/pgpmem.  h" 
"pgp/pgperr  . h" 
"pgp/pgpfi  le.h" 
"pgp/pipeline.h" 
"pgp/usuals.h" 


/*  required  for  Ultrix  */ 


//include  " kludge. h" 

//define  FILEMODMAGIC  Oxfeedflle 


struct  F i l e M od C on t e x t { 

struct  PgpFile  * f i l e ; 
i n t close; 
i n t i n_n  e w f i l e ; 
i n t sc  o pe_d  e p t h ; 

>; 


/ * 

* If  we  have  a file,  flush  it.  Then,  if  we  are  allowed  to  close 

* it,  then  do  so.  If  we  successfully  closed  it,  then  set  the  file 

* pointer  to  0.  Return  from  any  error  with  the  error  number. 

*/ 

static  i n t 

fileModClose  (struct  F i l e M o d C o n t e x t *context) 

{ 

int  error  = 0; 


if  (context->file)  { 

error  = pgpFileFlush  (context->file); 
if  (error) 
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> 


return  error; 

it  ( c o n t e x t - > c l o s e ) { 

error  = pgpFileClose  (context->file); 
it  (error) 

return  error; 
context->tile  = 0 ; 

> 


return  0 ; 

> 

static  i n t 

Flush  (struct  PgpPipeline  *myself) 

C 

struct  FileModContext  *context; 
assert  (myself); 

assert  (myself->magic  ==  FILEMODMAGIC); 

context  = (struct  FileModContext  *)myself->priv; 
assert  (context); 

if  (!context->file) 
return  0 ; 

return  pgpFileFlush  (context->file); 

> 


static  size  t 


fileWrite  (struct  PgpPipeline 

★myself,  byte  const  *buffer 

i n t 

r 

★error) 

V 

struct 

Fi leModContext 

★context; 

s i z e_t 

retval; 

assert 

(myself); 

assert 

(myself->magic 

==  FILEMODMAGIC); 

context  = (struct  FileModContext  *)myself->priv; 
assert  (context); 

if  ( ! c o n t e x t -> f i l e ) i 
if  (error) 

★error  = PG P E R R_N0_F I L E ; /★  No  such  fil 
return  0; 

> 

retval  = pgpFileWrite  (buffer,  size,  context->file); 
if  (retval)  ( 

if  (error) 

★error  = 0; 
return  retval; 

} 

if  (error  &&  pgpFileError  ( c o n t e x t -> f i l e ) ) 

★ error  = PG P E R R_F I L E_0 P F A I L ; 
pgpFi leC learError  (context->fi  le); 
return  0; 
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t size. 


or  directory*/ 
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> 


/ * 

* We  accept  certain  annotations  to  tell  us  that  we  should  change 

* the  file  we  are  writing.  If  we  have  an  open  file,  then  a change 

* will  either: 

* 1)  Return  an  error  (if  c on t e x t -> c l o s e !=  0),  or 

* 2 ) Be  ignored  (if  context->close  ==  0) 

* 

* For  the  end  context,  close  the  file  (similar  to  sizeAdvise)  and 

* return  the  error  we  get. 

*/ 


static  i n t 
fi  leAnnotate 

{ 


(struct  PgpPipeline  *myself,  struct  PgpPipeline  * o r i g i n , 
byte  const  *string,  si ze_t  size) 


struct  FileModContext  *context; 
FILE  *fp; 

char  f i l e name L F I LE N AME_M AX d ; 
s i z e_t  len; 
int  error; 


i n t type. 


(void)origin;  / * Not  used  * / 


assert  (myself); 

assert  (myself->magic  ==  FILEMODMAGIC); 

context  = (struct  FileModContext  *)myself->priv; 
assert  (context); 


switch  (type)  { 

case  PGPANN_NEWFIL  E_S  TART: 

assert( ! context->fi  le  ||  !context->close); 


i f 


> 


(context->file)  ( 

error  = fileModClose  (context); 
if  (error) 

return  error; 


assert  ( ! context->f i le); 

{ 

struct  PgpFile  * p g p f ; 

len  = min  (size,  sizeof  (filename)  - 1); 
memcpy  (filename,  string,  len); 
f i l e n a me L l e n d = ' \ 0 ' ; 

/*  I need  to  know  if  this  should  be  binary  or  not  */ 
fp  = fopen  (filename,  "wb"); 
if  ( ! f p ) 

return  PG P E R R_N0_F I L E ; 
pgpf  = pgpFi  leWriteOpen  (fp,  NULL); 
if  ( ! pg  p f ) { 

fclose  (fp); 
return  PG P E R R_N 0M E M ; 

> 

context->file  = pgpf; 
context->c  lose  = 1; 
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> 

context->in 

break; 

default: 

r 

> 


n e w f i l e = 


/ * do 


nothing  * / 


P G P_S  COP  E_D  EPTH_UPDATE(context->scop  e_d  e p t h , type); 
a s s e r t ( c o n t e x t -> s c op e_d e p t h !=  -1 ) ; 

return  0; 

> 


static  i n t 

fileSizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 
f 

struct  FileModContext  *context; 


assert  (myself); 

assert  (myself->magic  ==  FILEMODMAGIC); 


context  = (struct  FileModContext  *)myself->priv; 
assert  (context); 


if  (bytes  ||  c o n t ex t -> s c o pe_d e p t h ) 
return  0; 

if  ( c o n t e x t -> i n_n e w f i l e S&  ! c o n t ex t -> c l o s e ) 
return  0; 


> 


return  fileModClose  (context); 


static  void 

fileTeardown  (struct  PgpPipeline  *myself) 

C 

struct  FileModContext  *context; 
assert  (myself); 

assert  (myself->magic  ==  FILEMODMAGIC); 

context  = (struct  FileModContext  *)myself->priv; 
assert  (context); 

fileModClose  (context); 

memset  (context,  0,  sizeof  (*context)); 
pgpMemFree  (context); 

memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 

> 

struct  PgpPipeline  * 

pg p F i l e W r i t e C r e a t e (struct  PgpPipeline  **head,  struct  PgpFile  *file,  int 
{ 

struct  PgpPipeline  *mod; 
struct  FileModContext  *context; 

if  ( ! h e a d ) 


close) 
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return  NULL; 

★head  = 0; 

context  = (struct  FileModContext  *)pgpMemAlloc  (sizeof (*context)); 
if  (! context) 

return  NULL; 

mod  = (struct  PgpPipeline  *)pgpMemAlloc  (sizeof (*mod)); 
if  ( ! mod)  { 

pgpMemFree(context); 
return  NULL; 

> 

mod->magic  = FILEMODMAGIC; 
mod->write  = fileWrite; 
mod->flush  = Flush; 
mo d - > s i z e A d v i s e = f i l e S i z e Ad v i s e ; 
mod->annotate  = fileAnnotate; 
mod->teardown  = fileTeardown; 
mod->name  = "Write  file"; 
mod->priv  = context; 

memset  (context,  0,  sizeof  (*context)  ) ; 
context->file  = file; 
context->close  = close; 

★head  = mod; 
return  mod; 

} 

# i f 0 

/*  Enable  this  for  debugging  - it  stresses  the  hell  out  of  the  pipeline  ★/ 
#undef  BUFSIZ 

# d e f i n e BUFSIZ  1 

# e n d i f 

struct  PgpFileRead  { 


struct 

PgpPipeline  mod ; 

FILE  * 

f i le; 

byte 

bufferCBUFSIZU; 

byte  ★ 

p; 

o f f _t 

f i lesize; 

s i z e_t 

len; 

i n t 

annsent; 

i n t 

sizesent; 

i n t 

close; 

struct  PgpFileRead  * 

pgpFileReadCreate  (FILE  * input,  int  close) 

{ 

struct  PgpFileRead  *context; 
struct  stat  buf; 

assert  (input); 

context  = (struct  PgpFileRead  *)pgpMemAlloc  (sizeof  (*context)); 
if  (! context) 

return  NULL; 
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if  (fstat  (fileno  (input),  Sbuf))  { 
pgpMemFree  (context); 
return  NULL; 

> 

memset  (context,  0,  sizeof  (*context)); 
context->file  = input; 
context->p  = context->buffer; 
context->f i lesize  = buf.st_size; 
context->close  = close; 

context->mod.name  = "File  Read  Module"; 

/*  Dont  trust  the  size  if  its  not  a regular  file  */ 
if  ( ( S_I F M T S bu  f . s t_mod  e ) !=  S_IFREG) 

context->sizesent  = - 1 ; 

return  context; 

> 

byte  const  * 

pg p F i l e R e a d Pe e k (struct  PgpFileRead  *context,  size_t  *len) 

( 

assert  (context); 

/*  Compress  data  to  beginning  of  buffer  */ 
if  (context->p  ! = c on t e x t -> bu f f e r ) { 

memmove  (context->buffer,  context->p,  context->len); 
context->p  = context->buffer; 

} 

/*  Now  try  to  fill  the  buffer  */ 
if  (Ifeof  (context->f i le)  ) 

context->len  +=  f read  (context->p  + c on t e x t->  l e n , 1, 

sizeof (context->buffer)  - c o n t e x t ->  l e n , 
context->fi  le); 

if  ( l e n ) 

* len  = context->len; 
return  context->p; 

} 

void 

pg p F i l e R e a d D e s t r oy  (struct  PgpFileRead  *context) 

assert  (context); 

if  ( c o n t e x t -> c l o s e ) 

(void)  fclose  (context->f i le); 

pgpMemFree  (context); 

> 

i n t 

pg p F i l e R ea d C l o s e (struct  PgpFileRead  *context,  struct  PgpPipeline  *head) 

{ 

int  error  = 0; 
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> 


if  ( c o n t e x t -> a nn s e n t < 2 ) { 

error  = h e a d-> a n n o t a t e 

if  (error) 

return  error; 
context->annsent  = 2 ; 

> 

return  error; 


(head,  & c on t e x t ->mod  , 
NULL,  0 ) ; 


P G P A N N_F I LE_END, 


i n t 

pgp F i L eReadPump  (struct  PgpFileRead  *context,  struct  PgpPipeline  *head) 
{ 

int  error  = 0; 
s i z e_t  retlen; 


assert  (context); 
assert  (head); 


i f 


( ! c o n t e x t -> a n n s e n t ) { 

error  = h e a d-> a n no t a t e (head,  S c o n t e x t ->mod , PG P A N N_F I L E_B E G I N , 

NULL,  0 ) ; 

if  (error) 

return  error; 


> 


context->annsent  = 1 ; 


if  ( ! c o n t e x t -> s i z e s e n t ) { 

error  = head->sizeAdvise  (head,  context->f i lesize); 
if  (error) 

return  error; 


> 


context->sizesent  = 1; 


do  ( 


/*  Write  out  anything  in  my  buffer  */ 
while  ( c o n t e x t ->  l e n ) { 

retlen  = head->write  (head,  context->p, 

context->len,  Serror); 
context->len  -=  retlen; 
context->p  +=  retlen; 
context->fi  lesize  - = retlen; 
if  (error) 

return  error; 


> 


context->p  = context->buffer; 
if  (feof  ( c o n t e x t -> f i l e ) ) 
break; 

context->len  = fread  (context->p,  1,  sizeof (context->buffer), 

context->fi  le); 


> while  ( c o n t e x t ->  l e n ) ; 

/*  If  I get  here,  then  I'm  at  the  end  of  the  file  */ 
if  ( c on t e x t -> f i l e s i z e &&  c o n t e x t -> s i z e s e n t > 0) 
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return  PG P E R R_S I Z E ADVISE; 


error  = h e a d-> s i z e Ad v i s e (head,  0) 
if  (error) 

return  error; 


error  = pg p F i l e R e a d C L o s e (context, 
if  (error) 

return  error; 

return  PGPERR_0K; 


head); 
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filemod.h 


/ * 

* filemod.h  — Pipeline 

4- 

Module 

to  (read 

and)  write  files 

* Written  by:  Derek  Atkins  <wa 

4> 

rlordaMIT 

. E D U > 

* This 

Vc 

is  a Public  API 

Function 

Header. 

* $ I d : 

* / 

filemod.h, v 1.22 

1 996/1 1/12  02:18 

:04  mhw  Exp  $ 

# i f n d e f 
#de  f i ne 

PG  P_F I L E M 0 D_H 

P G P_F I L E M 0 D H 

//include  "pgp/usua  Is  . h" 

struct  PgpPipeLine; 

# i f n d e f T Y P E_PG P P I P E L I N E 
//define  T Y P E_PG P P I P E L I N E 1 

typedef  struct  PgpPipeLine  PgpPipeLine; 

U e nd  i f 

struct  PgpFiLeRead; 

ft  i-fnde-f  T Y P E_PG  P F I L E R E A D 

//define  T Y P E_PG P F I L E R E A D 1 

typedef  struct  PgpFiLeRead  PgpFiLeRead; 

ft  e nd  i f 

struct  PgpFiLe; 

# i f n d e f T Y P E_P  G P F I L E 
//define  T Y P E_P  G P F I L E 1 
typedef  struct  PgpFiLe  PgpFiLe; 
ft  e nd  i f 

/ * 

* Create  a module  to  write  into  the  appropriate  file.  Will  perform  a 

* fileCloseC)  is  close  is  non-zero  when  a sizeAdvise(O)  is  received 
*/ 

struct  PgpPipeLine  * 

pgpFileWriteCreate  (struct  PgpPipeLine  * * h e a d , struct  PgpFiLe  *file, 

int  c L o s e_a t_e o f ) ; 

/* 

* Create  a context  that  is  used  to  pump  a file  through  a pipeline. 

* It  will  close  the  file  when  it  reaches  the  end  if  close  is  non-zero 
*/ 

struct  PgpFiLeRead  *pgpFi LeReadCreate  (FILE  *input,  int  c L o s e_a t_e o f ) ; 

/ * 

* Forcibly  close  a FileRead  Context.  This  is  only  necessary  if  you 

* need  to  cause  the  fileread  module  to  close  itself  forcibly,  rather 

* than  waiting  for  the  end.  Basically  it  just  sends  an  end  annotation 
*/ 

int  pgpFi LeReadClose  (struct  PgpFiLeRead  *context,  struct  PgpPipeLine  *head); 
/* 

* Destroy  a F i l e R e a d C o n t e x t . Close  the  file  if  necessary 

* / 
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void  pgpFileReadDestroy  (struct  PgpFileRead  *context); 

/* 

* pg p F i L e R e a d P ump  takes  the  context  and  pipes  the  file  down  the  pipeline 

* until  it  hits  an  error.  It  then  returns  the  error.  It  returns  0 

* when  it  reaches  the  end  of  the  file  and  successfully  sends  its  data. 


* / 

int  pg p F i l e R e a d Pump  (struct 

PgpFileRead  *context,  struct  PgpPipeline  * h e a d ) ; 

/ * 

* Peek  at  the  input  buffer 

* check  if  it  is  a text  or 

* to  obtain  some  amount  of 

of  a PgpFileRead  object.  This  is  useful  to 
binary  file,  or  to  use  the  file  contents 
entropy.  This  will  return  a pointer  to 

* the  buffer,  and  will  fill  in  len  with  the  amount  of  data  in  the 


* buffer. 

* / 

byte  const  * pg p F i l e R e a d Pe e k 

(struct  PgpFileRead  *context,  si ze_t  *len); 

# e nd i f /*  PGP  FILEMOD  H */ 
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header.c 

/* 

* header.c  --  write  out  a file  header. 

★ 

* currently,  the  header  is:  1 01  01  000b  \003  P G P ==  " \ 2 5 0 \ 0 03 PG P " . In 

* other  words,  this  is  an  OLD  literal-1  packet  which  PGP  2.6.2  supports 

* for  backwards  compatibility  with  pre-release  versions  of  PGP  2.0,  but 

* have  never  been  generated  by  any  released  version  of  PGP.  PGP  2.6.2 

* will  see  this  as  a literal  packet  of  type  ' P ' , which  is  an  unknown  type, 

* therefore  complaining  that  it  needs  a newer  version  of  PGP. 

* 

* PGPlib,  on  the  other  hand,  will  know  to  just  ignore  this  completely. 

* 

* This  module  will  wait  for  input.  It  will  then  check  the  first  byte 

* of  the  message.  If  it  is  an  old-style  PGP  message  ( 1 0xxxxxx ) then  it 

* does  nothing.  If  it  is  a new-style  PGP  message  (llxxxxxx)  then  it  will 

* emit  the  header. 

* 

* Written  by:  Derek  Atkins  < w a r l o r d 5)  M I T . E D U > 

★ 

* $ I d : header. c,v  1.1  9 1 996/1  1 /1  2 02:1  8:04  mhw  Exp  $ 

*/ 


//ifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 

//  e nd  i f 

//include  <assert.h> 
//include  <stdio.h> 


//include 

^include 

//include 

//include 

//include 


"header . h" 
"pktbyte.h" 
"pgp/pgpmem. h" 
"pgp/ pgperr  . h" 
"pgp/pipeline.h" 


//define  HEADERMAGIC  0x4eade640 


static  byte  const  pgpheaderLO  = { 168,  3,  ' P 1 , ■ G ' , ' P ' } ; 

struct  Context  { 

byte  header[sizeof(pgpheader)D; 
size_t  hdrlen; 
s i z e_t  offset; 
struct  PgpPipeline  *tail; 
byte  done; 

>; 

static  int 

DoFlush  (struct  Context  *context) 

{ 

int  error  = 0; 
s i z e_t  r e t l e n ; 


/*  Try  to  flush  anything  that  we  have  buffered  */ 
while  ( c o n t e x t -> h d r l e n ) t 

retlen  = c o n t e x t -> t a i l -> w r i t e ( c on t e x t -> t a i l , 

context->header+context->offset. 
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> 

s t a t i 
Flush 


> 

s t a t i 
Write 
{ 


context->hdrlen  -=  retlen; 
context->of f set  + = retlen; 
if  (error) 

return  error; 

} 

return  error; 


context->hdrlen, 
& error); 


i n t 

(struct  PgpPipeline  *myself) 

struct  Context  ^context; 
int  error; 

assert  (myself); 

assert  (myself->magic  = = HEADERMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  ( context->ta  i l ) ; 

error  = DoFlush  (context); 
if  (error) 

return  error; 

return  context->tai l->f  lush  (context->tail); 
s i z e_t 

(struct  PgpPipeline  *myself,  byte  const  *buf,  si ze_t  size,  int  *error) 
struct  Context  *context; 
assert  (myself); 

assert  (myself->magic  ==  HEADERMAGIC); 
assert  (error); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  ( c o n t e x t -> t a i l ) ; 

if  ( ! c o n t e x t ->d on e ) C 
if  ( ! s i z e ) 

return  0; 

if  ( I S_N  E W_P  KT  B Y T E (*buf)) 

switch  ( NEW_PKTBYTE_TYPE  (*buf))  C 

/*  XXX:  These  should  match  filetype.c  */ 
case  PKTBYTE_ESK: 
case  PKTBYTE_S I G : 
case  PKTBYTE_CONVESK: 
case  PKTBYTE_1 PASSSIG: 
case  PKTBYTE_SECKEY : 
case  P KT  B Y T E_PU  B KEY: 
case  PKTBYTE_SECSUBKEY : 
case  PKTBYTE_PUBSUBKEY : 
case  PKTBYTE_COMPRESSED : 
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case  PKTBYTE_CONVENTIONAL : 
case  PKTBYTE_LITERAL: 

memcpy  ( c on t e x t -> h e a d e r , pgpheader, 
sizeof(pgpheader) ) ; 
context->hdrlen  = sizeof  (pgpheader); 
break; 

> 


context->done  = 1; 

> 

★error  = DoFlush  (context); 
if  (*error) 

return  0; 


> 


return  c o n t e x t -> t a i L -> w r i t e ( c on t e x t -> t a i L , but,  size,  error) 


static  i n t 

Annotate  (struct  PgpPipeline 
byte  const  *string 


{ 


★myself,  struct 
size  t size) 


struct  Context  *context; 
int  error; 


PgpPipeline  ^origin. 


i n t 


assert  (myself); 

assert  (myse lf->magi c ==  HEADERMAGIC)  ; 


context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 


error  = DoFLush  (context); 
if  (error) 

return  error; 


> 


return  c on t e x t -> t a i l -> a n n o t a t e ( c on t e x t -> t a i l , origin,  type, 

string,  size); 


static  int 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

( 

struct  Context  ^context; 
int  error; 

assert  (myself); 

assert  (myself->magic  ==  HEADERMAGIC); 

context  = (struct  Context  * ) my s e l f -> p r i v ; 
assert  (context); 
assert  ( c o n t e x t -> t a i l ) ; 

/*  Can't  send  the  sizeAdvise  until  we've  figured  out  who  we  a 

if  (!context->done) 
return  0; 


error  = DoFlush  (context); 


type. 


re  * / 
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if  (error) 

return  error; 

return  c o n t e x t -> t a i L -> s i z e Ad v i s e ( c on t e x t -> t a i L 

> 

static  void 

Teardown  (struct  PgpPipeline  *myself) 
struct  Context  *context; 
assert  (myself); 

assert  (myself->magic  ==  HEADERMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

if  (context -> tail) 

context->tai l->teardown  (context->tai  l) 

memset  (context,  0,  sizeof  (*context)  ); 
pgpMemFree  (context)  ; 

memset  (myself,  0,  sizeof  (*myself  )); 
pgpMemFree  (myself); 

> 

struct  PgpPipeline  ** 

pgpHeade r C rea t e (struct  PgpPipeline  **head) 

{ 

struct  PgpPipeline  *mod; 
struct  Context  *context; 

if  ( ! h e a d ) 

return  NULL; 

context  = (struct  Context  * ) pg p M e m A l l o c (sizeof 
if  (! context) 

return  NULL; 

mod  = (struct  PgpPipeline  * ) pg p M e m A l l o c (sizeof 
if  ( ! mod ) C 

pgpMemFree  (context); 
return  NULL; 

> 

mod->magic  = HEADERMAGIC; 
mod->write  = Write; 
mod->flush  = Flush; 
mod->sizeAdvise  = SizeAdvise; 
mod->annotate  = Annotate; 
mod->teardown  = Teardown; 
mod->name  = "File  Header  Module"; 
mod->priv  = context; 

memset  (context,  0 , sizeof  (*context)); 

context->tail  = * h e a d ; 

★head  = mod; 

return  &context->tail; 

> 


bytes); 


(★context)); 

(★mod)); 
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' 
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header,  h 

/ * 

* header. h Create  a PGP  File  Header.  It  Looks  Like  a broken 

* ESK  to  oLder  PGP  versions,  but  this  new  code  wiLL  understand  it. 

* 

* Written  by:  Derek  Atkins  <wa r L o rd3M  IT  . E DU> 

★ 

* $ I d : header. h,v  1.9  1996/1  1 /1  2 02:1  8:06  mhw  Exp  $ 

* / 

# i f nd  e f P G P_H  E A D E R_H 
//define  P G P_H  E A D E R_H 

//include  "pgp/usua  Ls  . h" 

struct  PgpPipeLine; 

//ifndef  T Y P E_PG  P P I P E L I N E 

//define  T Y P E_PG  P P I P E L I N E 1 

typedef  struct  PgpPipeLine  PgpPipeLine; 

# e n d i f 

struct  PgpPipeLine  **pgpHeaderCreate  (struct  PgpPipeLine  **head); 

Me ndif  /*  PGP  HEADER  H */ 
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parseasc.c 


/* 

* 

* 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ / 


parseasc.c  --  ascii  dearmor  parser.  This  is  fairly  complicated.  Read 

the  comment  a page  down  for  a description  of  how  this  system  works. 
The  nice  part  is  that  you  can  input  multipart  armor  in  any  order 
and  it  will  work.  In  fact,  you  can  intersperse  armor  parts  from 
multiple  messages  and  it  will  work.  Moreover,  you  can  input  binary 
PGP  messages  and  it  will  still  work!  My  god,  can  this  man  think 
of  everything  or  what? 

Written  by:  Derek  Atkins  <warlord3MIT.EDU> 

$ I d : parseasc.c, v 1.51.2.1  1996/1  1 /1  4 04:09:32  cbertsch  Exp  $ 


# i f d e f H A V E_C  0 N F I G_H 

//include 
# e n d i f 

" c on  f i g . h " 

//include 

<assert . h> 

//include 

<ctype.h> 

//include 

<stdio.h> 

//include 

<string.h> 

//include 

"charmap.h" 

//include 

"crc . h" 

//include 

"parseasc.h" 

//include 

"radix64.h" 

//include 

"pgp/annotate  . h" 

//include 

"pgp/fifo.h" 

//include 

"pgp/fi letype.h" 

//include 

"pgp/hash.h" 

//include 

"pgp/join.h" 

//include 

"pgp/pgpmem.  h" 

//include 

"pgp/parsebin.h" 

//include 

"pgp/pgperr  . h" 

//include 

"pgp/pipeline.h" 

//include 

"pgp/split.h" 

//include 

"pgp/textfi  It.h" 

//include 

"pgp/usuals.h" 

//include 

"pgp/verifyra.h" 

/* 

* This  i 

s a complicated 

* bitch. 

It  needs  to  be 

/*  for  c h a r Ma p I d e n t i t y */ 


at  the  same  time  in 


piece  of  code.  Less  politely,  this  code  is  a 
able  to  keep  track  of  many  different  things 
order  to  combine  pieces  of  armor  into  whole  messages 


* 
ie 
* 

* 

* 

* 

* 
ic 
* 

* 

* 

* This  code  will  output  PGP  messages  in  a stream 

* wherever  the  first  part  of  the  message  came  in 


There  are  three  entities  defined  here.  First  is  an  armor  part,  which 
is  defined  as  the  range  from  BEGIN  PGP  MESSAGE  to  the  END.  Second  is 
a message,  which  is  PGP  message  made  up  of  one  or  more  parts. 

And  third,  there  are  files,  which  can  contain  parts. 

Parts  must  be  fully  contained  within  a file,  however  there  can  be 
multiple  parts  in  a single  file.  On  the  other  hand,  messages  can 
cross  file  boundaries. 


of  input  "files" 
the  stream.  In  a 
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* multipart  message,  this  will  require  the  least  amount  of  buffering 

* since  buffering  is  only  required  when  pieces  come  out  of  order. 

* This  can  also  handle  the  degenerate  cases  of  interleaved  messages, 

* although  that  requires  possibly  large  amounts  of  buffering. 

* That  case  happens  rarely  enough  that  the  resource  requirement  is 

* not  onsidered  a problem. 

* 

* A picture  best  describes  this  behavior: 

* 

* W1  W 2 XI  X 2 X 3 Y 1 Y 2 Y3  Z1  Z2 

*11  A2  I I I | B | | A1  | | | | C2  | | Cl  | | | | A3 | | 

* | + + | | +___+  + + | | + + + + | | + — + | 

* + + + + + + + + 

* Filel  File2  File3  Fi le  4 


* | Everything  is  buffered  | 

* + + 

* 

* W , X , Y , Z are  file  header  and  footer  text  which  is  outside  the  PGP  armor. 

* The  numbers  are  used  to  associate  where  in  the  data  stream  they  occur. 

* 

* A,B,C  are  3 PGP  messages.  The  numbers  are  the  actual  multipart  parts 

* which  may  occur  out  of  order. 

* 

* If  this  input  stream  were  given  to  this  armor  parser,  the  following 

* output  would  occur: 

* 


* 

★ 

k 

k 

k 

* 

* 

* 

* 

* 

* 

k 

* 

* 


| W1  ~ W2  I XI  B X2  A X3  I Y1  ~ Y2  C Y3  | Z1  ~ Z2  I 

Where:  | ==  A file  separation  annotation  (or  multiple  annotations) 

==  An  armor  annotation  (an  armor  part  occured  here) 

W , X , Y , Z ==  The  exact  unencrypted  text  that  arrived  in  the 
input  . 

A , B , C ==  The  full  messages,  wrapped  in  "PGP  data"  annotations, 
which  will  be  sent  to  a binary  parser  for  decryption. 

As  you  can  see,  the  messages  are  output  in  the  order  B,  A,  C,  each 
message  occurring  in  the  place  in  the  unenecrpted  text  stream  where 
part  1 is  located.  Other  parts  are  replaced  with  an  annotation  that  just 
notes  the  deletion. 


* While  decryting  message  A,  all  the  data  between  A1  and  A3  (including 

* annotations)  needs  to  be  buffered.  In  the  usual  case  where  the  text 
k between  parts  is  short  (e-mail  headers,  mostly)  and  there  aren't 

* multiple  interleaved  parts,  not  very  much  needs  to  be  buffered. 

* Not  much  can  be  done  to  improve  the  worst  case. 

*/ 

#de  f i ne  DEARMORMAGIC  0xdea4304 


/*  List  of  commands  */ 

#def i ne  C M D_W  RITE  1 

#define  C M D_A  N N 0 T A T E 2 

tfdefine  LIN  E_L  E N 256 


/*  256  bytes  is  MORE  than  Ascii  armorsize ! */ 


struct  Message; 


/*  forward  reference  */ 


struct  MsgPart  { 
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unsigned  num; 
struct  PgpPipeline 
struct  PgpPipeline 
struct  PgpPipeline 
struct  Message  * m s g ; 
struct  MsgPart  *next 
byte  first; 
byte  done; 


/*  Which  part  number  is  this?  */ 

★mod;  / * Pointer  to  the  join  module  for  this  part  * / 
★text;  / * clearsigned:  the  text  goes  here  * / 

★sig;  / * clearsigned:  the  sig  goes  here  * / 

/*  What  message  does  this  belong  to?  ★/ 

/*  Pointer  to  the  next  part  */ 

/★  Is  this  the  first  section  left  to  do?  */ 

/*  Is  this  part  complete?  */ 


> ; 


struct  Message  -C 


char  * n a m e ; 

/* 

The 

name  of  this  message 

* / 

unsigned  size; 

/* 

How 

many  parts  does 

this 

have,  i 

struct  PgpPipel 

i n e ★*  t a i 

i; 

/ * Tail  pointer  for 

this 

message 

struct  MsgPart 

★parts; 

/* 

The 

message  parts  * / 

struct  Message 

★next; 

/* 

The 

next  message  * / 

i n t ms g_n umbe  r ; 

/* 

What 

is  this  message 

number  * / 

byte  writing; 

/* 

Are 

we  writing?  ★/ 

byte  foundpartl 

r 

/* 

D i d 

we  find  part  1? 

*/ 

known  */ 
* / 


struct  Context  f 

struct  PgpFifoDesc  const  *f 
struct  PgpFifoContext  *ann; 
struct  PgpFifoContext  *data 
struct  Message  *msgs;  / * 

struct  MsgPart  *part;  /★ 

struct  PgpPipeline  *myself; 
struct  PgpPipeline  * t a i l ; / 
struct  PgpUICb  const  *ui; 
struct  PgpEnv  const  * e n v ; 
void  ★ u i _a  r g ; 


ifod;  /*  Fifo  Descriptor  */ 

/*  Fifo  to  hold  the  saved  annotations  */ 

; / * Fifo  to  hold  saved  non-PGP  data  * / 
List  of  current  messages  */ 

The  current  message  part  */ 

/★  Pointer  to  this  pipeline  module  */ 

* Tail  pointer  for  rest  of  the  pipeline  */ 


u n s i 

gned  long  written; 

/* 

Fifo  delta 

from  last  command 

*/ 

u n s i 

gned  long  left; 

/ * 

Bytes  left 

in  fifo 

until 

next 

command  */ 

u n s i 

gned  thispart; 

/* 

This  part. 

obtained 

from 

the 

PGP 

header 

*/ 

u n s i 

gned  maxparts; 

/ * 

Max  parts. 

obtained 

from 

the 

PGP 

header 

* / 

i n t 

state; 

/* 

FSM  state  * 

/ 

i n t 

annotation; 

/* 

Annotation 

State  * / 

i n t 

dept  h_a  t_a  n n ; 

/* 

Scope  depth 

when  we 

sent 

the 

annotation 

★ / 

i n t 

s c o pe_d  e p t h ; 

/* 

Count  of  scopes  we' 

re  ins 

i d e 

★ / 

char 
byte 
byte 
u n s i 
byte 
byte 


byte 

byte 

byte 

u n s i 

i n t 

byte 

byte 

byte 

byte 

byte 

byte 


m e s s a g e i d [ L I N E_L E N D ; /*  Message  ID,  obtained  from  the  PGP  header*/ 


databufC51 1 ; 

/* 

Space  to  hold  raw  data 

48+slush  ★/ 

★dataptr; 

/* 

Pointer  into  the  data 

buffer 

★ / 

gned  datalen; 

/ * 

length  of  data  buffer 

*/ 

armorlineHLINE_ 

LEND;  / 

* line  of  armor  */ 

★armorptr; 

/★ 

pointer  into  armorline 

★ / 

gned  armorlen; 

/* 

length  of  line  */ 

gned  long  crc; 

/ * 

CRC  Checksum  */ 

hashLi stC2553; 

/* 

List  of  hashes  */ 

h a s h l e n ; 

/* 

Length  of  the  list  of 

hashes 

* / 

cmdargCBUFSIZ]  ; 

/* 

buffered  command  */ 

gned  cmdlen; 

/ * 

length  of  buffered  command  */ 

m s g_c  ount; 

/* 

A count  of  the  number 

of  messages  */ 

command; 

/ * 

the  command  that  is  buffered 

★ / 

buffering; 

/* 

A flag  --  are  we  buffering  everything? 

e o l ; 

/* 

Our  readLine  EOL  flag 

*/ 

eob; 

/* 

End  of  Buffer  flag  (from  readLine)  ★/ 

expectcrc; 

/ * 

Are  we  expecting  the  CRC  line 

next?  ★ / 

c r l f ; 

/* 

The  type  of  crlf  we  have  */ 

* / 
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byte  saved_crlf;  /*  Save  it  off...  */ 

>; 

static  char  dearmorTableC256Il; 
static  int  inited  = 0; 


/*  forward  references  */ 

static  int  writeMessage  (struct  Context  *ctx, 
static  int  sendAnnotate  (struct  Context  *ctx, 

int  type,  byte  const 
static  int  f LushMessage  (struct  Context  *ctx. 


struct  Message  * m s g ) ; 
struct  PgpPipeline  *origin, 
★string,  size_t  size); 
struct  Message  * m s g ) ; 


/ * 

* Close  this  part.  This  makes  sure  that  this  message  is  being  written 

* before  it  does  this.  It  will  call  a sizeAdvise  (0)  on  the  join 

* module  and  then  possibly  a teardown,  too. 

*/ 

static  int 

closePart  (struct  MsgPart  *part) 

{ 

int  error; 

if  (!  pa r t ->m s g-> w r i t i n g ) 
return  0; 


i f 


> 


(part->sig)  C 

error  = part->sig->sizeAdvise  (part->sig,  0); 
if  (error) 

return  error; 


i f 


> 


(part->mod)  C 

error  = part->mod->sizeAdvise  (part->mod,  0); 
if  (error) 

return  error; 


i f 


> 


(part->text)  C 

error  = part->text->si zeAdvi se  (part->text,  0); 
if  (error) 

return  error; 


part->done  = 2; 
return  0; 

> 

/ * 

★ Free  a message  part;  this  tears  down  the  join  module,  which  must  be 

* unhooked  from  the  pipeline  first. 

*/ 

static  void 

freePart  (struct  MsgPart  *part) 

{ 

struct  MsgPart  **partp  = &part->msg->parts; 
if  (pa  r t->mod ) 

part->mod->teardown  (part->mod); 
if  (part->text) 
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part->text->teardown  (part->text); 
if  (part->sig) 

part->sig->teardown  (part->sig); 


> 


while  (*partp)  f 

if  Opartp  ==  part)  { 

* p a r t p = part->next; 

memset  (part,  0,  sizeof  (*part)); 

pgpMemFree  (part); 

return; 

} 

> 

/*  no  match  found  */ 
return; 


/ * 

* We  are  done  with  the  current  part,  so  mark  it  as  done.  We  should 

* also  close  this  part  if  we  are  writing  this  message  and  either 

* there  is  a next  part  or  this  is  the  last  part.  Then  try  to  flush 

* the  message,  in  case  we  have  anything  buffered.  Finally,  clear  the 

* part  from  the  context  so  we  know  we  don't  have  a current  part. 

*/ 

static  i n t 

donePart  (struct  Context  *ctx) 

{ 

struct  MsgPart  *part  = ctx->part; 
int  error; 


assert  (part); 


part->done  = 1; 
if  (part->msg->writing)  { 

if  (part->next  | | part->num  ==  pa r t ->m s g-> s i z e ) 
error  = closePart  (part); 
if  (error) 

return  error; 


> 


> 


error  = flushMessage  (ctx,  part->msg); 
if  (error) 

return  error; 


{ 


ctx->part  = NULL; 
return  0; 


/ * 

* We're  going  to  start  a new  part.  Therefore  we  need  to  pass  in  the 

* message  that  it  is  a part  of,  and  then  create  the  new  part  or 

* return  the  pre-created  part.  If  we  ask  for  a part  number  in  this 

* message  that  is  beyond  the  highest  number  in  the  list,  then  we 

* create  that  many  more  parts  up  to  the  number  passed  in. 

* 

* Should  we  close  old  parts  if  we  can?  I don't  know,  yet.  If  we've 

* already  written  out  part  one  and  we  just  got  part  two,  should  I close 

* part  one  here?  I don't  know,  yet. 

* / 

static  struct  MsgPart  * 
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getPart  (struct  Context  *ctx,  struct  Message  *msg,  unsigned  num) 

{ 

struct  MsgPart  *temp  = NULL,  **part  = &msg->parts; 
struct  PgpPipeline  * l a s t = NULL; 
unsigned  highest  = 0; 

/*  Initialize  the  CRC  counter!  */ 
ctx->crc  = C R C_I NIT; 

while  (*part ) { 

if  (num  = = ( *pa r t ) -> num ) 
return  *part; 
highest  = (*part)->num; 
last  = (*part  )->mod; 
part=S(*part)->next; 

> 

/*  We  need  to  allocate  a bunch  of  parts  */ 
for  (highest++;  highest  <=  num;  highest++)  { 

temp  = (struct  MsgPart  OpgpMemAlloc  (sizeof  (*temp)); 
if  ( ! t emp  ) 

return  NULL; 

memset  (temp,  0,  sizeof  (*temp) ) ; 
temp->num  = highest; 
temp->msg  = msg; 


if  (last)  f 

temp->mod  = 

} else  { 

msg->tail  = 
t emp->  f i rst 
msg->tail  = 


pgpJoinAppend  (last); 

pgpJoinCreate  (&(temp->mod),  ctx->fifod); 
= 1; 

pgpParseBinCreate  (msg->tail,  ctx->env); 


> 


/*  connect  the  join  module  to  the  rest  of  the  pipe  */ 
if  (msg->tail) 

*(msg->tail)  = ctx->tail; 


if  (!temp->mod)  { 

pgpMemFree  (temp); 
return  NULL; 

> 


★part  = temp; 
last  = temp->mod; 
part  = Stemp->next; 


return  temp; 

> 

/ * 

* We  have  a part  of  a message  "name"  of  size  "size"  --  lets  try  to 

* find  the  message  that  this  is  a part  of,  and  either  return  that 

* message  pointer  or  create  a new  one  and  return  that.  If  name  is 

* non-NULL,  then  it  will  compare  the  name  passed  in  with  older  names 

* (i.e.,  a messagelD).  If  name  is  NULL,  then  it  will  compare  sizes 

* for  old-style  multipart  armor.  Do  not  return  messages  that  have 
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* only  one  part. 

★ 

* This  means  that  you  can  only  have  one  old-style  multipart  message 

* going  of  any  particular  size  (number  of  parts).  I don't  consider 

* this  a big  problem,  since  interleaved  messages  are  rarely  a 

* problem.  Out-of-order  messages,  on  the  other  hand 

* / 

static  struct  Message  * 

getMessage  (struct  Context  *ctx,  char  const  *name,  unsigned  size) 

{ 

struct  Message  **msg  = 8ctx->msgs; 
char  *newname; 

/*  Just  remove  name  if  it  is  a NULL  string  */ 
if  (name  88  !*name) 
name  = NULL; 

if  (iname  88  isize) 
return  NULL; 

while  (*msg)  C 

if  (name  88  (*msg)->name  SS  Imemcmp  (name,  ( *m s g ) -> name , 
strlen  (name)))  { 

/*  Update  the  message  size  if  we  know  it  */ 
if  ( ! ( *ms g ) -> s i z e 88  size) 

(*msg)->size  = size; 
return  *msg; 

> 

if  (Iname  88  ! ( *msg ) ->name  SS  size  ==  (*msg)->size  88 
size  ! = 1 ) 

return  *msg; 
msg  = 8((*msg)->next); 

> 

*msg  = (struct  Message  *)pgpMemAlloc  (sizeof  (**msg)); 
if  ( ! * m s g ) 

return  NULL; 

memset  (*msg,  0,  sizeof  (**msg)); 
if  (name)  { 

newname  = (char  *)pgpMemAlloc  (strlen  (name)  + 1); 
if  (Inewname)  { 

pgpMemFree  (*msg); 

*msg  = NULL; 
return  NULL; 

> 

memcpy  (newname,  name,  strlen  (name)  + 1); 

> else 

newname  = NULL; 

(*msg)->name  = newname; 

(*msg)->size  = size; 

(*msg)->msg_number  = ++ ( c t x -> ms g_c o u n t ) ; 
return  *msg; 

} 

/* 

* We're  done  with  this  message  so  we  can  remove  it  from  our  queue 
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* of  pending  messages.  Free  any  remaining  message  parts  in  the  process. 

* We  can  also  turn  buffering  off  now. 

*/ 

static  void 

freeMessage  (struct  Context  *ctx,  struct  Message  *msg) 

{ 

struct  Message  * * m s g p = &ctx->msgs; 
struct  MsgPart  *part,  *temp; 

while  (*msgp)  { 

if  ( *msgp  ==  msg)  { 

★rnsgp  = msg->next; 
part  = msg->parts; 
if  (msg->tail) 

/*  Disconnect  join  module  */ 

*(msg->tail)  = NULL; 
while  (part)  f 

temp  = part; 
part  = part->next; 
f reePart  (temp); 

> 

if  (msg->name) 

pgpMemFree  (msg->name); 
ctx->buffering  = 0; 
memset  (msg,  0,  sizeof  (*msg)); 
pgpMemFree  (msg); 

return; 

} 

> 

/*  no  match  found  */ 
return; 

> 

/ * 

* Buffer  a command  at  the  current  spot  in  the  data  stream.  This  is  only 

* called  when  c t x -> b u f f e r i n g is  true.  What  it  does  is  find  the  delta 

* of  this  command  in  the  data  fifo  from  the  last  command  in  order  to  replay 

* the  commands  at  the  proper  place.  It  saves  off  context->wri tten  as 

* the  offset  and  then  resets  the  value  to  0. 

* 

* The  return  value  is  0 on  success  or  an  error  code. 

* 

* Command  Byte  Syntax:  <offset><cmd><arglen><arg> 

*/ 

static  i n t 

buf f erCommand  (struct  Context  *ctx,  byte  cmd,  const  byte  *arg,  unsigned  arglen) 
{ 

/*  Make  sure  the  command  argument  fits  the  buffer  size  */ 
if  (arglen  > sizeof  ( c t x -> cmda r g ) ) 
return  P G P E R R_C  M D_T  0 0 B I G ; 

if  (pgpFifoWrite  (ctx->fifod,  ctx->ann,  (byte  const  *)8ctx->written/ 

sizeof  ( ctx->wri tten) ) !=  sizeof  (ctx->wri tten) ) 

return  PG P E R R_N0M E M ; 

if  (pgpFifoWrite  (ctx->fifod,  ctx->ann,  Scmd,  sizeof  (cmd)) 

!=  sizeof  (cmd)) 

return  PG P E R R_N 0M E M ; 
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i f 


(pgpFifoWrite  (ctx->fifod,  ctx->ann,  (byte 

sizeof  (arglen))  !=  sizeof 
return  PG P E R R_N0M E M; 


const  *)&arglen, 
arglen)) 


if  (pgpFifoWrite  (ctx->fifod,  ctx->ann,  arg,  arglen)  !=  arglen) 
return  PG P E R R_N OM E M ; 


ctx->wri tten  = 0; 
return  0; 


/*  Buffer  up  a write  command  for  a particular  message  */ 
static  int 

bu f f e rW r i t e C omma nd  (struct  Context  *ctx,  struct  Message  *msg) 

{ 

byte  arglsizeof  (msg)II; 

memcpy  (arg,  (byte  const  * ) & m s g , sizeof  (arg)); 

return  bufferCommand  (ctx,  C M D_W  RITE,  arg,  sizeof  (arg)); 


/ * Process  a buffered  Write  command  for  a particular  message  * / 
static  int 

parseWri teCommand  (struct  Context  *ctx) 

{ 

struct  Message  * m s g ; 


assert  (ctx->cmdlen  = = sizeof  (msg)); 

memcpy  ((byte  * ) & m s g , ctx->cmdarg,  sizeof  (msg)); 

return  writeMessage  (ctx,  msg); 


/*  Buffer  up  an  annotation  */ 
static  int 

bufferAnnotation  (struct  Context  *ctx 

byte  const  *string. 


{ 


struct  PgpPipeline 
size  t size) 


byte  *arg; 
byte  * a r g p ; 
int  retval; 


★origin. 


int  type. 


arg 
i f 


- argp  - (byte  * ) p g pM e m A l l o c (sizeof  (origin)  + sizeof  (type)  + 

size  + sizeof  (size)); 

! arg) 

return  P G P E R R_N 0 M E M ; 


memcpy 

(argp. 

(byte  const 

*)&origi 

n,  sizeof  (origin)); 

argp  += 

sizeof 

(origin); 

memcpy 

(argp. 

(byte  const 

*)&type. 

sizeof 

(type)); 

argp  += 

sizeof 

( type ) ; 

memcpy 

(argp. 

(byte  const 

* ) & s i z e , 

sizeof 

(size)); 

argp  += 

sizeof 

(size); 

memcpy 

(argp. 

string,  size 

>; 

argp  += 

size; 
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retval  = bufferCommand  (ctx,  C M D_AN N 0 T AT E , arg,  argp-arg); 
pgpMemFree  (arg); 
return  retval; 


static  i n t 

pa r s e An n o t a t i o n (struct  Context  *ctx) 

struct  PgpPipeline  *origin; 
i n t type; 
s i z e_t  s i z e ; 

byte  stringCBUFSIZD,  *a  rgp  = ctx->cmdarg; 

assert  (ctx->cmdlen  >=  sizeof  (origin)  + sizeof  (type)  + 
sized  (size)); 

memcpy  ((byte  *)&origin,  argp,  sizeof  (origin)); 
argp  +=  sizeof  (origin); 

memcpy  ((byte  *)&type,  argp,  sizeof  (type)); 
argp  +=  sizeof  (type); 

memcpy  ((byte  * ) & s i z e , argp,  sizeof  (size)); 
argp  +=  sizeof  (size); 

/*  make  sure  we  have  the  right  number  of  bytes  remaining  */ 
assert  ( (ctx->cmdlen  - size)  = = (unsi gned)  (argp  - ctx->cmdarg)); 

memcpy  (string,  argp,  size); 

return  sendAnnotate  (ctx,  origin,  type,  string,  size); 

> 

/ * 

* Given  a buffered  command,  process  it  appropriately.  The  cmd,  args, 

* and  arglen  are  currently  held  in  the  ctx.  Set  arglen  to  0 and 

* return  0 on  success,  otherwise  return  an  error. 

*/ 

static  i n t 

p r o c e s s C omma n d (struct  Context  *ctx) 

C 

int  error  = 0; 

switch  ( c t x -> c omma nd ) { 
case  CM  D_W RITE: 

error  = parseWri teCommand  (ctx); 
break; 

case  C M D_A  N N 0 T A T E : 

error  = parseAnnotati on  (ctx); 
break; 

default: 

/*  unknown  command  type.  This  should  NEVER  happen  */ 
assert  (0); 

> 

if  (lerror) 

ctx->cmdlen  = 0; 
return  error; 
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/ * 

* Write  a buffer  of  data  which  is  a message  part.  This  will  either 

* write  or  buffer  depending  on  what  the  current  state  of  the  world 

* is. 

* 

* This  will  either  perform  a write()  or  a pgpJoinBufferl)  depending 

* on  what  it  is  and  what  the  state  is.  We  perform  a write  if  this  is 

* the  writing  message,  otherwise  we  just  buffer  it. 

* / 

static  siz  e_t 

wri tePartData  (struct  MsgPart  *part,  byte  const  *buf,  si ze_t  size,  int  *error) 
i 

struct  Message  *msg  = part->msg; 

/*  Ignore  parts  that  we've  already  finished  */ 
if  (part->done) 

return  size; 

if  ( pa  rt->s i g ) 

return  part->sig->write  (part->sig,  buf,  size,  error); 
i f ( msg->w  r i t i ng  ) 

return  part->mod->write  (part->mod,  buf,  size,  error); 
return  pgpJoinBuffer  (part->mod,  buf,  size); 

} 

/ * 

* This  will  write  'extra'  data  out.  In  general  this  is  just 

* non-Ascii  armor  data.  However  if  we  are  within  a "buffering 

* everything"  mode,  then  this  will  get  buffered  into  the  ctx->data 

* fifo  and  ctx->wri tten  will  be  increased. 

*/ 

static  siz  e_t 

writeExtraData  (struct  Context  *ctx,  byte  const  *buf,  size_t  size,  int  *error) 
{ 

s i z e_t  written; 

if  (ctx->part  &&  c t x - > pa r t -> t e x t ) 

return  c t x - > pa r t -> t ex t -> w r i t e ( c t x->pa r t -> t ex t , buf,  size, 

error); 


assert  (ctx->tail); 
if  ( c t x -> bu f f e r i n g ) C 

written  = pgpFifoWrite  (ctx->fifod,  ctx->data,  buf,  size); 
ctx->wri tten  +=  written; 
return  written; 

} 

return  ctx->tail->write  (ctx->tail,  buf,  size,  error); 

> 

/* 

* This  will  start  with  the  first  part  that  we  have.  For  each  part, 

* it  will  see  if  it  is  done.  If  not,  return  0.  If  it  is  done,  then 

* see  if  there  is  another  part  sitting  after  it.  If  so,  close  this 
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* part,  return  an  error  if  one  exists,  or  move  on  to  the  next  part  if 

* there  was  no  error  closing  the  part.  If  there  is  not  another  part 

* after  this  one,  then  only  close  this  one  if  this  is  the  last  part 

* (msg->size  &&  part->num  ==  msg->size).  Otherwise  return  0. 

* 

* If  we  flushed  the  whole  message,  free  it. 

*/ 

static  i n t 

flushMessage  (struct  Context  *ctx,  struct  Message  *msg) 

{ 

struct  MsgPart  * t e m p , * p a r t = msg->parts; 
int  error  = 0; 

do  { 

if  (!part->done) 
break; 

if  (part->next ) { 

error  = c losePart  (part); 
if  (error) 

break; 

temp  = part->next; 
f reePart  (part); 
part  = temp; 

> else  if  (part->num  ==  msg->size)  { 

assert  ( ! part->next); 

error  = closePart  (part); 
if  (error) 

break; 

error  = c t x -> t a i l -> a n n o t a t e (ctx->tail,  ctx->myself, 

PG  P A N N_A  R M 0 R_E  N D , NULL, 

0); 

if  (error) 

break; 

freeMessage  (ctx,  msg); 

/*  freeMessage  will  free  the  last  part  */ 
break; 

> else 

break; 

> while  (part); 
return  error; 

> 

/* 

* Set  the  state  so  that  we  are  writing  out  this  message.  It  means  that 

* we  are  probably  going  to  be  buffering  everything  else  until  this  message 

* is  done.  If  we  are  already  "buffering"  everything,  then  buffer  up  this 

* command  for  later  execution. 

*/ 

static  int 

wri teMessage  (struct  Context  *ctx,  struct  Message  *msg) 
int  error; 

msg->foundpart1  = 1; 
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if  ( c t x -> bu f f e r i ng ) 

return  b u f f e r W r i t e C omm a n d (ctx,  msg); 

error  = ctx->tail->annotate  (ctx->tail,  ctx->myself, 

P G P A N N_A  R M 0 R_B  E G I N , NULL, 


if  (error) 

return  error; 

c t x-> bu f f e r i n g = 1; 
msg->writing  = 1 ; 

/*  Start  flushing  the  message  now  */ 


0) 


return  flushMessage  (ctx,  msg); 

} 

/* 

* This  is  the  main  logic  in  flushing  out  the  buffered  data.  This 

* function  will  try  to  flush  the  data  fifo  and  command  fifo  in  order 

* to  create  the  appropriate  output  stream. 

* 

* There  are  two  streams  which  need  to  be  merged.  Since  the  command 

* stream  gives  deltas  into  the  datastream,  we  need  to  use  the  command 

* stream  as  the  control.  No  problem. 

* 

* First,  we  flush  out  any  data  in  the  data  stream  until  the  next 

* command,  until  ctx->left  ==  0.  Next,  if  ctx->cmdlen  !=  0 we 

* process  the  command  in  the  ctx  command  buffer.  If  that  returns 

* without  error  we  read  in  the  next  c omma nd / o f f s e t into  ctx  (->left 

* and  ->cmdlen)  and  then  repeat.  It  at  any  time  an  error  occurs, 

* stop  and  return  the  error  code. 

*/ 

static  int 

flushBuffers  (struct  Context  *ctx) 

unsigned  datalen,  cmdlen,  len,  towrite; 
byte  const  * p t r ; 
int  error  = 0; 
s i z e_t  written; 


assert  (!  ctx->buffering); 


datalen  = pgpFifoSize  (ctx->fifod,  ctx->data); 
cmdlen  = pgpFifoSize  (ctx->fifod,  ctx->ann); 

/*  If  nothing  is  buffered,  just  return  ok  */ 
if  (!  data  len  &&  ! cmdlen) 

return  0; 

/*  Now  try  to  flush  the  buffers...  */ 
do  C 

/ * 

* If  buffering  gets  turned  on  processing  a command, 

* just  exit  this  function  so  more  data  can  be  read  in. 

* / 

if  ( c t x-> bu f f e r i ng ) 
return  0; 

/*  First  flush  any  data  until  the  next  command  */ 
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while  (ctx->left)  { 

ptr  = pgpFifoPeek  (ctx->fifod,  ctx->data,  S l e n ) ; 
assert  (len); 
assert  (ptr); 


> 


towrite  = min  (len,  ctx->left); 

written  = wri teExtraData  (ctx,  ptr,  len,  Serror); 
pgpFifoSeek  (ctx->fifod,  ctx->data,  written); 
ctx->left  - = written; 
datalen  - = written; 
if  (error) 

return  error; 


/* 
i f 


> 


Process  the  buffered  command,  if  any  */ 
(ctx->cmdlen)  { 

error  = processCommand  (ctx); 
if  (error) 

return  error; 


/ * 

* Now,  read  in  the  data  for  the  next  command.  The 

* syntax  is:  <o f f s e t > < cmd > <a rg  l e n > < a r g > 

* / 

if  (cmdlen)  f 

if  (pgpFifoRead  (ctx->fifod,  ctx->ann, 

(byte  * ) & c t x->  l e f t , 
sizeof  (ctx->left))  != 
sizeof  (ctx->left)) 

return  PG P E R R_F I F 0_R E A D ; 
cmdlen  -=  sizeof  (ctx->left); 


if  (pgpFifoRead  (ctx->fifod,  ctx->ann,  & c t x-> c omma nd , 

sizeof  ( c tx->command  ) ) ! = 

sizeof  ( c t x-> c omma nd ) ) 

return  PG P E R R_F I F 0_R E A D ; 
cmdlen  - = sizeof  (ctx->command); 

if  (pgpFifoRead  (ctx->fifod,  ctx->ann, 

(byte  * ) & c t x -> c md  l e n , 
sizeof  ( c t x-> c md  l e n ) ) ! = 

sizeof  ( c t x-> cmd  l en ) ) 

return  PG P E R R_F I F 0_R E A D ; 
cmdlen  -=  sizeof  (ctx->cmdlen); 

if  (pgpFifoRead  (ctx->fifod,  ctx->ann,  c t x-> c md a r g , 

ctx->cmdlen)  !=  ctx->cmdlen) 
return  PGPERR_FIFO_READ; 
cmdlen  -=  ctx->cmd len; 

> else  { 

/ * 

* If  this  can  happen  then  we  need  to  do  this 

* and  keep  track  of  the  amount  of  data  left  in 

* the  fifo. 

*/ 


ctx->left  = datalen; 
ctx->written  = datalen; 
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> 

> while  (data  len  ||  cmdlen  ||  ctx->cmdlen); 

/*  If  we  get  here  then  everything  has  been  written  out.  */ 
ctx->wri tten  = 0 ; 

return  0 ; 


/* 

* This  is  a c learsi gned  message.  We  need  to  setup  the  verification 

* pipeline  to  get  this  to  work.  First  we  have  a join  module.  It  is  a 

* placeholder  for  the  message.  The  c lea  r si gned  text  goes  into  the 

* second  input  of  the  join  module.  The  output  of  the  join  module  goes 

* to  a split.  The  first  output  of  the  split  goes  to  the  annotation 

* reader.  The  second  output  of  the  split  goes  into  a textfilt  module 

* to  strip  the  spaces  and  then  into  a signature  verification  module. 

*/ 

static  i n t 

createClearsig  (struct  Context  *ctx,  struct  Message  *msg,  struct  MsgPart 
{ 


struct  PgpPipeline  * j o i n = NULL,  * s p l i t = NULL,  * t e x t = NULL; 

struct  PgpPipeline  * * t a i l , **temp; 

struct  PgpPipeline  * s i g h e a d = NULL,  **sigtail; 


★part) 


/*  First,  build  up  a replacement  "join/split"  module  */ 
tail  = pgpJoi nCreate  (Sjoin,  ctx->fifod); 
if  ( ! t a i l ) 

return  P G P E R R_N 0 M E M ; 


temp  = tail; 

tail  = pg p S p l i t C r e a t e (temp); 
if  ( ! t a i l ) { 

return  PG P E R R_N 0M E M ; 

> 

split  = * t e m p ; 

/*  Splice  in  the  join/split  in  place  of  the  old  join/parser  */ 
*(msg->tail)  = NULL; 
part->mod->teardown  (part->mod); 


part->mod  = join; 
msg->tail  = tail; 

/*  And  connect  the  tail  */ 
if  (msg->tail) 

*(msg->tail)  = ctx->tail; 

/*  Create  the  text  input  */ 
text  = pgpJoinAppend  (join); 
if  (!  text)  { 

return  PG P E R R_N 0M E M ; 

> 


/*  add  a textfilt  module  */ 
tail  = pgpSplitAdd  (split); 
if  ( ! tai  l ) { 

t e x t -> t e a rd o w n (text); 
return  PG P E R R_N 0M E M ; 
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> 

tail  = pgpTextFi  ItCreate  (tail,  charMapIdentity,  1,  P G P_T  E X T F I L T_N  ONE); 
if  ( ! t a i l ) { 

text->teardown  (text); 
return  PG P E R R_NOM E M ; 

> 

/*  Create  the  signature  parser...  */ 

sigtail  = pgpParseBinCreate  (&sighead,  ctx->env); 

if  (Isigtail)  { 

text->teardown  (text); 
return  PG P E R R_NOM E M ; 

> 

/*  ...and  the  signature  verifier  */ 

if  ( ! pgpVer i f yReaderCreate  (tail,  sigtail,  ctx->env,  ctx->fifod, 

( c t x-> h a s h l e n ? c t x-> h a s h l i s t : NULL), 
c t x-> h a s h l e n , ( c t x-> h a s h l e n ? 1 : 0), 

ctx->ui,  ctx  — >ui arg) ) { 

text->teardown  (text); 
sighead->teardown  (sighead); 
return  PG P E R R_NOM E M ; 

> 

/*  Now  put  it  all  together  in  this  message  */ 
part->text  = text; 
part->sig  = sighead; 

return  0; 

> 

/* 

* Build  up  the  Ascii  Parser  Table  in  order  to  dearmor  data.  For  all 

* values,  set  it  to  -1  if  it  is  not  a valid  armor  character  and  then 

* set  the  valid  characters  out  of  the  armorTable.  Inited  ==  0 implies 

* we  need  to  init;  Inited  ==  1 implies  we  are  processing  or  done. 

*/ 

static  void 
parseAscInit  (void) 
i 

i n t i ; 

if  (inited++) 

return; 

for  (i  = 0;  i < 256;  i + + ) 

dearmorTableCiD  = - 1 ; 

for  (i  = 0;  i < (int)(sizeof (armorTable)  - 1);  i++) 

dearmorTablelarmorTablelil  & Oxff]  = (char)i; 

inited  = 1 ; 
return; 


/ * 

* Convert  input  bytes  to  output  bytes.  Returns  the  number  of 

* input  bytes  successfully  converted.  The  number  of  output 
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* bytes  available  is  one  less  than  this  number. 

* / 

static  i n t 

dearmorMorsel  (byte  const  inH4],  byte  outC3]) 

{ 

signed  char  cO,  cl; 

cO  = d e a r mo r Ta b l e C i n C 0 ] & 2 5 5 ]; 
if  ( c 0 < 0 ) 

return  0; 

cl  = dearmorTableCinCI]  & 2 5 5 ]; 
if  (cl  < 0) 

return  1; 

o u t C 0 ] = (cO  & 6 3 u ) <<  2 | (cl  S 63u)  >>  4; 

cO  = d e a r mo r Ta b l e C i n C 2 ] & 2 5 5 ]; 
if  ( cO  < 0) 

return  2; 

outCI]  = (cl  & 6 3 u ) <<  4 | (cO  & 6 3 u ) >>  2; 

cl  = d e a r mo rT a b l e [ i n [ 3 ] & 2 5 5 ]; 
if  (cl  < 0) 

return  3; 

o u t C 2 ] = (cO  & 63u)  <<  6 | (cl  S 6 3 u ) ; 
return  4; 

> 

/ * 

* Given  a line  of  a certain  length,  convert  to  binary  and 

* return  the  number  of  binary  bytes  that  result,  or  -1  on  error. 

* 

* This  is  very  fussy  about  trailing  junk  and  whatnot. 

* There  is  some  complexity  due  to  accepting  "=3D"  in  place 

* of  a normal  " = ".  This  is  to  allow  M I M E -e n c a p s u l a t ed  messages 

* to  be  input  directly,  without  having  MIME  u n e n c a p s u l a t e them 

* first. 

* 

* This  will  ignore  trailing  white  space  and  give  an  error  if  there 

* is  too  much  data  on  the  line. 

*/ 

static  int 

dearmorLine  (struct  Context  *ctx,  unsigned  inlen) 

C 

byte  const  *in  = ctx->armorline; 
byte  *out  = ctx->databuf; 
int  outlen  = 0; 
int  t ; 

while  ( ( t = dearmorMorsel  (in,  out))  ==  4)  { 
in  + = 4 ; 
out  + = 3 ; 
inlen  -=  4; 
outlen  +=  3; 
if  (inlen  < 4) 

return  inlen  ? -1  : outlen; 
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> 

switch  (t)  { 
case  2 : 

if  (inlen  ==  4)  C 

if  ( i n C 2 □ ==  ' = ' 88  i n C 3 ] ==  ' = ' ) 
return  outlen  + 1; 

> else  if  (inlen  ==  8)  { 

if  ( i n C 2 ] ==  ’ = ' 88  inC3]  ==  '3'  88  inC4] 
i n C 5 ] ==  ■ = ' 88  i n C 6 ] ==  '3'  88  i n L 7 3 
return  outlen  + 1; 

> 

break; 
case  3 : 

if  (inlen  ==  4)  { 

if  ( i n C 3 □ ==  ' = ' ) 

return  outlen  + 2; 

> else  if  (inlen  ==  6)  { 

if  ( i n [ 3 ] ==  ' = ' 88  i n [ 3 ] ==  '3'  88  inC4H 
return  outlen  + 2; 

> 

break; 

> 

/*  None  of  the  above  - we  have  an  error  */ 
return  - 1 ; 


D ' 88 
D ' ) 


' D ' ) 


> 


/* 

★ 

Given  a line  thought 

to  contain  a CRC, 

this 

returns  the  24-b 

ic 

CRC,  or  -1  on  error. 

Handles  possible 

MIME 

expansion 

★ 

*/ 

of  " = " to  " = 3 D " . 

static  long 

dearmorCrc  (struct  Context  *ctx) 

{ 

byte  const  * i n = ctx->armorline; 
unsigned  inlen  = ctx->armorlen; 
byte  bufC33; 


t 


/*  skip  trailing  white  space  */ 
while  (inlen  88  isspace  (inCinlen  - 1])) 
inlen--; 


i f 
i f 


/* 

* 

* 

* 

* 


( * i n ! = ' = ' ) 

return  -1; 

(inlen  ==  5) 

if  (dearmorMorsel  (in  + 1, 
return  - 1 ; 

else  if  (inlen  ==  7) 

if  (i nCI : ! = ’3'  | 

dearmorMorsel 
return  - 1 ; 

else 


return  - 1 ; 


bu  f ) ! = 4 ) 

i n [ 2 ] ! = ' D 

in  + 3,  buf) 


I I 


4) 


Welcome  to  the  famous  ANSI  C glitch.  ANSI  C 
promotes  to  signed  values  where  possible  when  preserving 
the  value.  Thus,  bufC1]<<8  is  promoted  to  signed,  then 
shifted,  then  promoted  to  long  (on  a 16-bit  int  machine. 
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* this  causes  sign-extension!),  and  merged  with  the  other 

* values.  Not  Good . 

* I'm  beginning  to  see  why  people  preferred  the  K&R  unsigned- 

* preserving  rules.  Sigh. 

* / 

return  (long)bufCOH  <<  16  | (unsigned)(bufC13  <<  8 | b u f L 2 3 ) ; 


/* 

* try  to  fill  up  c t x->a rmo r l i ne  up  to  LINE_LEN-1  bytes  or  a newline, 

* whichever  comes  first. 

* 

* This  will  set  ctx->eol  when  an  EOL  condition  occurs.  eol  ==  1 

* means  armorline  is  ready  for  processing.  eol  ==  2 means  that 

* readLine  needs  to  be  called  with  more  data  (looking  for  \n). 

* 

* The  return  value  is  the  number  of  bytes  used.  If  all  the  bytes  are 

* used  and  EOL  is  not  set,  then  more  data  is  required  and  readLine 

* should  be  called  with  more  data. 

* / 

static  s i z e_t 

readLine  (struct  Context  *ctx,  byte  const  *buf,  si ze_t  size) 

{ 

si ze_t  sizeO  = size; 
unsigned  t,  ret  len; 
byte  eol  = ctx->eol; 

byte  * p t r = ctx->armorline  + ctx->armorlen; 


if  ( ! s i z e ) 

return  0 ; 


/* 

* This  test  is  needed  in  case  the  ' \ r ‘ and  \'n'  come  in 

* different  write  calls. 

* / 

if  (eol  ==  2 &&  *buf  ==  '\n')  { 

* p t r = * b u f ; 
ctx->armorlen++; 
ctx->eol  = 1 ; 

ctx->crlf  = PGP_TEXT FI LT_CRLF; 
return  1 ; 


/*  try  to  fill  the  input  buffer  with  a line  */ 
t = (unsigned)min  (LIN E_L E N - 1 - ctx->armorlen,  size); 
for  (eol  = 0,  retlen  = 0;  retlen  < t & & ! eol;  retlen  + +)  { 

* p t r + + = * b u f ; 

if  (*buf  ==  ' \ r ' ||  *buf  ==  ' \ n ' ) 

eol  = (*buf  ==  ' \ r ' ? 2 : 1); 

b u f + + ; 

> 

size  -=  retlen; 
ctx->armorlen  +=  retlen; 

/*  Set  EOB  if  we  hit  the  end  of  the  armorline  buffer  */ 
if  ( c t x-> a rmo r l e n >=  LINE_LEN-1) 
ctx->eob  = 1; 


/ * 
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* At  this  point  we  are  either  at  EOL  or  not.  If  not,  then  we 

* either  ran  out  of  input  data  or  ran  out  of  buffer  space.  If 

* we  are  at  EOL  and  eol==2  and  we  have  more  data,  check  if  its  a 

* \ n or  something  else.  If  so,  copy  that  in  and  set  eol=1. 

*/ 

if  (eol)  f 

c t x->  c r l f = (eol  ==  2 ? PG P_T E X T F I LT_C R : PG P_T E X T F I L T_L F ) ; 

if  (eol  ==  2 &&  size)  { 

if  ( * b u f ==  '\n')  { 

*pt  r = * b u f ; 

ctx->armorlen++; 

ctx->crlf  = PG  P_T  E X T F I L T_C  R L F ; 

si  ze  — ; 

> 

eol  = 1 ; 

> 

> 

/*  Save  off  the  EOL  and  return  the  number  of  bytes  used  */ 
ctx->eol  = eol; 
return  si zeO-si ze; 

} 

/ * 

* Contained  in  buf  (of  length  size)  should  be  a Header-line.  Parse 

* it  appropriately,  and  store  it  as  necessary. 

* 

* A headerline  must  fit  in  the  armorline  buffer  (I.e.,  it  must  be 

* less  that  LINE_LEN-1  bytes  long),  it  must  start  with  an  Alpha 

* character  and  then  have  up  to  64  AlphaNumeric  characters  or  dashes, 

* followed  by  a colon  and  then  a space.  A header  that  does  not 

* conform  to  this  is  an  error. 

* 

* Returns  0 on  success,  or  a HEADER_  error  code. 

*/ 

# d e f i n e H E A D E R_T0 0 LO N G -1 
^define  H E A D E R_I N V A L I D -2 
static  int 

parseHeader  (struct  Context  *ctx,  byte  const  *buf,  size_t  size) 

C 

int  i ; 

char  const  *ptr  = (char  const  * ) b u f ; 

static  char  const  messageidC]  = "MessagelD:"; 

char  c ; 

(void)size;  / * So,  why  do  I have  this  arg?  * / 

/*  Make  sure  this  is  the  WHOLE  line  --  if  not,  it  is  an  error  */ 
if  (!ctx->eol) 

return  H E A D E R_T0 0 LO NG ; 

/*  The  first  character  must  be  an  Alpha  character  */ 
if  (lisalpha  (*ptr++)) 

return  HE ADER_I NVALI D; 

i = 1; 
for  (;;)  C 

c = *ptr++; 
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> 


/*  header  ends  in  a colon  */ 
if  ( c ==  ' : ' ) 
break; 

/*  Arbitrary  label  length  restriction  */ 
if  ( ++i  > 64) 

return  H E A D E R_T00 LO N G ; /*  Error  * / 

/*  Following  chars  much  be  alphanumeric  or  */ 

if  ( ! isalnum(c)  & & c != 

return  H E A D E R_I N V A L I D ; /*  Error  */ 


/*  Must  be  a space  after  the  */ 

if  ( * p t r + + !=  ' ') 

return  H E A D E R_I N V A L I D ; 

/ * 

* Now  process  the  header 

* 

* ptr  points  to  the  value;  buf  points  to  the  key  (of  length 

* (ptr  - buf  - 2),  plus  a colon) 

* / 

i = ptr  - (char  const  *)buf  - 1; 

/*  Process  message  ID  header  */ 

if  (i  = = sizeof  (messageid)  - 1 &&  imemcmp  (buf,  messageid,  i)) 
memcpy  ( c t x - > m e s s a g e i d , ptr, 

min  ( (strlen  (ptr)  + 1),  sizeof  ( c t x -> m e s s a g e i d ) ) ) ; 

/*  XXX:  signal  an  unknown  header?  */ 


return  0; 

> 

/*  Write  data  to  be  dearmored. 

* 

* The  main  FSM  to  control  dearmoring.  The  actual  FSM  is  kind  of 

* complicated  so  I'll  try  to  explain  it  by  comments  in  the  code. 

* Suffice  it  to  say  that  there  are  two  main  parts  of  the  machine. 

* The  first  part  deals  with  armor  ' ed  data,  and  the  second  part  deals 

* with  out-of-armored  text.  There  is  a little  glue  between  them,  and 

* there  you  have  it... 

*/ 

static  s i z e_t 

Write  (struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  int  *error) 
{ 

struct  Context  * c t x ; 
struct  Message  *msg; 
struct  MsgPart  *part; 


byte  * 

ptr. 

*num; 

s t a t i c 

char 

const 

prefixICD  = " - 

BEGIN  PGP 

static 

char 

const 

prefix2C]  = ", 

PART 

static 

char 

const 

prefix3CH  - " 

END 

PGP 

static 

char 

const 

suffixM  = " — 

i * . 

r 

/ * With 

t r a i ling 

static 

char 

const 

signedmsgC]  = 

"SIGNED 

MESSAGE- 

M . 

/ 

static 

char 

const 

sigprefixC]  = 

" BEGIN  PGP 

SIGNATURE 

int  i , 

thispart. 

maxparts,  lineused; 

si ze_t  retval,  written  = 0; 
unsigned  inlen; 
long  crc; 
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char  temp_c; 


assert  (myself); 

assert  ( my s e l f ->ma g i c ==  D E A RMO RM AG  I C ) ; 
assert  (error); 


ctx  = (struct  Context  *)myself->priv; 
assert  (ctx); 
assert  (ctx->tail); 

switch  (ctx->state)  { 
case  0 : 

c a s e_0 : 

/* 

* This  is  the  "start"  position.  Check  if  we  are 

* buffering  and  flush  buffers  if  we  are  not.  Then  go 

* to  the  next  state. 

* / 


i f 


> 


( ! c t x-> bu f f e r i ng ) C 

★error  = flushBuffers  (ctx); 
if  (*error) 

break; 


case 

case  1 : 


ctx->state++; 

/*  FALLTHROUGH  */ 

/*  call  readline  until  we  have  EOB  or  EOL  */ 


retval  = readLine  (ctx,  buf,  size); 
size  -=  retval; 
buf  +=  retval; 
written  +=  retval; 


if  (ctx->eol  ||  ctx->eob) 
ctx->state++; 

else 


break; 


/*  FALLTHROUGH  */ 

case  2 : 

/ * 

* check  the  line  for  BEGIN.  If  it  is  not  a begin 

* then  we  should  output  this  line.  If  it  is  a begin, 

* then  we  need  to  parse  it  as  an  armor  beginning. 

* / 


if  ( c t x ->  a rmo  r l e n > sizeof  (prefix'!)  - 1 SS 

Imemcmp  (ctx->armorline,  prefixl,  sizeof  (prefixl)  - 1))  C 
ctx->state  = 9; 
goto  c a s e_9 ; 

} 


/ * 

* check  the  line  to  see  if  it  is  the  beginning  of  a 

* PGP  binary  message.  This  check  is  only  done  the 

* first  time  through  this  loop,  using  c t x - > a n n o t a t i o n 
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* as  the  Loop  detector.  If  this  is  a PGP  message, 

* then  treat  it  as  such  and  buffer  the  data  for 

* processing  through  a parser. 

*/ 


if  (!  c t x-> a nno t a t i o n ) { 

if  ( pgp F i L eTypePGP  ( c t x -> a r mo r L i n e , c t x - > a r mo r L e n ) ) 
{ 

/* 

* ooh,  a binary  PGP  message  fed  into  the 

* ascii  armor  parser! 

*/ 

ctx->state  = 5 0; 
goto  case_50; 

> 

} 


case  3 : 


case  4 : 


case  3 : 


/*  FALLTHROUGH  */ 


case  4 : 


/* 
i f 


> 


send  annotation  if  we  need  to  */ 

(!  c t x -> a n n o t a t i on  ) { 

★error  = sendAnnotate  (ctx,  myself, 

P G P A N N_N  0 N P G P_B  E G I N , 

if  (*error) 

break; 

ctx->annotation  = PG P AN N_N 0 N PG P_E N D ; 
c t x - > d e p t h_a t_a n n = c t x-> s c o pe_d e p t h ; 


/*  FALLTHROUGH  */ 


NULL,  0) 


/*  output  armorline  buffer  */ 
while  (ctx->armorlen)  { 

retval  = wri teExtraData  (ctx,  c t x -> a r mo r p t r , 

c t x -> a r mo r l e n , error); 

ctx->armorptr  +=  retval; 
ctx->armorlen  -=  retval; 
if  (*error) 

return  written; 

> 

ctx->armorptr  = ctx->armorline; 

/*  FALLTHROUGH  */ 

case  5 : 

/* 

* if  EOL  ==  1,  clear  state  and  goto  state  1,  otherwise 

* read  data  and  return  to  state  4 to  output  the  line. 

* / 

if  (ctx->eol  ==  1)  { 
ctx->eol  = 0; 
ctx->eob  = 0; 
ctx->state  = 1; 
goto  c a s e_1 ; 

> 


if  ( ! s i z e ) 
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break; 

retval  = readLine  (ctx,  buf,  size); 
size  -=  retval; 
buf  +=  retval; 
written  +=  retval; 

ctx->state  = 4 ; 
goto  case_4; 

case  9 : 

case  9 : 


/* 

★ 

parse  begin  l 

i n e . 

If 

this 

is  not  a va 

1 i d 

begin 

★ 

line,  assume 

that 

i t i 

s not 

and  output 

i t 

a s 

* 

non-PGP  text 

( i n 

state 

3)  . 

* / 

ptr 

= ctx->armor 

line 

+ si 

z e o f 

(prefixl)  - 

i; 

lineused  = ctx->armorlen  - (sizeof  (prefixl)  - 1); 
thispart  = maxparts  = 0; 

do  { 

if  (lineused  ==  0)  { 

/*  not  a valid  BEGIN  line  */ 
ctx->state  = 3 ; 
goto  case_3; 

} 

> while  (isspace  (ptr[--lineused])); 

/*  temporarily  n u l l - 1 e r m i n a t e this  string  */ 
temp_c  = p t r C ++ l i n e u s ed ] ; 
ptrClineusedD  = ' \ 0 ' ; 

if  (Imemcmp  (ptr,  signedmsg,  sizeof  (signedmsg)))  { 

/*  This  is  a clearsigned  message  */ 

if  (ctx->eol)  { 

/ * 

* This  looks  like  a clearsigned 

* message.  jump  into  the  clearsigned 

* parser  and  parse  it. 

* / 

ctx->state  = 30; 
goto  case_30; 

> 

/* 

* Someone  is  playing  with  us..  This  is  an 

* error. 

*/ 

goto  err_case_9; 

> 

/*  skip  the  "whatever"  in  " BEGIN  PGP  whatever"  */ 

while  (isalnum  (*ptr)  ||  *ptr  = = ' ' ) { 

pt  r + + ; 
l i neused--; 

> 
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err  case  9: 


/*  check  for  multipart  */ 
if  (*ptr  ==  ' , ' ) { 

/*  " BEGIN  PGP  whatever,  PART  xL/yl " */ 

if  (memcmp  (ptr,  prefix2,  sizeof  ( p r e f i x 2 ) - 1)) 
goto  err_case_9; 
ptr  +=  sizeof  (prefix2)  - 1 ; 
lineused  -=  sizeof  (prefix2)  - 1 ; 


> else 

> 


thispart  = strtoul  ((char  *)ptr,  (char  **)&num,  10); 
if  (num  = = NULL  ||  thispart  < 0 ||  thispart  > 999) 


goto 

err 

_c  a s e_9 ; 

lineused  -= 

(num 

- Ptr); 

ptr 

= num; 

/* 

* 

now  check 

for 

"/y",  if 

it  exists. 

It  is 

★ 

legal  for 

i t 

not  to  exi 

st,  but  it 

must  have 

★ 

either  a 

' y ' 

here  or  a 

messagelD. 

★ / 

i f 

( * p t r — 

' / ' ) 

C 

maxparts  = strtoul  ((char  *)ptr+1, 

(char  **)&num,  10); 

if  (!num  ||  maxparts  < 2 ||  maxparts  > 999) 

goto  err_case_9; 
lineused  -=  (num  - ptr); 
ptr  = num; 

> 

C 

thispart  = maxparts  = 1; 


if  (memcmp  (ptr,  suffix,  sizeof  (suffix))) 
goto  err_case_9; 
ctx->thispart  = thispart; 
ctx->maxparts  = maxparts; 
ctx->state  = 10; 
goto  case_1 0; 


ptrllineusedl  = temp_c; 
ctx->state  = 3; 
goto  c a s e_3 ; 


case 

case  10: 


case 

case  11: 


1 0 : 


/ * 
i f 


> 


Send  end-annotation  (if  we  sent  a beg 
( c t x -> a n n o t a t i o n ) { 

assert  ( c t x-> d e p t h_a t_a n n ==  ctx 
★error  = sendAnnotate  (ctx,  myse 


in  annotation)  * 

->  s c op  e_d  e p t h ) ; 
If,  ctx->annotat 


/ 


ion. 


NULL,  0 ) ; 


if  (*error) 

break; 

ctx->annotation  = 0; 


ctx->state++; 

/*  FALLTHR0UGH  */ 

1 1 : 


/*  read  until  E0L  to  get  to  end  of  the  last 


line  * / 
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case 


case 


ctx->a rmorpt r = c t x->a rmo r L i ne ; 
ctx->armorlen  = 0; 
while  (ctx->eol  ! = 1)  { 

ctx->armorlen  = 0 ; 

retval  = readLine  (ctx,  buf,  size); 
written  +=  retval; 
buf  +=  retval; 
size  -=  retval; 

if  ( ! s i z e ) 

return  written; 

> 

ctx->eol  = 0; 
ctx->eob  = 0 ; 
ctx->armorlen  = 0; 

/*  FALLTHROUGH  */ 

1 2 : 

/*  call  readline  until  we  have  EOB  or  E0L  */ 


retval  = readLine  (ctx,  buf,  size); 
size  -=  retval; 
buf  + = retval; 
written  +=  retval; 


if  (ctx->eol  ||  ctx->eob) 
ctx->state++; 

else 


break; 


/* 

FALLTHROUGH  */ 

/* 

★ 

If  this  line  is  blank,  go  to  state  15. 

If 

it  is 

★ 

•k 

*/ 

not  blank,  process  it  as  a header  and 
state  11. 

then 

goto 

ptr  = ctx->armorline; 
lineused  = ctx->armorlen; 


/*  Find  trailing  white  space...  */ 
while  (lineused  &&  isspace  (ptrl  lineused  - ID)) 
lineused--; 

if  (lineused)  ( 
i n t err; 

/*  temporarily  nul  l-terminate  this  string  */ 
temp_c  = ptrClineusedD; 
ptrClineusedD  = ' \ 0 ' ; 


err  = parseHeader  (ctx,  ptr,  lineused); 
if  (err)  i 


★error  = sendAnnotate  (ctx,  myself. 


PG  P A N N_A  RMO  R_B  ADHEADER, 

ctx->armorline, 

lineused); 

ptrClineusedD  = temp_c; 
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if  (*error) 

break; 

/*  XXX:  Ignore  bad  headers?  */ 

> 

ctx->state  = 11; 
goto  c a s e_1 1 ; 

> 

/ ★ this  is  an  empty  Line;  now  go  deal  with  Armorlines  * / 

/*  FALLTHROUGH  */ 

case  14: 

/★  state  14  is  obsolete  */ 

/*  FALLTHROUGH  */ 

case  15: 

/★  get  the  message  and  part  information  */ 
if  (!ctx->part)  T 

/★  This  is  true  for  all  normal  armor  messages  */ 

msg  = getMessage  (ctx,  c t x->me s s a g e i d , c t x->ma x pa r t s ) ; 

if  ( ! m s g ) { 

/ * This  is  an  error  * / 

*error  = PG P E R R_N0M E M ; 
break; 

> 

part  = getPart  (ctx,  msg,  c t x-> t h i s pa r t ) ; 
if  ( ! part ) { 

/*  This  is  an  error  too  */ 

★error  = PG P E R R_N0M E M ; 
break; 

> 

ctx->part  = part; 

} 

ctx->expectcrc  = 0; 
ctx->state++; 

/*  FALLTHROUGH  */ 

case  16: 

/ * 

* Either  try  to  make  the  message  writable  or  send  an 

* annotation  saying  we  have  a message  part. 

*/ 

msg  = ctx->part->msg; 
if  ( c t x-> t h i s p a r t ==  1)  { 

★error  = writeMessage  (ctx,  msg); 
if  (*error) 

break; 

> else  T 

byte  bCBUFSIZD; 
i = 0; 

memcpy  (b,  S c t x-> t h i s pa r t , sizeof  ( ctx->thi spa  rt ) ) ; 
i +=  sizeof  (ctx->thispart); 

memcpy  (b  + i,  &ctx->maxparts,  sizeof  ( ctx->maxparts  ) ) ; 
i +=  sizeof  (ctx->maxparts); 


1020 


lib/ pgp/ pipe/file/ parseasc.c 


memcpy  (b+i,  c t x - > m e s s a g e i d , 

strlen  ( c t x->me s s a g e i d ) ) ; 
i + = strlen  (ctx->messageid); 


case 

case  17: 


★error  = sendAnnotate 

if  (*error) 

break; 

> 

/*  FALLTHROUGH  */ 

1 7 : 


(ctx,  myself, 
b , i ) ; 


/*  read  until  EOL  to  get  to  end  of  the  last 


PG  P A N N_A  RM0R_PART, 


line  * / 


ctx->armorptr  = ctx->armorline; 
ctx->armorlen  = 0 ; 
while  (ctx->eol  !=  1)  { 

ctx->armor len  = 0 ; 

retval  = readLine  (ctx,  buf,  size); 
written  +=  retval; 
buf  + = retval; 
size  -=  retval; 

if  ( ! s i z e ) 

return  written; 

> 

ctx->eol  = 0; 
ctx->eob  = 0; 
ctx->armorlen  = 0; 

/*  FALLTHROUGH  */ 

case  18: 

/*  call  readline  until  we  have  EOB  or  EOL  */ 


retval  = readLine  (ctx,  buf,  size); 
size  -=  retval; 
buf  +=  retval; 
written  + = retval; 


ctx->eob) 


/*  FALLTHROUGH  */ 

case  19: 

/ * 

* make  sure  this  is  not  a CRC  line.  If  it  is  a CRC 

* then  goto  state  21.  if  it  is  not  a CRC  line,  then 

* it  must  be  an  armorline.  So,  process  it  as  an 

* armor  line  and  then  fallthrough  to  state  20  to 

* output  it. 

*/ 


if  (ctx->armorline[0]  = = ' = ')  { 

/*  This  looks  like  a CRC  */ 
ctx->state  = 21; 
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> 


goto  c a s e_2 1 ; 


/ * Make 
if  ( c t x 


sure  we're  not  expecting  a CRC  */ 

>expectcrc)  { 

★error  = s e nd A n no t a t e (ctx,  myself,  PG P A N N_A R MO R_N0 C R C , 

ctx->armorline,  ctx->armorlen); 


if  (*error) 

break; 


/*  Well,  maybe  this  is  an  end?  */ 
ctx->state  = 2 4; 
goto  c a s e_2  4 ; 


/*  find  the  end  of  the  armorline  */ 
inlen  = ctx->armorlen; 

while  (inlen  SS  isspace  ( c t x-> a r mo r l i n e [ i n l e n - 1 2 ) ) 
inlen--; 

/*  check  the  length  of  the  armorline  */ 

if  (inlen  > 68)  { /*  68  ==  64  + 2*"=3D"  extra  space  ★ / 

★error  = sendAnnotate  (ctx,  myself, 

P G P A N N_A  R M 0 R_T  OOLONG, 
ctx->armorline,  ctx->armorlen); 

if  (*error) 

break; 


ctx->state  = 26; 
goto  c a s e_2  6 ; 


i = dearmorLine  (ctx,  inlen); 
if  ( i >48  ||  i < 1 ) { 

/*  error  in  deamorline  */ 

★error  = sendAnnotate  (ctx,  myself, 

P G P A N N_A  R M 0 R_B  A D L I N E , 
ctx->armorline,  c t x - > a r mo r l e n ) ; 

if  (*error) 

break; 

ctx->state  = 26; 
goto  case_26; 

> 

ctx->expectcrc  = (i  < 4 8); 

ctx->crc  = crcUpdate  (ctx->crc,  c t x -> d a t a b u f , i); 
ctx->data  len  = i; 
ctx->dataptr  = c t x-> d a t a bu f ; 

/*  FALLTHROUGH  */ 

case  20: 

/*  output  the  dearmored  data,  then  goto  state  17  */ 

part  = ctx->part; 
while  (ctx->data  len)  { 

retval  = wri tePartData  (part,  c t x~> d a t a p t r , 

c t x->d a t a l e n , error); 

ctx->dataptr  +=  retval; 
ctx->data  len  -=  retval; 
if  (*error) 
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return  written; 

} 

ctx->state  = 17; 
goto  case_1 7 ; 


case 


case 

21  : 


21  : 


/ * 


Deal 


with  CRC 


*/ 


crc  = dearmorCrc  (ctx); 
if  (crc  < 0)  { 

/ * error  * / 

★error  = sendAnnotate  (ctx,  myself, 

PGPANN_ARM0  R_C  R C C A N T , 
ctx->armorline,  ctx->armorlen); 

if  ( * e r r o r ) 

break; 

ctx->state  = 26; 
goto  c a s e_2  6 ; 

> 

if  ( (word32  ) crc  !=  ctx->crc)  { 

/ * mismatch  * / 

★error  = sendAnnotate  (ctx,  myself, 

P G P A N N_A  RM0R_CRCBAD, 
ctx->armorline,  ctx->armorlen); 

if  (*error) 

break; 

ctx->state  = 26; 
goto  c a s e_2  6 ; 

> 

ctx->state++; 

/*  FALLTHROUGH  */ 

case  22: 

/*  read  until  EOL  to  get  to  end  of  the  last  line  ★/ 


ctx->armorptr  = ctx->armorline; 
ctx->armorlen  = 0; 
while  (ctx->eol  !=  1)  f 

c t x - > a r m o r l e n = 0; 

retval  = readLine  (ctx,  buf,  size); 
written  + = retval; 
buf  +=  retval; 
size  - = retval; 

if  ( ! s i z e ) 

return  written; 

> 

ctx->eol  = 0; 
ctx->eob  = 0; 
ctx->armorlen  = 0; 

/*  FALLTHROUGH  */ 

case  23: 

/*  call  readline  until  we  have  EOB  or  EOL  */ 


retval  = readLine  (ctx,  buf,  size); 
size  - = retval; 
buf  +=  retval; 
written  +=  retval; 
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ctx->eob) 


case 

case  2 4: 


/*  FALLTHROUGH  ★ / 

24  : 


/ * check  for  END  * / 


i f 


( c t x-> a rmo r L e n < si zeof  (prefix3)  - 1 || 

memcmp  ( c t x->a rmo r l i ne , prefix3,  si zeof 
/*  missing  end  --  do  what???  */ 


(prefix3) 


> 

ctx->state++; 

/*  FALLTHROUGH  */ 

case  25: 

/*  read  until  EOL  to  get  to  end  of  the  last  line  ★ / 


1 ) ) { 


ctx->armorptr  = ctx->armor l i ne; 
ctx->armorlen  = 0 ; 
while  (ctx->eol  !=  1)  { 

ctx->armorlen  = 0; 

retval  = readLi ne  (ctx,  buf,  size); 
written  + = retval; 
buf  + = retval; 
size  -=  retval; 


if  ( ! s i z e ) 

return  written; 

> 

/*  FALLTHROUGH  */ 

case  26: 

c a s e_2  6 : 

/ * 

* finish  this  part,  send  an  end  annotation  if  we  need 

* to,  then  clear  the  context  and  go  to  state  0 
*/ 


i f 


( c t x-> a n n o t a t i o n ) { 

assert  ( c t x -> d e p t h_a t_a n n ==  c t x-> s c o p e_d e p t h ) ; 
★error  = sendAnnotate  (ctx,  myself,  c t x -> a n n o t a t i o n , 

NULL,  0 ) ; 

if  (*error) 

break; 

ctx->annotation  = 0; 


ctx->state++; 

/*  FALLTHROUGH  */ 


case  27: 

part  = ctx->part; 

★error  = donePart  (ctx); 
if  (*error) 

break; 
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ctx->part  = NULL; 
ctx->thispart  = 0; 
ctx->maxparts  = 0; 

memset  (ctx->messageid,  0,  sizeof  ( c tx->messagei d) ) ; 

ctx->dataptr  = ctx->databuf; 

ctx->datalen  = 0 ; 

ctx->armorptr  = ctx->armorline; 

ctx->armorlen  = 0; 

ctx->expectcrc  = 0 ; 

ctx->crlf  = 0; 

c t x -> s a ve d_c r l f = 0; 

ctx->hash  Len  = 0; 

ctx->eol  = 0 ; 

ctx->eob  = 0 ; 

ctx->state  = 0; 

goto  c a s e_0 ; 


case 


case 

30  : 


case 


/*  BEGIN  CLEARSIGNED  MESSAGE  BELOW  HERE  */ 

30  : 


/* 
i f 


> 


Send  end-annotation  (if  we  sent  a begin  annotation)  */ 

( c t x-> a n n o t a t i on  ) { 

assert  ( c t x->d e p t h_a t_a n n ==  c t x -> s c ope_d e p t h ) ; 

★ error  = sendAnnotate  (ctx,  myself,  c t x-> a nno t a t i on , 

NULL,  0 ) ; 

if  (*error) 

break; 

c t x -> a n n o t a t i o n = 0; 


/*  FALLTHROUGH  */ 

31  : 


/*  Read  until  EOL  ==  1 to  get  to  the  end  of  the  begin  line  */ 
assert  (ctx->eol); 


ctx->armorptr  = c t x-> a rmo r l i n e ; 
ctx->armorlen  = 0; 
while  (ctx->eol  !=  1)  { 

ctx->armor len  = 0; 

retval  = readLine  (ctx,  buf,  size); 
written  +=  retval; 
buf  +=  retval; 
size  -=  retval; 

if  ( ! s i z e ) 

return  written; 

> 

ctx->eol  = 0; 
ctx->eob  = 0; 
ctx->armorlen  = 0; 
ctx->state++; 

/*  FALLTHROUGH  */ 

case  32: 

/*  read  the  line  after  the  begin:  call  readline  until 
* we  have  E0B  or  EOL  */ 


retval  - readLine  (ctx,  buf,  size); 
size  -=  retval; 
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buf  +=  retval; 
written  +=  retval; 


if  (ctx->eol  | | ctx->eob) 
ctx->state++; 

else 


break; 


/*  FALLTHROUGH  */ 

case  33: 

/*  Make  sure  first  line  after  "BEGIN"  is  empty  or  "Hash:"  */ 
lineused  = ctx->armorlen; 
ptr  = ctx->armorline; 

/ * Find  trailing  white  space...  * / 
while  (lineused  &&  isspace  ( p t r C l i n e u s e d - 1])) 
lineused--; 


if  (lineused  &&  ! c t x-> h a s h l e n ) { 

/*  The  line  MUST  be  of  the  form: 

* Hash  : < I D > C , <ID>]* 

*/ 

/*  Check  for  "Hash:"  here,  put  hashes  into 

* c t x -> h a s h l i s t and  number  of  hashes  into 

* ctx->hashlen 

* / 

if  (memcmp  ( c t x -> a r mo r l i n e , "Hash:  ",  6))  { 

/*  Not  a Hash  --  Error  out  */ 

/*  XXX:  Should  annotate  here  */ 
ctx->state  = 3 ; 
goto  c a s e_3 ; 

> 

lineused  - = 6; 
ptr  + = 6 ; 


while  (lineused)  ( 

struct  PgpHash  const  * h ; 
byte  const  *comma  = (byte  const  *) 
strchr  ((char  const  *)  ptr, 
unsigned  len  = comma  ? comma-ptr  : lineused; 

h = pgpHashByName  ((char  const  *)ptr,  len); 
if  ( ! h)  { 

/*  unknown  hash.,  now  what?  */ 

/*XXX:  annotate?*/; 

> else 

c t x-> h a s h l i s t C c t x-> h a s h l e n++ ] = 
h->type; 

ptr  + = len; 
lineused  -=  len; 
i f ( comma  ) { 

if  (memcmp  (comma,  ",  ",  2))  { 

/*  invalid  format  */ 

/*  XXX:  annotate  here  */; 

> 

ptr  + = 2 ; 
lineused  -=  2; 

} 

> /*  while  */ 
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if  (!ctx->eol)  { 

/ * Too  long  a line  * / 

/*  XXX:  annotate:  bad  clearsig  */ 
ctx->hashlen  = 0; 
ctx->state  = 3 ; 
goto  case_3; 

> 


/*  Now  we  need  to  get  an  *extra*  line,  the  separator  */ 
ctx->state  = 30; 
goto  c a s e_30 ; 

> /*  if  (lineused  &&  ! c t x-> h a s h l e n ) */ 


if  (!ctx->eol  ||  lineused)  { 

/* 

* We  either  have  a long  line  or  non 

* white-space.  I bet  someone's  trying  to 

* trick  us  into  believeing  this  is  a real 

* clearsigned  message,  but  they've  added  some 

* text  to  it.  I dont  buy  it.  Output  as 

* non-pgp  text;  goto  state  3. 

*/ 


/*  XXX:  Should  send  an  annotation:  bad  clearsig  */ 
ctx->hash  len  = 0; 
ctx->state  = 3; 
goto  c a s e_3 ; 

> 

/*  FALLTHOUGH  */ 

case  34  : 

/*  Read  until  EOL  ==  1 to  get  to  the  next  line  */ 
assert  (ctx->eol); 

ctx->armorptr  = ctx->armorline; 
ctx->armorlen  = 0; 
while  (ctx->eol  !=  1)  { 

ctx->armorlen  = 0; 

retval  = readLine  (ctx,  buf,  size); 
written  +=  retval; 
buf  +=  retval; 
size  -=  retval; 

if  ( ! s i z e ) 

return  written; 

> 

ctx->eol  = 0; 
ctx->eob  = 0; 
ctx->armorlen  = 0; 
c t x-> s a v e d_c r l f = 0; 
ctx->crlf  = 0; 

/*  FALLTHR0UGH  */ 

case  35: 

/*  0k,  this  is  a clearsigned  message.  Send  a new 

* begin  annotation 

* / 

*error  = sendAnnotate  (ctx,  myself,  PG P AN N_C L E A R S I G_B E G I N , 
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case 


if  (*error) 

break; 

c t x -> a n n o t a t i o n = 
ctx->depth_at_ann 
ctx->state++; 

/*  FALLTHROUGH  ★ / 

36  : 


NULL,  0); 

P G P A N N_C  LEARSIG_END; 
= c t x-> s c op e_d e p t h ; 


/*  Get  a new  message  part  ★ / 
ctx->thispart  = 1; 
ctx->maxparts  = 1 ; 
msg  = getMessage  (ctx,  NULL,  1); 
if  ( ! m s g ) { 

/*  This  is  an  error  ★ / 
★error  = PG P E R R_N 0M E M ; 
break; 

} 


part  = getPart  (ctx,  msg,  ctx->thispart); 
if  ( ! part)  { 

/*  This  is  an  error  too  */ 

★error  = PG P E R R_N 0M E M ; 
break; 

> 


/*  And  set  it  up  as  a clearsigned  message  */ 
★error  = createClearsig  (ctx,  msg,  part); 
if  (*error) 

break; 


ctx->part  = part; 
ctx->state  = 3 9; 
/*  FALLTHROUGH  */ 


case 

case  39 : 


/* 

* Below  starts  the  main  processing  loop  for 

* clearsigned  messages.  It  reads  in  a line.  If  it 

* is  a BEGIN  line  it  converts  to  the  signature  output 

* and  starts  de-armoring  the  signature.  Otherwise  it 

* will  output  any  saved  CRLF  chars,  then  output  this 

* new  line,  saving  (but  not  outputting)  the  CRLF 

* chars  at  the  end  of  the  line.  Then  the  loop 

* continues. 

* / 

39  : 


/*  call  readline  until  we  have  EOB  or  EOL  */ 


retval  = readLine  (ctx,  buf,  size); 
size  - = retval; 
buf  +=  retval; 
written  +=  retval; 


ctx->eob) 


break; 


/*  FALLTHROUGH  */ 

case  40  : 
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/ * 

* Check  if  this  is  a begin  line.  If  so,  start 

* parsing  the  signature  by  jumping  to  case  9. 

* Otherwise,  if  the  line  begins  with  ',  move 

* beyond  that  and  fallthrough 

*/ 

lineused  = ctx->armorlen; 

ptr  = ctx->armorline; 

while  (lineused  SS  isspace  ( p t r C l i n e u s e d - ID)) 
l i neused--; 

if  (lineused  ==  sizeof  (sigprefix)  - 1 && 

Imemcmp  (ptr,  sigprefix,  sizeof  (sigprefix)  - 1))  ( 
ctx->state  = 9 ; 
goto  case_9; 

} 

if  (Imemcmp  ( c t x-> a r mo r l i n e , ",  2))  { 

ctx->armorptr  = ctx->armorline  + 2 ; 

c t x -> a r mo r l e n -=  2; 

> 


case  41: 


ctx->state++; 

/*  FALLTHROUGH  */ 

/*  output  CRLF  if  we  need  to  */ 

while  ( c t x-> s a v ed_c r l f ) { 

if  (ctx->sa  v ed_c  r l f & PG P_T EXT F I LT_C R ) { 

i = w r i t e E x t r a Da t a (ctx,  (byte  const  *)"\r", 

1,  error); 

if  ( i ) 

c tx->sa ved_c  r l f &=  ~ PG P_T E X T F I L T_C R ; 
if  (*error) 

break; 

> 


> 


i f 


> 


( ctx->saved_cr If  & PG P_T E X T F I LT_L F ) i 

i = wri teExtraData  (ctx,  (byte  const  *)"\n", 

1,  error); 

if  (i) 


c t x->  s a ved_c  r l f &=  ~ PG P_T E X T F I LT_L F ; 
if  (*error) 

break; 


ctx->state++; 

/*  FALLTHROUGH  */ 

case  42  : 

c a s e_42 : 

/ * 

* output  armorline  buffer;  do  not  output  crlf  until 

* the  next  line  has  been  shown  to  not  be  the 

* delimiter. 

*/ 
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ptr  = ctx->armorptr  + ctx->armorlen  - 1 ; 
while  (*ptr  ==  ' \ r ' ||  *ptr  ==  '\n')  { 

ptr  — ; 

ctx->armorlen--; 

} 

while  ( c t x-> a r mo r l e n ) { 

retval  = w r i t e E x t r a Da t a (ctx,  c t x -> a r mo r p t r , 

ctx->armorlen,  error); 

ctx->armorptr  + = retval; 
ctx->armorlen  -=  retval; 
if  (*error) 

return  written; 

> 

c t x-> a rmo r p t r = c t x-> a rmo r l i n e ; 

/*  FALLTHROUGH  */ 

case  43  : 

/* 

* if  EOL  ==  1,  clear  state  and  goto  state  39,  otherwise 

* read  data  and  return  to  state  41  to  output  the  line. 

* / 

if  (ctx->eol  ==  1)  { 
ctx->eol  = 0; 
ctx->eob  = 0; 

c t x-> s a v ed_c r l f = ctx->crlf ; 
c t x-> c r l f = 0; 
ctx->state  = 39; 
goto  case_39; 

> 


retval  = readLine  (ctx,  buf,  size); 
size  -=  retval; 
buf  +=  retval; 
written  +=  retval; 


ctx->state  = 42; 
goto  case_42; 


case 

case  50: 


case 


/*  BEGIN  BINARY  MESSAGE  HERE  */ 

50  : 


/*  Send  a new  begin  annotation  */ 

★error  = sendAnnotate  (ctx,  myself,  PG P A N N_I N P U T_B E G I N , 

NULL,  0); 


if  (*error) 

break; 

ctx->annotation  = PGPANN_INPUT_END; 
c t x - > d e p t h_a t_a n n = c t x-> s c o pe_d e p t h ; 

/*  FALLTHROUGH  */ 


51  : 


/*  Get  a new  message  part  */ 
assert  ( ! ctx->part); 
ctx->thispart  = 1 ; 
ctx->maxparts  = 1; 
msg  = getMessage  (ctx,  NULL,  1); 
if  ( ! m s g ) { 

/*  This  is  an  error  */ 
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★error  = PGPERR_NOMEM; 
break; 

> 

part  = getPart  (ctx,  msg,  c t x-> t h i s pa r t ) ; 
if  ( ! part)  { 

/★  This  is  an  error  too  */ 

★error  = PG P E R R_N OM E M ; 
break; 

> 


★error  = writeMessage  (ctx,  msg); 
if  (*error) 

break; 

ctx->part  = part; 

/*  FALLTHROUGH  */ 

case  5 2: 

/*  Write  out  data  cached  in  c t x-> a r mo r L i n e ★/ 
part  = ctx->part; 
while  ( c t x-> a r mo r l e n ) { 

retval  = wri tePartData  (part,  c t x -> a r mo r p t r , 

ctx->armorlen,  error); 

ctx->armorptr  +=  retval; 
ctx->armorlen  - = retval; 
if  (*error) 

return  written; 

> 

ctx->armorptr  = ctx->armorline; 

ctx->eol  = 0; 

ctx->eob  = 0; 

ctx->armorlen  = 0; 

ctx->state++; 

/*  FALLTHROUGH  */ 

case  53: 

/* 

* Check  if  this  scope  has  ended.  If  so,  then  close 

* this  part  by  jumping  to  state  26 

* / 

if  ( ! c t x-> a n n o t a t i on  ) { 
ctx->state  = 26; 
goto  c a s e_2  6 ; 

} 


/*  Otherwise,  write  out  data  from  this  write  call.  */ 
part  = ctx->part; 
while  (size)  { 

retval  = wri tePartData  (part,  buf,  size,  error); 

buf  + = retval; 

size  -=  retval; 

written  +=  retval; 

if  (*error) 

return  written; 


> 


/*  Can  we  get  here  any  way  other  than  not  having  data?  ★/ 

assert  (!size); 

break; 


default: 
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/*  Every  state  should  be  enumerated  above  */ 
assert  (0); 

> 

return  written; 

> 

static  i n t 

Flush  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
int  error  = 0 ; 

assert  (myself); 

assert  (myself->magic  ==  DEARMORMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

(void)  Write  (myself,  NULL,  0,  terror); 
if  (error) 

return  error; 

return  c on t e x t -> t a i l -> f l u s h ( c o n t e x t -> t a i l ) ; 

> 

static  int 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

{ 

struct  Context  *context; 
int  error  = 0; 

assert  (myself); 

assert  ( my s e l f ->ma g i c ==  DEARMORMAGIC); 

context  = (struct  Context  * ) my s e l f -> p r i v ; 
assert  (context); 
assert  (context->tail); 

if  (bytes) 

return  0; 

/*  There  are  no  more  bytes.  Therefore  this  is  the  E0L.  */ 
context->eol  = 1; 

/*  Call  write  to  purge  out  anything  we  might  have  buffered.  */ 
(void)  Write  (myself,  NULL,  0,  Serror); 
if  (error) 

return  error; 

if  ( c o n t e x t -> pa r t ) f 
/ * 

* If  we  have  a part,  end  it,  flush  the  current 

* message,  and  reset  the  context  state. 

*/ 

/ * 

* Check  if  this  is  a clearsigned  message  that  is 
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> 


* incomplete.  If  it  is,  kill  it  now! 

*/ 

if  ( c o n t e x t -> pa r t -> s i g &&  ! c o n t e x t -> pa r t ->m s g -> f o u nd pa r 1 1 ) 

( v o i d ) 0 ; 


> 


context->state  = 26; 

(void)  Write  (myself,  NULL,  0,  Serror); 
if  (error) 

return  error; 


/ * 

* If  we  have  data  buffered  at  this  point,  we  return  an  error 

* code  to  let  the  caller  know  that.  If  we  miss  a part  of  a 

* multipart  message,  this  will  be  the  case.  The  user  will 

* receive  the  error  message  and  can  then  send  annotations  to 

* figure  out  what  is  missing  and  possible  send  it  or  at  least 

* inform  the  user. 


* 

* This  keeps  the  data  consisent  and  doesn't  propagate  a 

* sizeAdviseO  in  the  wrong  scope. 

*/ 


if  ( c on t e x t -> s c op e_d e p t h ) 
return  0; 


if  ( c o n t e x t ->ms g s ) 

return  P G P E R R_P A R S E A S C_I N COMPLETE; 


/ * Bytes  is  zero  * / 

return  context->tail->sizeAdvise  (context->tail,  bytes); 


static  struct  Message  * 

g e t M e s s a g e N umbe r (struct  Context  *ctx,  int  num) 
{ 

struct  Message  * m s g ; 

msg  = ctx->msgs; 
while  (msg)  { 

if  ( m s g - > m s g_n u m b e r ==  num) 
return  msg; 
msg  = msg->next; 

> 

return  NULL; 

> 


static  int 

sendStatus  (struct  PgpPipeline  *myself,  int  type,  byte  const  *string, 
size  t size) 


struct  Context  *ctx  = (struct  Context  *)myself->priv; 
struct  Message  *msg; 
struct  MsgPart  *part; 
int  count; 


switch  (type)  t 

case  P G P A N N_P A R S E A S C_M S G_C 0 U N T : 

return  c t x->msg_coun t ; 


1033 


lib  / pgp/ pipe/file/ parseasc.c 


> 


case  P G P A N N_P  A R S E A S C_M  S G_L  EFT: 
msg  = ctx->msgs; 
count  = 0 ; 
while  (msg)  { 

count++; 

msg  = msg->next; 

> 


return  count; 

case  PGPANN_PARSEASC_MSG_CURRENT : 

/*  Return  the  pointer  to  the  currently  writing  message 
msg  = ctx->msgs; 
while  (msg)  { 

if  (msg->writing) 
break; 

msg  = msg->next; 

> 

if  (msg) 

return  msg->msg_number; 
return  0 ; 

case  PGPANN_PARSEAS  C_M  S G_P  A RTS: 

/*  Return  the  number  of  parts  in  the  message  */ 
assert  (size  ==  sizeof  ( i n t ) ) ; 

msg  = getMessageNumber  (ctx,  ((int  *)  string)H0D); 
if  ( ! m s g ) 

return  0; 
return  msg->size; 

case  PGPANN_PARSEASC_MSG_PARTINFO : 

/*  Return  information  about  part  M of  message  N */ 
assert  (size  = = (2  * sizeof  (int))); 
msg  = getMessageNumber  (ctx,  ((int  *)  s t r i n g ) H 0 3 ) ; 
if  ( ! m s g ) 

return  0 ; 

count  = ((int  *)  string)C13; 
part  = msg->parts; 
while  (part)  { 

if  (part->num  ==  ( u n s i g n e d ) c o u n t ) 

return  (part->done  ? 1 : 2); 

if  (part->num  > ( u n s i g n e d ) c o u n t ) 
return  1; 

part  = part->next; 

> 

assert  ( Ipart); 
return  2; 

> 

return  0; 


* / 


/*  Send  an  annotation  */ 
static  int 

sendAnnotate  (struct  Context  *ctx 
byte  const  *string. 


assert  (ctx->tail); 


struct  PgpPipeline  *origin, 
size  t size) 


i nt  type. 


if  (ctx->buffering) 

return  bufferAnnotation  (ctx,  origin,  type,  string,  size); 
return  ctx->tail->annotate  (ctx->tail,  origin,  type,  string,  size); 

> 
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static  i n t 

Annotate  (struct  PgpPipeline 
byte  const  *string 


/ 


★myself 
size  t 


/ 


struct 

size) 


struct  Context  *context; 
int  error; 


PgpPipeline  * o r i g i n , 


int  type. 


assert  (myself); 

assert  (myself->magic  = = DEARMORMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

switch  (type)  { 

case  PGPANN_PARSEASC_MSG_COUNT : 
case  PGPANN_PARSEASC_MSG_LE FT : 
case  P G P A N N_P  A RSEASC_MS  G_C  U R R E N T : 
case  PGPANN_PARSEAS  C_M  SG_PARTS  : 
case  PGPANN_PARSEASC_MSG_PARTINFO  : 

return  sendStatus  (myself,  type,  string,  size); 

> 


i f 


> 


( PG P_I S_E N D_S C 0 P E (type)  &&  c o n t e x t - > a n n o t a t i o n SS 
c o n t e x t -> s c o p e_d e p t h ==  c on t ex t ->d e p t h_a t_a nn ) i 

error  = sendAnnotate  (context,  myself,  c on t e x t -> a n n o t a t i o n , 

NULL,  0 ) ; 

if  (error) 

return  error; 
context->annotati on  = 0; 


error  = sendAnnotate  (context,  origin,  type,  string,  size); 
if  ( lerror) 

P G P_S C 0 P E_D E P T H_U P D A T E ( c o n t e x t - > s c o p e_d e p t h , type); 
a s s e r t ( c o n t e x t -> s c o p e_d e p t h !=  -1); 
return  error; 

> 

static  void 

Teardown  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
struct  Message  *msg,  *temp; 

assert  (myself); 

assert  (myse lf->magi c ==  DEARMORMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

for  (msg  = context->msgs;  msg;  msg  = temp)  { 
temp  = msg->next; 
f reeMessage  (context,  msg); 

> 

if  (context -> tail) 

context->tai l->teardown  (context->tai  l ) ; 
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pgpFifoDestroy  (context->fifod,  context->data); 
pgpFifoDestroy  ( context->f i f od,  context->ann); 

memset  (context,  0,  sizeof  (*context) ) ; 
pgpMemFree  (context); 

memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 

> 

struct  PgpPipeline  ** 

pgpParseAscCreate  (struct  PgpPipeline  **head,  struct  PgpEnv  const  *env, 

struct  PgpFifoDesc  const  *fd, 

struct  PgpUICb  const  *ui,  void  *ui_arg) 

( 

struct  PgpPipeline  * m o d ; 
struct  Context  *context; 
struct  Pg p F i f o C o n t e x t *data,  *ann; 

if  ( ! h e a d ||  ! env) 

return  NULL; 

parseAscIni t (); 

context  = (struct  Context  OpgpMemAlloc  (sizeof  (*context)); 
if  (!  context) 

return  NULL; 

mod  = (struct  PgpPipeline  *)pgpMemAlloc  (sizeof  (*mod) ) ; 
if  ( ! mod)  { 

pgpMemFree  (context); 
return  NULL; 

> 

data  = pg p F i f o C r e a t e (fd); 
if  ( ! d a t a ) { 

pgpMemFree  (context); 
pgpMemFree  (mod); 
return  NULL; 

> 

ann  = pg p F i f o C r e a t e (fd); 
if  ( ! a n n ) { 

pgpFifoDestroy  (fd,  data); 
pgpMemFree  (context); 
pgpMemFree  (mod); 
return  NULL; 

> 

mod->magic  = DEARMORMAGIC; 
mod->write  = Write; 
mod->flush  = Flush; 
mod->si zeAdvi se  = SizeAdvise; 
mod->annotate  = Annotate; 
mod->teardown  = Teardown; 

mod->name  = "Ascii  Armor  Parser  Module"; 
mod->priv  = context; 

memset  (context,  0,  sizeof  ( * c o n t e x t ) ) ; 
c o n t e x t -> f i f o d = fd; 
c o n t e x t -> d a t a = data; 
context->ann  = ann; 
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context->dataptr  = context->databuf; 

context->armorptr  = context->armorline; 

context->myse If  = mod; 

context->env  = env; 

context->ui  = u i ; 

context->ui_arg  = ui_arg; 

context->tail  = *head; 

★head  = mod; 

return  &context->tail; 
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parseasc.h 

/ * 

* parseasc.h  --  An  Ascii  Armor  Parser  for  PGP. 

* 

* Written  by:  Derek  Atkins  < wa r L o r da M I T . E D U > 

* 

* $ I d : parseasc.h,v  1.1  6 1 996/1  1 /1  2 02:1  8:07  mhw  Exp  S 
*/ 

# i f n d e f P G P_P A R S E A S C_H 
//define  PG P_P A R S E A S C_H 

//include  " p g p / u s u a L s . h " 

struct  Pipeline; 

# i f n d e f T Y P E_P I P E L I N E 
//define  T Y P E_P I P E L I N E 1 

typedef  struct  Pipeline  Pipeline; 

//  e nd  i f 

struct  PgpEnv; 

//  i f nd  e f T Y P E_P G P E N V 

//define  T Y P E_P  G P E N V 1 

typedef  struct  PgpEnv  PgpEnv; 

# e n d i f 

struct  PgpFifoDesc; 

//  i f n d e f T Y P E_P G P F I F 0 D E S C 

# d e f i n e T Y P E_P G P F I F 0 D E S C 1 

typedef  struct  PgpFifoDesc  PgpFifoDesc; 

//end  i f 

struct  PgpUICb; 

# i f nde  f TYPE_PGPUICB 

//define  TYPE_PGPUICB  1 

typedef  struct  PgpUICb  PgpUICb; 

//  e nd  i f 


struct  PgpPipeline  **pgpParseAscCreate 


(struct  PgpPipeline  **head, 
struct  PgpEnv  const  *env, 
struct  PgpFifoDesc  const  *fd, 
struct  PgpUICb  const  *ui, 
void  *ui_arg ) ; 


//endif  /*  PGP  PARSEASC  H */ 
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radix64.c 

/* 

* radix. c — Define  the  armor  Table  for  6-bit  integer  to  character 

* conversion. 

* 

* $ I d : radix64.c,v  1.6  1 996/1  1 /1  2 02:18:07  mhw  Exp  $ 

*/ 

# i f d e f H A V E_C  0 N F I G_H 
# i nc  l ude  "config.h" 

# e nd i f 

^include  "radix64.h" 

/*  This  is  are  table  of  6-bit  value  ->  character  */ 
char  const  a r mo r Ta b l e C 6 5 ] = 

"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzOI 23456789+/"; 
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radix64.h 

/ * 

* radix64.h  --  The  header  for  Radix64  encoding,  which  is  used  by  ASCII  Armor. 

★ 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  functions  in  an  application. 

* 

* Sid:  radix64.h,v  1.5  1996/11/12  02:18:07  mhw  Exp  $ 

*/ 

tfifndef  P G P_R  A D I X 6 4_H 
# d e f i n e P G P_R  A D I X 6 4_H 

extern  char  const  armorTableC65]; 

tfendif  /*  PGP_RADIX64  H */ 
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parser/ 
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lib/ pgp/ pipe/ parser/. cvsignore 


.cvsignore 


Makefile  DONE 
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Makefile. in 

# 

# Lib/pipe/parser 

# 

# $ I d : Makef i le  . i n,v  1.1  4 1 996/1  1 /1  2 02:18:08  mhw  Exp  $ 

n 

LOCALINCLUDES=  -I ../../ 1 nc L ude 

0BJS=  parsebin.o  readann.o  verifyra.o  vrfysig.o 
PUBHDRS=  parsebi n . h readann  . h verifyra.h 
PRI  VHDRS  = 

all::  DONE 


1043 


lib/ pgp/ pipe/parser/ makefile,  msc 


makefile.msc 


C F L A G S = 

-I  . . \ \ \ . -DHAVE  CONFIG  H $(DEBUG) 

PGPLIB=  , 

..\..\..\pgplib.lib 

all:: 

l i b 

headers: 

: i n c l 

include  " ma k e f i l e . i n 


i n c l : 

if  not  "$(PUBHDRS)"==""  \ 

for  %f  in  ( $(PUBHDRS)  ) do  copy  %f  . . \ . . \ . . \ . . \ i n c l u d e \ p g p 
if  not  "$( PRIVHDRS ) "==" " \ 

for  %f  in  ( $(PRIVHDRS)  ) do  copy  %f  . . \ \ \ i nc lude 

DOB  J S = 

lib: 

$(0BJS:  . o=  . ob  j ) 

$(D0BJS) 

. c . ob  j : 

$ ( C C ) $(CFLAGS)  -17  -c  $< 

lib  /out  : $ ( PGPLIB)  $(PGPLIB)  $*.obj 

clean: 

del  * . ob  j 

DONE  : 

if  exist  $(PGPLIB)  lib/out:$(PGPLIB)  $(PGPLIB)  $(D0S0BJS) 
if  not  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(D0S0BJS) 
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parsebin.c 

/* 

* parsebin.c  --  Binary  Parser 

* 

* Written  by:  Colin  Plumb  and  Derek  Atkins  < w a r l o r d 3M I T . E D U > 

* 

* $Id:  parsebin.c, v 1.106.2.2  1996/11/14  04:09:33  cbertsch  Exp  $ 

* / 

//ifdef  HAVE  CONFIG  H 


ft i n c l ud  e 
ft  e n d i f 

" c o n f i g . h " 

ft  i n c l u d e 

<assert . h> 

ft  i n c l ude 

< s t d i o . h > 

ft  i n c l ud  e 

"pktbyte.h" 

^include 

"parsebin.h" 

^include 

"pgp/annotate  . h" 

ft  i n c l ud  e 

"pgp/cfb.h" 

^include 

"pgp/cipher.h" 

^include 

"pgp/ciphrmod.h" 

ft  i n c l u d e 

"pgp/compress . h" 

^include 

"pgp/compmod.h" 

//include 

"pgp/fifo.h" 

//include 

"pgp/hash.h" 

//include 

"pgp/hashmod.h" 

//include 

"pgp/header.h" 

^include 

"pgp/ pgpmem. h" 

//include 

"pgp/pgpenv . h " 

//include 

"pgp/pgperr.h" 

//include 

"pgp/pipeline.h" 

//include 

"pgp/ si g . h" 

ft  i nc  l ude 

"pgp/textfilt.h" 

//include 

"pgp/usuals.h" 

//define 

PARSERMAGIC  OxfeedfOOd 

/ * 

* There  are  two  formats  for  PGP  packets.  Both  are  equivalent  as  far  as 

* the  rest  of  the  code  is  concerned. 

* The  original  PGP  packet  format: 

* - Packet  byte:  lOttttll,  where  tttt  = packet  type,  and  ll  = length  of  length 

* - Length  field,  1/2/4/0  bytes,  big-endian,  based  on  ll  bits 

* - Body 

* This  format  is  simple  and  small,  but  requires  knowing  the  size  of  the 

* enclosed  data  before  you  can  emit  the  length  field. 

* 

* The  one-pass  PGP  3 format: 

* - Packet  byte  lltttttt,  where  tttttt  = packet  type 

* - Zero  or  more  non-final  subpackets,  starting  with  a byte  of  the  form 

* 1 1 1 sssss,  followed  by  2As  bytes  of  data 

* - A final  subpacket,  which  starts  with  either  Osssssss,  lOsssssss, 

* or  1 1 0sssss  ssssssss,  holding  up  to  2A7  + 2A6  + 2 A 1 3 - 1 bytes. 

* (The  formats  encode  lengths  of  0-127,  128-191,  and  192-8383  bytes.) 

* 

* Generally,  a PGP  implementation  will  emit  non-final  subpackets  in  the 

* IK  to  8K  range,  followed  by  one  final  subpacket.  However,  any  size 

* may  be  used,  down  to  one  byte.  This  flexibility  allows  data  to  be 
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flushed  out  and  a stream  to  be  brought  up  to  date  at  any  byte  boundary 
by  emitting  a combination  of  non-final  subpackets  which  sum  to  the 
desired  boundary. 

To  keep  track  of  both  of  these  formats,  there  is  a struct  Header, 
which  describes  the  parsing  state  of  the  current  subpacket  header  on 
an  arbitrary  byte  boundary.  It  has  three  members: 
lenbytes  - the  count  of  the  number  of  bytes  remaining  in  the 

current  big-endian  subpacket  size.  This  may  be  as  large 
as  4.  As  additional  bytes  are  read,  lenbytes  is  decremented 
and  "pktlen"  is  increased  with  the  appropriately  shifted 
byte. 

more  - a flag  which  is  true  if  the  current  subpacket  is  non-terminal, 
so  another  subpacket  is  expected. 

pktlen  - the  length  of  the  current  subpacket.  If  lenbytes  is  non-zero, 
the  value  here  is  an  underestimate.  When  this  is  0,  a new 
packet  or  subpacket  (depending  on  the  more  flag)  is  expected. 


To  keep  track  of  the  state  of  the  input  stream,  a Header  structure  is 
used,  but  data  that  has  already  been  read  from  the  Header  structure 
is  kept  around  as  well.  There  are  two  data  structures  for  this: 

- The  FIFO  contains  a copy  of  the  raw  input  data  up  to  the  point 
marked  by  "passptr". 

- The  buffer,  which  also  holds  a prefix  of  the  input  data,  but  a 
parsed  version.  A portion  of  the  two  overlap,  and  what  can  be 
kept  in  the  buffer,  is.  This  always  includes  the  tail  of  the  last 
subpacket  that  has  been  read.  If  this  is  also  the  first  subpacket, 
nothing  actually  needs  to  get  copied  to  the  FIFO  at  all. 


The  buffer  ends  up  looking  like  this: 


/ passptr  - First  byte  not  passed  through  to  FIFO. 


A A 


I \ bufend  - End  of  packet  header/start  of  read-ahead 

\ bufptr  - Beginning  of  intra-packet  header 


It  works  like  this:  The  data  from  the  FIFO,  plus  passptr  through  bufend, 
is  the  raw  data  that's  been  processed.  Passptr  is  usually  before 
bufptr,  with  the  gap  filled  by  the  packet's  external  header 
(packet  header  byte  plus  length  or  first  subpacket  header),  and 
then  bufptr  through  bufend  is  shared  between  the  two. 


If  the  amount  of  header  data  needed  exceeds  the  size  of  the  first 
subpacket,  then  the  data  up  to  and  including  the  second  subpacket 
header  is  copied  to  the  FIFO,  and  as  much  of  the  second  subpacket  as 
is  needed  is  read  into  the  buffer  immediately  following  the  first 
subpacket,  with  no  intervening  subpacket  header,  and  "passptr"  is 
set  to  point  to  the  beginning  of  the  second  subpacket  data. 

The  data  between  bufend  and  readptr  is,  however,  raw  input  data 
including  subpacket  headers  that  have  not  yet  been  parsed. 
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static  size  t 


static  size  t 


static  size  t 


static  size  t 


nextScope  (struct  PgpPipeline  *myself,  byte  const  ★but, 
si ze_t  size,  int  *error); 

nextESK  (struct  PgpPipeline  *myself,  byte  const  *buf, 
si ze_t  size,  int  *error); 

parsePacket  (struct  PgpPipeline  *myself,  byte  const  *buf, 
si ze_t  size,  int  *error); 

parseKey  (struct  PgpPipeline  *myself,  byte  const  *buf, 
si ze_t  size,  int  *error); 


/*  Information  needed  to  parse 
struct  Header  C 

w o r d 3 2 pktlen; 
unsigned  lenbytes; 
byte  more; 

>; 


a subpacket  header  */ 

/*  Length  of  current  subpacket  */ 

/*  Number  of  length  bytes  to  come  */ 
/*  More  subpackets  to  come  */ 


/ * Information 
struct  Input  { 


needed  to  parse  a data  stream  */ 


>; 


byte 

bufferCBUFSIZH; 

/ * 

Buffer 

of  parsed  data  * / 

struct  Pg p F i f o C o n t e x t 

* f i f o 

; / * 

FIFO 

of  raw 

data 

*/ 

byte 

const  *passptr; 

/* 

Pointer 

into 

buffer 

* / 

byte 

const  *bufptr; 

/* 

Pointer 

into 

buffer 

*/ 

byte 

*bufend; 

/ * 

Pointer 

into 

buffer 

★ / 

struct  Header  head; 

/* 

Current 

subpacket  status 

*/ 

byte 

si lent_trunc; 

/ * 

C o m p l a i 

n i f 

out  of 

input 

? */ 

struct 


Context  { 

struct  Input  input; 
struct  PgpPipeline  *tail 


struct  PgpPipeline 

* n e x t pa 

rser; 

struct  PgpPipeline 

**end; 

struct  PgpHashContext  * h a s h e s ; 

struct  PgpEnv  const 
int  numhashes; 

* e n v ; 

int  state; 

/* 

Used  my 

bumerous  parse  functions 

*/ 

int  e n d_s  cope; 

/* 

A n no  t a t 

ion  at  end  of  this 

scope. 

or  0 * / 

byte  subtype; 

/ * 

Type  of 

literal 

packet  (t 

v s . 

b) 

* / 

int  siglpass; 

/* 

Within 

1-pass  signature  scope 

★ / 

int  siglnest; 

/ * 

Number 

of  unpa i 

red  1 pass 

headers 

nested  */ 

/*  Flags  */ 
byte  sepsig; 

/* 

1 -pa  s s 

separate 

signature 

*/ 

byte  findpkt; 

/ * 

S e a r c h i 

ng  for  a 

new  packet  */ 

byte  eof; 

/* 

No  more 

input  available. 

ever 

★ / 

byte  needcallback, 


/*  Return  true  if  the  end  of  the  current  packet  has  been  reached  */ 
static  int 

i n pu t F i n i s h ed ( s t r u c t Header  const  *head) 

{ 

return  ! head->pkt  l en  SS  ! h e a d->  l e n by t e s &&  !head->more; 

> 


/ * 

* Return  a pointer  to,  and  then  length  of,  the  subpacket  header  at  the 

* current  position  in  the  input  buffer,  using  the  context  of  "head". 

*/ 

static 


byte  const  * 
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i n p u t H e a d P e e k ( s t r u c t Header  const  *head,  byte  const  *buf,  size_t  size, 
s i z e_t  *len) 

{ 

assert (buf  ||  isize); 
if  ( h e a d-> L e n by t e s ) { 

* L en  = (size  < h e a d-> L e n by t e s ) ? size  : ( s i z e_t ) h e a d-> L e n by t e s ; 

return  buf; 

> 

if  (head->pktlen)  { 

* L e n = 0 ; 
return  buf; 

> 

if  ( ! head->more)  { 

* L e n = 0 ; 

return  (byte  const  * ) 0 ; 

> 

if  (isize)  { 

* L e n = 0 ; 
return  buf; 

> 

if  ((bufCO]  S OxeO)  ==  OxcO  &&  size  ! = 1) 

* L e n = 2 ; 

else 

* L e n = 1 ; 
return  buf; 


/ ★ 

* Skip  the  upcoming  header,  adjusting  the  state  in  "head"  appropriately. 

* Return  the  number  of  bytes  consumed  (<=  size). 

* / 

static  s i z e_t 

i npu t H ead S e e k ( s t r u c t Header  *head,  byte  const  *buf,  size_t  size) 

{ 

unsigned  i ; 
unsigned  char  b; 


/*  No  data,  don't  care  */ 
if  (isize) 

return  0; 
assert(buf); 

/*  If  we're  in  the  middle  of  a header,  read  the  tail  of  it  */ 
if  ( h e a d-> l e n by t e s ) { 

if  (size  > head->  l enby tes  ) 

size  = ( s i z e_t ) h e a d-> l e n by t e s ; 
i = (unsigned)size; 
do  { 

head->pktlen  +=  (word32)*buf++  <<  (8*--head->lenbytes); 
> while  ( - - i ) ; 
return  size; 

> 

/*  Are  we  not  at  the  end  of  a packet?  */ 
if  ( head->pkt  l en  ||  !head->more) 
return  0; 

/*  Otherwise,  we're  starting  a new  subpacket  header  */ 


1048 


lib/ pgp/ pipe/ parser/ parsebin.c 


> 


b = buf COD; 
if  (b  < OxcO)  { 

head->pkt l en 

= 

(word32)b; 

head->more  = 

0; 

> else  if  (b  < OxeO) 

head->pkt  len 

= 

((word32)b  <<  8) 

head->more  = 

0; 

if  (size  ==  1 

) 

C 

head- 

> else  { 

>lenbytes  = 1; 

( Ox  c 000 


head->pktlen  + = (word32)bufC1D; 
return  2 ; 

> 

> else  if  (b  >=  OxeO)  { 

head->pktlen  = (word32)1  <<  (b  & 31); 

> 


return  1; 


0 x c 0 ) ; 


static  void 

i npu t R e s e t ( s t r u c t Input  *input) 
f 

input->passptr  = input->bufptr  = input->bufend  = input->buffer; 
input->head.pktlen  = 0; 
input->head.lenbytes  = 0; 
input->head.more  = 0 ; 

> 


/* 


* Start  parsing  a packet  with  the  given  header  byte. 

* Returns  0 if  it's  a normal,  good  header  byte,  and  -1 

* if  it's  a bogus  header  byte,  in  which  case  the  rest  of  the 

* input  is  taken  as  the  body. 

*/ 

static  int 

inputStartCstruct  Input  *i nput,  byte  b) 

{ 


/*  Store  first  byte  in  buffer  */ 
input->passptr  = input->buffer; 
input->bufferC0D  = b ; 
input->bufend  = input->buffer+1; 
input->head.pktlen  = 0 ; 


if  ( I S_N  E W_P  KT  B Y T E ( b ) ) { 

/ * New  style  * / 
input->head.lenbytes  = 0 ; 
input->head.more  = 1 ; 
i nput->s i l ent_t rune  = 0; 

> else  if  ( I S_0  L D_P  KT  B Y T E ( b ) ) { 

/ * Old  style  */ 

input->head.  lenbytes  = L L E N_T  0_B  YTESCPKTBYT  E_L  LEN(b)); 
i nput->head . more  = 0; 
i nput->s i l ent_t rune  = 0; 
if  ( PKTBYTE_LLEN ( b ) ==  3)  t 

i nput->s i l ent_t rune  =1; 
input->head.pktlen  = (word32)-1; 

> 

> else  { 

/*  Erroneous!  */ 
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input->bufptr  = input->buffer; 
i n pu t -> h e a d . p k t l e n = (word32)-1; 
input->head.lenbytes  = 0; 
input->head.more  = 0; 
input->si Lent_trunc  = 1; 
return  - 1 ; 

> 

/*  Usual  case  wrapup  */ 
input->butptr  = input->bufend; 
return  0; 

> 

/ * 

* Return  a pointer  to,  and  the  length  of,  the  next  available  packet  payload 

* bytes.  These  bytes  will  come  from  either  the  read-ahead  buffer  or  the 

* input  buffer  (buf,  size),  as  appropriate.  Returns  a NULL  pointer  when 

* there  is  no  more  data  available  in  the  packet.  If  "size"  is  0 and 

* this  is  not  the  end  of  the  packet,  this  returns  the  "buf"  pointer, 

* which  may  or  may  not  be  NULL,  at  the  caller's  discretion. 

* 

* This  may,  in  some  situations  (like  when  "size"  is  1 and  sitting 

* on  a subpacket  header),  return  the  "buf"  pointer  but  a zero  length 

* even  when  size  is  non-zero. 

* In  that  case,  the  current  packet  is  not  finished,  but  no  data  is  available 

* in  the  current  input  buffer.  You  need  to  call  inputSeek(O)  to  give 

* it  a chance  to  consume  the  current  input  buffer. 

*/ 

static  byte  const  * 

inputPeekCstruct  Input  const  *input,  byte  const  *buf,  size_t  size,  si ze_t  *len) 
( 

/*  If  we  have  no  buffer,  then  size  must  be  0 */ 
assertlbuf  ||  ! size); 

/*  If  we  have  data  buffered,  use  that.  */ 
if  ( i nput->buf end  !=  i n pu t -> bu f p t r ) { 

* len  = ( s i z e_t ) ( i n pu t -> bu f end  - input->bufptr); 
return  i n p u t - > b u f p t r ; 

> 

/* 

* If  we  are  in  the  middle  of  a subpacket  header,  no  data  available, 

* but  more  to  come. 

* / 

if  ( i np u t -> h e a d . I e n by t e s ) { 

* l e n = 0 ; 
return  buf; 

> 

/* 

* If  we're  at  the  end  of  a subpacket,  no  data  available,  and 

* there  may  or  may  not  be  more  to  come. 

* / 

if  ( ! i n pu t -> h e a d . p k t l e n ) { 

* l e n = 0 ; 

return  i nput->head . more  ? buf  : 0; 

> 

/*  Return  the  appropriate  data  from  the  input  buffer  */ 
if  (size  > i n pu t -> h e a d . p k t l e n ) 

size  = ( s i z e_t ) i n pu t -> h e a d . p k t l e n ; 


1050 


lib/ pgp/ pipe/  parser/ parsebin.c 


* l e n = size; 
return  b u f ; 


/* 

* Skip  over  "len"  bytes  (where  Len  <=  the  amount  returned  from  the  Latest 

* call  to  inputPeek!)  of  input  from  the  input  stream  (either  the  context 

* buffer  or  the  supplied  external  buffer). 

*/ 

static  s i z e_t 

inputSeek(struct  Input  *input,  byte  const  *buf,  size_t  size,  si ze_t  len) 
l 

assert (buf  ||  ! size); 

/*  If  we  have  data  in  the  input  buffer,  skip  that  */ 
if  ( i n pu t -> bu f e nd  !=  i n pu t -> bu f p t r ) { 

assert( len  <=  ( s i ze_t ) ( i nput->buf end  - input->bufptr)); 
input->bufptr  +=  len; 
return  0; 

> 

/*  Make  sure  the  skip  is  legal  */ 
assert(  ! len  ||  !input->head.lenbytes); 
assert(  len  <=  input->head.pktlen); 
assert ( len  <=  size); 

/ * Skip  the  data  * / 
input->head.pktlen  -=  len; 

/ * Skip  any  additional  header  that  follows  * / 

return  len  + inputHeadSeek(Sinput->head,  buf+len,  size-len); 

} 

/* 

* Copy  the  input  buffer  to  the  FIFO. 

* / 

static  int 

inputToFi fo(struct  Input  *i nput ) 

{ 

si ze_t  len,  written; 

len  = ( s i z e_t ) ( i n pu t -> bu f e nd  - input->passptr); 
i f (len)  C 

written  = pgpFifoWrite  ( &pg pBy t e F i f o D e s c , input->fifo, 

input->passptr,  len); 
i n pu t -> pa s s p t r +=  written; 
if  (written  !=  len) 

return  PG P E R R_N 0M E M ; 

> 

return  0; 

> 

/ * 

* Try  to  ensure  that  the  next  "desired"  bytes  of  input  are  contiguous 

* and  thus  inputPeek  will  return  them  in  one  call.  This  will  copy 

* bytes  from  the  external  buffer  to  the  input  buffer.  If  it  does, 

* the  number  of  bytes  copied  is  returned. 

* 

* If  this  needs  to  squeeze  subpacket  header  bytes  out  of  the  read-ahead 

* buffer  to  make  the  buffer  contiguous,  it  copies  the  bytes  to  the  FIFO 
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★ so  they'll  be  available  for  raw  reading. 

*/ 

static  siz  e_t 

inputMergeCstruct  Input  *input,  byte  const  *buf,  si ze_t  size,  unsigned  desired, 
int  *error) 

{ 

s i z e_t  s i z e 0 ; 
siz  e_t  s , t ; 
unsigned  avail; 


assert (buf  | | ! size); 

★error  = 0;  /*  No  error  ★ / 


s = (size_t)(input->bufend  - input->bufptr); 
if  (s  >=  desired) 
return  0 ; 

desired  -=  (unsigned)s; 
sizeO  = size; 


while  (desired  & & size)  { 

/★  Suck  in  the  following  header,  if  any  */ 
if  ( ! i nputHeadPeekCSi nput->head,  buf,  size,  &s)) 
break;  / * End  of  packet  ★ / 

/*  If  we  have  a header,  deal  with  it.  */ 
if  (s)  f 

/* 

* Do  something  with  the  header  - put  it  in  the  buffer 

* before  bufptr  if  possible,  or  in  the  FIFO  if  not. 

* / 

if  ( i nput->buf pt r ==  i n p u t - > b u f e n d ) { 

memcpy(input->bufend,  buf,  s); 
(void)inputHeadSeek(Sinput->head,  buf,  s); 
i npu t -> bu f p t r = i n pu t -> bu f e n d +=  s; 
buf  + = s ; 
size  - = s ; 

> else  { 

/ * Write  what's  already  in  the  buffer  * / 

★error  = inputToFifo(input); 
if  (*error) 

break; 

/*  Write  the  current  header  to  the  FIFO  */ 
t = pgpFifoWrite  ( S pg pBy t e F i f o D e s c , 

input->fifo,  buf,  s); 

(void)inputHeadSeek(Sinput->head,  buf,  t); 
buf  + = t ; 
size  - = t ; 
if  ( t ! = s ) { 

★error  = PG P E R R_N 0 M E M ; 
break; 


/*  Normal  data  to  be  copied  */ 
avail  = desired; 
if  (avail  > size) 

avail  = (unsigned)size; 
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if  (avail  > i n pu t -> h e a d . p k t l en ) 

avail  = (unsigned)input->head.pktlen; 
s = input->buffer+sizeof(input->buffer)-input->bufend; 

if  (avail  > s)  { 
if  ( ! s ) 

break; 

avail  = (unsigned)s; 

> 

memcpy ( i nput->buf end,  buf,  avail); 
i npu t->bu f end  +=  avail; 
input->head.pktlen  - = avail; 
size  -=  avail; 
desired  -=  avail; 


> 


return  sizeO-size; 


/*  Return  true  if  there's  more  packet  in  here  than  will  fit  */ 
static  int 

inputOverful l (struct  Input  const  *input) 

{ 


> 


return  i n p u t - > b u f e n d — i n p u t -> b u f f e r + s i z e o f ( i n p u t - > b u f f e r ) 
! inputFinished(&input->head); 


SS 


/*  How  many  merged  bytes  are  available?  */ 
static  s i z e_t 

i npu t Me r g ed ( s t r u c t Input  const  *input) 

{ 

return  ( s i z e_t ) ( i n pu t -> bu f e n d - input->bufptr); 

> 


/*  Pointer  to  the  merged  bytes  */ 
static  unsigned  char  const  * 
i npu t Me r g ed P t r ( s t r u c t Input  const  *input) 
{ 

return  input->bufptr; 

> 


/* 

* Return  a buffer  and  length  corresponding  to  the  next  batch  of 

* raw  (unparsed)  characters  in  the  current  packet. 

* The  bytes  might  come  from  one  of  three  places: 

* - The  FIFO  where  they  have  been  copied  by  inputHergeO 

* - The  input  buffer 

* - the  passed-in  external  buffer 

* In  the  latter  case,  this  parses  ahead  in  the  input  buffer  as  many 

* subpackets  as  possible  to  give  the  largest  block  of  data  possible. 

* 


* Returns  NULL  with  a length  of  0 if  there  are  no  more  bytes  in  the  current 

* packet.  Returns  "buf"  with  a length  of  0 if  size  is  0. 

* That  may  or  may  not  be  NULL,  depending  on  the  caller. 

*/ 


static  byte  const  * 

i n pu t R a w Pe e k ( s t r u c t Input  const  *input,  byte  const  *buf,  size_t  size, 
size  t *len) 


byte  const  *p; 
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s i z e_t  s ; 
s i z e_t  s i z e 0 ; 
unsigned  ulen; 
struct  Header  head; 

assert (buf  | | !size); 

/*  Try  the  byte  FIFO  */ 

p = pgpFifoPeek  (SpgpByteFifoDesc,  input->fifo,  Sulen); 
if  (p)  { 

*len  = ( s i z e_t ) u L e n ; 
return  p; 

> 

/*  Then  the  buffered  data  */ 

if  ( i n pu t -> pa s s p t r !=  i n pu t -> bu f end ) { 

* Len  = input->bufend  - input->passptr; 
return  i n pu t -> pa s s p t r ; 

> 

/*  Finally,  the  external  buffer  */ 

sizeO  = size; 
p = buf; 

head  = input->head; 

while  (size  &&  ! i np u t F i n i s h e d ( & h e a d ) ) { 

s = inputHeadSeekl&head,  p,  size); 
size  -=  s; 
if  ( ! s i z e ) 

break; 

P +=  s; 

if  (size  <=  head.pktlen)  { 
size  = 0 ; 
break; 

> 

size  -=  head.pktlen; 
p +=  head.pktlen; 
head.pktlen  = 0; 


*len  = sizeO  - size; 
return  buf; 


/ * 

* Skip  forward  over  a given  number  of  bytes  of  raw  input  data. 

* The  number  of  bytes  must  be  <=  the  number  returned  from 

* inputRawPeekO. 

* 

* The  FIFO  and  buffered  data  are  simple.  If  those  are  empty, 

* parse  forward  in  the  external  buffer  until  the  desired  number  of 

* bytes  have  been  skipped,  then  store  the  parsing  state. 

*/ 

static  siz  e_t 

inputRawSeek(struct  Input  *input,  byte  const  *buf,  size_t  size,  unsigned 

{ 

s i z e_t  s ; 


assert (buf  | | isize); 


ten) 
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/*  If  there's  data  in  the  FIFO,  skip  that...  */ 
if  (pgpFifoSize  ( Spg pBy t e F i f o D e s c , i nput->f i f o ) ) f 

pgpFifoSeek  (SpgpByteFifoDesc,  input->fifo,  len); 
return  0; 

> 

/*  Otherwise  the  buffered  data  */ 

if  ( i n p u t -> pa s s p t r !=  i n pu t -> b u f e nd  ) { 

assert! Len  <=  ( s i ze_t ) ( i nput->buf end  - input->passptr)); 

input->passptr  +=  len; 

if  ( i n pu t -> bu f p t r < i n pu t -> pa s s p t r ) 

input->bufptr  = input->passptr; 
return  0; 

> 


} 


/*  Finally,  the  external  buffer  */ 
assert!  len  <=  size); 


size  = len; 
while  (size)  I 

s = i n pu t H e a d S e e k ( & i n pu t -> h ea d , buf, 
size  - = s ; 
if  (lien) 

break; 
buf  +=  s ; 

if  (size  <=  i n pu t -> h e a d . p k t l e n ) { 

i np u t -> h e a d . p k t l e n -=  size; 
break; 

> 

size  -=  input->head.pktlen; 
buf  +=  i nput->head  . pkt  l en; 
input->head.pktlen  = 0; 

> 

return  len; 


s i z e ) ; 


/*  Get  rid  of  the  header  we've  processed  from  the  system.  */ 
static  void 

inputPurge(struct  Input  *input) 

{ 

pgpFifoFlush  (SpgpByteFifoDesc,  i n p u t -> f i f o ) ; 

input->passptr  = input->bufptr  = input->bufend  = input->buffer; 

> 


/ * 

* Write  all  the  already-buffered  bytes  from  the  current  packet. 

* Return  an  error,  if  any  is  encountered. 

*/ 

static  i n t 

DoRawFlush  (struct  Context  *ctx,  struct  PgpPipeline  *tail) 

{ 


int  error  = 0; 
s i z e_t  l e n ; 
byte  const  *p; 


do  f 

p = inputRawPeek(Sctx->input,  NULL,  0,  Slen); 
if  ( ! p ) 

break; 

len  = tai  l ->w  r i t e (tail,  p,  len,  Serror); 
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(void)inputRawSeek(&ctx->input,  NULL,  0,  len); 
> while  (!  error  ); 


> 

return 

w f 

error; 

static 

s i z e_t 

DoS  ki p 

(struct 

PgpPipeline  *myself,  byte  const  *buf,  si ze_t  size,  int  *error) 

struct 

Context  * c t x ; 

si z e_t 

sizeO  = size; 

byte  const  *p; 

s i z e_t 

len; 

assert 

(myself); 

assert 

(myse  lf->magi c ==  PA R S E RM AG  I C ) ; 

c t x = 

(struct  Context  *)myself->priv; 

assert 

( c t x ) ; 

assert 

(error); 

assert 

(Isize  ||  !ctx->eof); 

★error 

= 0; 

i nputPurge  (Sctx->input); 

for  ( ; ; ) C 

p = i nputPeek(&ctx->i nput,  buf,  size,  &len); 
if  ( ! p)  { 

if  ( i npu t F i n i s h ed ( &c t x-> i npu t . h ead  ) ) C 
/ * End  of  input  * / 
myself->write  = nextScope  ; 

size  -=  nextScope  (myself,  buf,  size,  error); 

> 

break; 

> 

if  (lien  &&  Isize) 
break; 

len  = inputSeek(Sctx->input,  buf,  size,  len); 
size  -=  len; 
buf  +=  len; 

> 

return  sizeO-size; 

> 

/* 

* Write  out  the  a s -y e t - u n r e a d body  of  this  packet  to  the  tail  of  this  module. 

* At  the  end  of  the  packet  ( i n pu t F i n i s h e d ) , set  the  state  back  to 

* nextScope. 

*/ 

static  s i z e_t 

DoWrite  (struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  int  *error) 
{ 

struct  Context  * c t x ; 
s i z e_t  len; 
s i z e_t  sizeO  = size; 
byte  const  * p ; 
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assert  (myself); 

assert  (myself->magic  ==  PARSERMAGIC)  ; 

ctx  = (struct  Context  *)myself->priv; 

assert  (ctx); 

assert  (ctx->tail); 

assert  (error); 

assert  (!size  | | !ctx->eof); 

*error  = 0; 

do  ( 

p = inputPeek(Sctx->input,  but,  size,  Slen); 
if  ( ! p)  f 

if  (inputFinished(Sctx->input.head))  { 

/ * End  of  input  * / 
myself->wri te  = nextScope; 

size  -=  nextScope  (myself,  buf,  size,  error); 

> 

break; 

> 

if(!len&&!size) 

break; 

len  = ctx->tai  l->wri te  (ctx->tail,  p,  len,  error); 
len  = inputSeek(Sctx->input,  buf,  size,  len); 
size  -=  len; 
buf  +=  len; 

> while  (!*error); 

return  sizeO-size; 

> 


/ * 

* Write  out  a series  of  packets  to  the  tail  of  this  module,  keeping 

* track  of  packet  boundaries,  and  counting  pairs  of  signature  headers 

* and  footers.  When  come  to  an  unpaired  footer,  exit  to  process  it. 
*/ 

static  siz  e_t 

DoWriteSignedPackets(struct  PgpPipeline  *myself,  byte  const  * b u f , size 

int  *error) 


{ 


struct 

Context  *ctx; 

s i z e_t 

l e n ; 

s i z e_t 

sizeO  = size; 

byte  const  *p; 

byte  b 

/ 

assert 

(myself); 

assert 

( myse l f->mag i c 

==  PARSERMAGIC); 

ctx  = 

(struct  Context 

*)myself->priv; 

assert 

(ctx); 

assert 

(ctx->tai  l); 

assert 

(error); 

assert 

(isize  ||  ! ctx- 

> e o f ) ; 

*error 

• S 

O 

II 

t 


size. 
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switch  (ctx->state)  i 
case  0 : 

/*  Here  at  the  start  of  a packet  */ 
inputReset(Sctx->input); 


if  ( ! s i z e ) 

return  0;  / * I need  a packet  header!  * / 

/* 

* Track  signature  nesting. 

* siglnest  holds  the  excess  1 pass  sig  hdrs  we've  seen 

* We  distinguish  old-style  sig  packets  from  new  style  by 

* whether  the  packet  type  byte  is  old  or  new  style. 

* / 


i f 


> 


( I S_N  E W_PKTB  YT  E (bufCOT))  { 

byte  bt  = P KT  B Y T E_T  YPE(bufCOD) ; 

if  (bt  = = PKTBYTE_SIG  SS  c t x - > s i g 1 n e s t = = 0 ) { 

/*  This  footer  is  what  we  are  looking  for  * 
myself->write  = nextScope; 

size  -=  nextScope  (myself,  buf,  size,  error 
break; 

> else  if  (bt==PKTBYTE_1 PASSSIG)  { /*  sig  header  */ 

++ctx->sig1nest; 

> else  if  (bt==PKTBYTE_SIG)  { /*  sig  footer  */ 

— ctx->si gl nest; 

} 


/ * Else  read  and  pass  on  this  packet  * / 
b = *(buf++); 
si  z e — ; 

if  ( i n pu t S t a r t ( & c t x -> i n pu t , b)  < 0)  { 

assert  (0);  / * what  to  do  here?  * / 

> 


case  1 : 


> 


/*  FALLTHROUGH  */ 

while  ( ! i npu t F i n i s h ed ( &c t x-> i npu t . h ead  ) ) { 

p = i n p u t R a w Pe e k ( S c t x-> i np u t , buf,  size,  Slen); 
if  ( ! I e n ) 

return  sizeO-size; 

len  = c t x-> t a i l ->w r i t e ( c t x-> t a i l , p,  len,  error); 
len  = inputRawSeek(&ctx->input,  buf,  size,  len); 
size  -=  len; 
buf  +=  len; 
if  (*error) 

return  sizeO-size; 

} 

/*  Here  at  end  of  packet  */ 

ctx->state  = 0; 

break; 


> 


return  sizeO-size; 
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/* 

* This  function  flushes  the  raw  header  bytes  from  the  beginning  of 

* the  parser's  buffer  "over"  the  following  module  on  to  the  following 

* parser,  then  falls  through  to  writing  the  payload  bytes  to  the  following 

* module  and  the  header  bytes  "over"  it. 

*/ 

static  s i z e_t 

DoWriteNext  (struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size, 
int  terror) 

struct  Context  * c t x ; 
byte  const  * p ; 
si ze_t  sizeO  = size; 
s i z e_t  len; 

struct  PgpPipeline  * t a i l , *next; 


assert  (myself); 

assert  (myself->magic  = = PARSERMAGIC); 


ctx  = (struct  Context  *)myself->priv; 

assert  (ctx); 

assert  (ctx->tail); 

assert  (ctx->nextparser); 

assert  (error); 

assert  ( ! si ze  ||  !ctx->eof); 


next  = ctx->nextparser; 
★error  = 0; 


for 


> 


(;;)  C 

p = inputRawPeek(&ctx->input,  NULL,  0,  Slen); 
if  ( ! I e n ) 

break; 

len  = next->wri te  (next,  p,  len,  error); 
(void)inputRawSeek(Sctx->input,  NULL,  0,  len); 
if  ( * e r r o r ) 

return  0; 


tail  = ctx->tail; 
do  C 

p = inputHeadPeek(&ctx->input.head,  buf,  size,  Slen); 
if  (len)  ( 

len  = next->wri te(next,  p,  len,  error); 
(void)inputHeadSeek(&ctx->input.head,  buf,  len); 
buf  +=  len; 
size  - = len; 

> else  C 

p = inputPeek(Sctx->input,  buf,  size,  Slen); 
if  (len)  { 

len  = tail->write(tail,  p,  len,  error); 

/*  Note  double  "len"  to  prevent  header  skip  */ 
len  = inputSeek(Sctx-> input,  buf,  len,  len); 
buf  +=  len; 
size  - = len; 

> else 

break; 
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> 

if  (*error) 

return  sizeO-size; 

} while  (size); 

/*  If  that's  the  end  of  this  packet,  continue  with  the  next.  */ 
if  ( i n pu t F i n i s h e d ( & c t x-> i n pu t . h e a d ) ) { 

/ * End  of  input  * / 
myself->write  = nextScope; 

size  - = nextScope  (myself,  buf,  size,  error); 

> 


> 


return  sizeO-size  ; 


/* 


* This  function  is  called  when  we  are  checking  the  signature  on  a literal 

* packet.  The  reason  it  is  needed  is  that  signatures  are  only  on  the  BODY 

* of  the  literal  packet,  not  the  headers.  OOPS.  So  find  the  size  of 

* the  literal  packet  header  and  pass  it  (external  header  and  internal 

* header)  "over"  the  hash  module  to  the  ctx->nextparser  using 

* DoWriteNext. 

* 


* This  does  NOT  report  errors  on  a short  or  truncated  literal  packet, 

* we're  pretending  not  to  be  parsing  it  - the  downstream  parser  will 

* notice  it  and  do  any  necessary  complaining.  It  DOES,  however,  try 

* to  write  out  such  packets  to  the  downstream  parser  so  it  can  do  the 

* reporting. 

*/ 


static  s i z e_t 
parseSignedLiteralMagic 


(struct  PgpPipeline  *myself, 
byte  const  *buf,  si ze_t  size. 


int  *error) 


since 


struct  Context  * c t x ; 
s i z e_t  len; 
byte  const  * p ; 
si ze_t  sizeO  = size; 


assert  (myself); 

assert  (myse  lf->magi c ==  PARSERMAGIC); 


ctx  = (struct  Context  *)myself->priv; 

assert  (ctx); 

assert  (ctx->tail); 

assert  (error); 

assert  ( ! si ze  ||  !ctx->eof); 


/ * Make  sure  nothing  confusing  can  happen  here!  * / 
assert( ! ctx->needcal  l back); 


/*  Do  NOT  complain  on  truncation.  */ 
ctx->i  nput . si lent_trunc  = 1; 


/ * No 

error 

until  told 

otherwise  * / 

★error 

= 0; 

switch 

(ctx 

->  s t a t e ) { 

case 

0 : 

/ * Get 

packet  header  byte  */ 

i f 

('.size) 
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return  0 ; 

/*  We  know  it's  a Literal  packet,  so  no  worries.  */ 
(void)inputStart(&ctx->input,  *buf); 
b u f + + ; 
si  z e — ; 

/*  FALLTHROUGH  */ 

case  1:  /*  Get  internal  header  */ 

len  = inputMerge(&ctx->input,  but,  size,  2 , error); 
but  +=  len; 
size  -=  len; 
if  (*error) 

break; 

p = inputPeek(&ctx->input,  NULL,  0,  & l e n ) ; 
if  (len  < 2)  { 

if  ( ! inputFinished(Sctx->input.head)) 
break; 

> else  { 

len  = i n pu t Me r g e ( & c t x-> i np u t , buf,  size,  6+pC1], 

error); 

buf  +=  len; 
size  -=  len; 
if  (*error) 

break; 

if  ( i n pu t M e r g ed ( & c t x-> i n pu t ) < ( s i z e_t ) 6 + p C 1 D ) { 
if  ( ! inputFinished(Sctx->input.head)) 
break; 

> 

> 

/*  We've  got  as  much  as  we  need  */ 
ctx->state++; 

myself->write  = DoWriteNext; 

size  -=  DoWriteNext  (myself,  buf,  size,  error); 
break; 
default: 

assert(O); 

> 

return  sizeO-size; 


/* 

* 

* 

* 

* 

★ 

★ 

*/ 

static  s i z e_t 
DoSignedLiteralMagic 


This  function  just  does  a little  bit  of  trivial  initialization, 
including  setting  the  state  to  0,  and  then  falls  through  to 
pa r s e S i g n e d L i t e r a l Ma g i c . The  Do  functions  can  be  called  from  a 
variety  of  states,  due  to  the  way  they  are  set  up  from  callbacks 
that  may  be  called  from  a variety  of  states,  so  they  can't  depend 
the  ctx->state.  Thus,  the  need  for  this  little  wrapper  function. 


on 


(struct  PgpPipeline  *myself,  byte  const  *buf,  si ze_t  size 
int  *error) 


struct  Context  *ctx; 
assert  (myself); 

assert  (myse l f->magi c ==  P A R S E RM AG  I C ) ; 


ctx  = (struct  Context  *)myself->priv; 
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assert  (ctx); 

assert  (ctx->tail); 

assert  (error); 

assert  ( ! si ze  ||  ! ctx->eof ); 

/*  Make  sure  nothing  confusing  can  happen  here!  */ 
assertC ! ctx->needcallback); 

/*  Do  NOT  complain  on  truncation.  */ 
ctx->i  nput . si lent_t rune  = 1; 

/*  Reset  state  for  p a r s e S i g n e d L i t e r a l M a g i c */ 
ctx->state  = 0; 

myse l f->wri te  = parseSignedLiteralMagic; 

return  parseSignedl_iteralMagic(myself,  but,  size,  error); 


/ * 


* Pass  through  the  full  ciphertext  of  the  current  packet,  headers 

* all,  to  the  tail  module 

* / 


static  s i z e_t 
DoPassthrough 

{ 


(struct  PgpPipeline  *myself,  byte  const  *buf, 
int  * e r r o r ) 


size  t 


struct  Context  * c t x ; 
size_t  sizeO  = size; 
byte  const  * p ; 
s i z e_t  len; 

struct  PgpPipeline  * t a i l ; 


and 


size. 


assert  (myself); 

assert  (myse  l f->magi c ==  PARSERMAGIC); 


ctx  = (struct  Context  * ) my s e l f -> p r i v ; 

assert  (ctx); 

tail  = ctx->tail; 

assert  (tail); 

assert  (error); 

assert  ( ! si ze  ||  !ctx->eof); 


★error  = 0; 

/*  empty  out  the  buffered  data  and  then  the  packet  */ 
for  (;;)  i 

p = inputRawPeek(Sctx->input,  buf,  size,  Slen); 
if  (lien) 

break; 

len  = tail->write  (tail,  p,  len,  error); 

len  = i nputRawSeek  (8ctx->i nput,  buf,  size,  len) 

buf  +=  len; 

size  -=  len; 

if  (*error) 

return  sizeO-size; 


} 


/ * If  that's  the  end  of  this  packet,  continue  with  the  next.  * / 
if  ( i n p u t F i n i s h ed  ( S c t x-> i n pu t . h e a d ) ) { 

/*  End  of  input  */ 
myself->write  = nextScope; 

size  -=  nextScope  (myself,  buf,  size,  error); 
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> 

return  sizeO-size; 

} 

/ * 

* Tear  down  the  pipeline  connected  to  our  tail  for  the  processing  of  the 

* current  packet.  This  is  the  pipeline  starting  with  ctx->tail  and 

* ending  at  *ctx->end.  Note  that  myself  may  be  zero  length,  i.e. 

* ctx->end  ==  &ctx->tail! 

*/ 

static  void 

pa r seP i pe l i n eTea r down  (struct  Context  *ctx) 
struct  PgpPipeline  * t e m p ; 
assert  (ctx->end); 

/ * 

* End  the  pipeline  I created,  tear  it  down,  and  re-attach  the 

* original  pipeline 
*/ 

temp  = *(ctx->end); 

*(ctx->end)  - NULL; 

/ * 

* Make  sure  this  isn't  a zero-length  pipeline,  since  ctx->end 

* can  point  to  the  address  of  ctx->tail! 

* / 

if  ( c t x->  t a i l ) 

ctx->tai  l->teardown  (ctx->tai  l ) ; 
ctx->tail  = temp; 
ctx->end  = NULL; 

> 

/* 

* Given  a candidate  encryption  key,  verify  it  against  the  IV  that  we  have 

* stored  in  the  buffer.  If  it  checks,  return  the  Pg p C f b C o n t ex t set  up 

* to  decrypt  the  rest  of  the  packet.  Otherwise,  return  NULL. 

*/ 

static  struct  Pg p C f b C on t e x t * 

CheckKey  (struct  Context  *ctx,  byte  const  *string,  size_t  size,  int  *error) 
( 

byte  bufClVLEN]; 
struct  PgpCfbContext  *cfb; 
struct  PgpCipher  const  ★cipher- 
unsigned  char  const  *p; 
s i z e_t  len; 

if  ( ! s i z e ) f 

★error  = PG P E R R_B A D_KE Y L E N ; /*  Urn,  I guess?  ★/ 

return  (struct  PgpCfbContext  *)0; 

> 

cipher  = pgpCipherByNumber  (stringCOD); 
if  (Icipher)  C 

★ error  = PG P E R R_B A D_C I PH E RNU M ; 
return  (struct  PgpCfbContext  *)0; 

> 

if  (size  !=  c i p h e r-> k ey s i z e + 1 ) C 
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★ error  = PG P E R R_B A D_KE Y L E N ; 
return  (struct  PgpCfbContext  * ) 0 ; 

> 

cfb  = pgpCfbCreate  (cipher); 
if  ( ! c f b ) { 

★error  = PG P E R R_N0M E M ; 

return  (struct  PgpCfbContext  * ) 0 ; 

> 

p = inputPeek(&ctx->input,  NULL,  0,  SLen); 
assert ( Len  >=  IVLEN); 
pgpCfblnit  (cfb,  string+1,  NULL); 
pgpCfbDecrypt  (cfb,  p,  buf,  IVLEN); 

if  (buf [IVLEN-2]  !=  b u f C I V L E N -4 H ||  buf C I V L E N-1 U !=  b u f l I V L E N - 3 ] ) { 
pgpCfbDestroy  (cfb); 

★ error  = PG P E R R_C ANN0T_D E C R Y PT  ; 
return  (struct  PgpCfbContext  *)0; 

> 


pgpCfbSync  (cfb); 
★error  = 0; 
return  cfb; 


/ * 

* Process  one  of  the  incoming  annotations  that's  expected  in  response  to 

* one  of  our  own  annotations.  These  can  happen  either  during  the 

* c t x-> t a i L ->a nno t a t e ( ) call,  or  after  that  call  has  returned  an  error 

* to  the  top  Level,  which  makes  the  call  in  turn.  Either  way,  we  have 

* to  change  state  a pp r op r a i t e L y . 

* 


* Currently,  there  are  4 things  that  can  be  done  with  any  given  packet: 

* - Eat  it  silently.  No  data  will  be  emitted  before  the  end  scope 

* annotation. 

* - Pass  it  through  as  ciphertext. 

* - Decode  it,  and  pass  the  body  through  as  plaintext.  The  body  is  *not* 

* parsed  further. 

* - Decode  it  and  parse  it  recursively. 

* 

* The  latter  two  options  depend  on  the  type  of  packet  we're  inside,  as 

* recorded  in  the  c t x-> e nd_s c o p e variable.  They  do  some  special 

* processing  setting  up  a pipeline  to  do  the  decoding,  then  everyone 

* appends  another  parser  to  the  chain  and  sets  things  up  to  write  the 

* packet  body  to  the  decoding  pipe. 

* / 


static  i n t 
ProcessCa l Iback 

{ 


(struct  PgpPipeline  *myself,  int  type, 
byte  const  *string,  si ze_t  size) 


struct  Context  *ctx  = (struct  Context  *)myself->priv; 
struct  PgpPipeline  *oldhead; 
struct  PgpCfbContext  * c f b ; 
int  error  = 0; 


a s s e r t ( c t x -> n e ed c a l l ba c k ) ; /*  Maybe  a less  nasty  failure?  ★/ 

assert(!ctx->end);  / * This  will  change  in  future,  but  for  now  * / 
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if  (!ctx->end) 

ctx->end  = &ctx->tail; 
oldhead  = *ctx->end; 

*ctx->end  = NULL; 

/*  The  other  option  is  to  make  this  illegal...  */ 
if  ( ctx->end_scope  ==  P G P A N N_N  0 N P A C K E T_E  N D && 

(type  ==  PGPANN_PARSER_PROCESS  ||  type  ==  P G P A N N_P A R S E R_R E C U R S E ) ) 
type  = PG  P A N N_P  A R S E R_P  ASSTHROUGH; 


# i f 


/*  Type  will  ONLY  be  one  of  these!  */ 

switch  (type)  { 

case  P G P A N N_P  A R S E R_E  A T I T : 

myself->write  = DoSkip; 
break; 

case  PGPANN_PARSER_PASSTHROUGH : 

ctx->end  = pgpHeaderCreate  (ctx->end); 
if  (!ctx->end)  { 

error  = PG P E R R_N OM E M ; 
break; 

> 

myself->write  = DoPassthrough; 
break; 

case  PGPANN_PARSER_PROCESS : 
case  PGPANN_PARSER_RECURSE : 

switch  ( c t x-> e n d_s c o pe ) ( 

case  P G P A N N_L I T E R A L_E  N D : 

if  (type  ==  PGPANN_PARSER_RECURSE  && 
ctx->subtype  ==  ' t ' ) { 

byte  const  *charmap; 
charmap  = (byte  const  *) 
pgpenvGetPointer 

(ctx->env,  PG  P E N V_C  HARMAPTOLOCAL, 
N U L L ) ; 

/*  Recurse  means  filter  the  text  */ 
ctx->end  = pg p T e x t F i 1 1 C r e a t e (ctx->end, 

charmap, 

0, 


defined(MSDOS) 


PGP  T E X T F I LT_C  R L F 


#elif  d e f i n e d ( M A C I N T 0 S H ) 
#else  / * UNIX  * / 


P G P_T  E X T F I L T_C  R 
PGP  T E X T F I L T_L  F 


#end  i f 


i f 


> 


); 

(!ctx->end)  { 

error  = PG P E R R_N OM E M ; 
break; 


> 

type  = P G P A N N_P  ARSE  R_P  R 0 C E S S ; 
break; 

case  P G P A N N_C I P H E R_E N D : 

cfb  = CheckKey  (ctx,  string,  size,  terror); 

if  ( ! cf b) 

break; 

ctx_>enc|  = pgpC  i ph  e rModD  e c ry  p t C r ea  t e (ctx->end. 


cfb); 
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case 


case 

case 


case 


if  (ictx->end) 

error  = P G P E R R_N  OMEM; 

break; 

P G P A N N_C  OMPRESSE  D_E  N D : 

ctx->end  = pgpDecompressModCreate  (ctx->end, 

*inputMergedPtr(&ctx->input) ) ; 

if  (!ctx->end) 

error  = PGPERR_NOMEM; 

break; 

PG  P A N N_C  0 M M E N T_E  N D : 

PG  P A N N__U  N KN 0 W N_E  N D : 

type  = PGPANN_PARSER_PROCESS ; 
break; 

P G P A N N_S IGNED_END : 

if  (ctx->nextparser) 

type  = PG  P A N N_P  ARSE  R_P  R 0 C E S S ; 

/*  Set  up  all  requested  hashes  */ 
assertC  ! ctx->hashes); 
if  ( ! s i z e ) 

return  0; 

/*  Get  all  the  Pg pH  a s h C o n t ex t s */ 

error  = pgpHashListCreate  (string,  &ctx->hashes,  size); 
if  (error  < 0) 
break; 

c t x -> n um h a s h e s = error; 

/*  Make  a pipeline  out  of  them  */ 
ctx->end  = p g p H a s h M o d L i s t C r e a t e (ctx->end, 

ctx->hashes,  error); 

if  (!ctx->end)  { 

pgpHashListDestroy  (ctx->hashes,  error); 
ctx->hashes  = 0; 
error  = P G P E R R_N  OMEM; 
break; 

> 


assert(inputFinished(&ctx->input.head)); 

ctx->input.head.pktlen  = - 1 u l ; / * Write  through  rest  * / 
ctx->input.si lent_trunc  = 1; 
error  = 0; 
break; 


case  PGPANN_PGPKE  Y_E  N D : 

type  = PGPANN_PARSER_PROCESS; 
break; 

default: 

error  = PG P E R R_C B_I N V A L I D ; 

> 


/ * 

* Processing  for  all  packet  types...  set  up  parser  if 

* desired,  then  skip  any  header  prifix  in  the  buffer, 

* then  arrange  to  write  out  what  we  have. 

*/ 

/*  If  we  want  to  create  a parser,  do  that  */ 
if  (lerror  &&  type  ==  PG P A N N_P A R S E R_R E C U R S E ) { 
struct  PgpPipeline  **temp  = ctx->end; 
byte  const  *charmap; 

charmap  = (byte  const  *) 

pgpenvGetPoi nter  (ctx->env. 
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> 


P G P E N V_C  HARMAPTOLOCAL, 
N U L L ) ; 


ctx->end  - pgpParseBinCreate  (ctx->end,  ctx->env); 
if  (!ctx->end) 


> 

i f 


> 

/ * 
i f 


error  = PG P E R R_NOM E M ; 
ctx->nextparser  = * t e m p ; 


( lerror  &&  type  ==  PG P AN N_P A R S E R_P R 0 C E S S ) { 
/*  Add  a header  if  appropriate  */ 
switch  ( c t x -> e nd_s c o p e ) { 
case  P G P A N N_C IPHER_END: 
case  P G P A N N_C  OMPRESSE  D_E  N D : 
case  PGPANN  SIGNED  END: 


> 


ctx->end  = pgpHeaderCreate  (ctx->end); 
if  (!ctx->end) 

error  = PG P E R R_N0M E M ; 


Success!  Flush  data  and  write  through  the  rest  */ 

(lerror)  { 

if  ( ctx->end_scope  ==  PG P ANN_S I G N E D_E N D ) { 
if  (ctx->state  >=  10) 

myself->write  = DoSignedLiteralMagic; 
else  if  ( c t x-> s i g 1 pa s s ) 

myse l f->wri te  = DoWriteSignedPackets; 

else  { 

inputPurge(Sctx->input); 
my s e l f -> w r i t e = DoWrite; 

> 

> else  { 

if  ( ctx->end_scope  ==  P G P A N N_P  GPKEY_END) 
myse l f->wri te  = parseKey; 

else  ( 

inputPurge(8ctx->input); 
myself->write  = DoWrite; 

> 

> 


break; 

} 

break; 

default: 


> 


error 


P G P E R R_C  B_I N VALID; 


if  (error)  { 

/*  Get  rid  of  partial  pipelines  (if  any)  */ 
if  (!  *( ctx->end) ) 

ctx->end  = Soldhead; 
parsePi pe  l i neTeardown  (ctx); 

> else  { 

/*  Splice  the  new  into  the  old  */ 
*(ctx->end)  = oldhead; 
ctx->needca  l Iback--; 

> 

return  error; 
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int  *error) 

struct 

Context  * c t x ; 

s i z e_t 

len; 

s i z e_t 

sizeO  = size; 

byte  const  *p; 

assert 

(myself); 

assert 

( myse l f->mag i c 

assert 

(error); 

c t x = 

(struct  Context 

assert 

( c t x ) ; 

assert 

(ctx->tai  l); 

assert 

(Isize  ||  !ctx 

★error 

= 0; 

switch 

(ctx->state)  { 

case  0 

; 

:=  PARSERMAGIC); 


/ * Parse  header;  needed  before  callbacks  are  allowed  ★ / 
len  = inputMerge(Sctx->input,  buf,  size,  2 , error); 
buf  +=  len; 
size  -=  len; 
if  (*error  ||  ! size) 

break; 

/*  Size  is  non-zero  but  we  haven't  got  desired?  EOP  */ 
if  (inputMerged(&ctx->input)  < 2)  { 

assert(inputFinished(Sctx->input.head)); 

*error  = ctx->tail->annotate(ctx->tail,  myself, 

PG  P A N N_P  A C KE  T_S  H 0 R T , 

0,  0); 

if  (*error) 

break; 

myse  l f->wri te  = nextScope  ; 

size  - = nextScope  (myself,  buf,  size,  error); 
break; 

> 

p = inputMergedPtr(Sctx->input); 

/★  Get  the  name  and  timestamp  fields  */ 

len  = inputMerge(Sctx->input,  buf,  size,  6 + p C 1 ] , error); 
buf  +=  len; 
size  - = len; 
if  (*error  ||  Isize) 
break; 

/*  Size  is  non-zero  but  we  haven't  got  desired?  EOP  */ 
if  ( i npu t Me rged ( Sc t x-> i npu t ) < (unsigned) 6 + pC 1 D ) { 

assert(inputFinished(&ctx->input.head)); 

★ error  = c t x -> t a i l -> a n n o t a t e ( c t x -> t a i l , myself, 

PGPANN_PACKET_SHORT, 

0,  0); 

if  (*error) 

break; 

myse lf->wri te  = nextScope; 

size  -=  nextScope  (myself,  buf,  size,  error); 
break; 

> 
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ctx->subtype  = p [ 0 D ; 

ctx->needcal Lback  = 1 ; 

c t x->  e nd_s  cope  = PG P A NN_L I T E R A L_E N D ; 

★error  = c t x-> t a i L -> a nn o t a t e (ctx->tail,  myself. 


if  (*error) 

break; 


P G P A N N_L I T E R A L_B  E G I N , 


0, 


0) 


case  1 : 


/*  FALLTHROUGH  ★ / 


p = i n pu t Me r g e d P t r ( S c t x -> i n pu t ) ; 

★ error  = c t x-> t a i l -> a n n o t a t e (ctx->tail,  myself. 


if  (*error) 

break; 


PGPANN_LITERAL_TYPE, 


P, 


1 ); 


/★  FALLTHROUGH  */ 

case  2 : 

p = inputMergedPtr(&ctx->input); 

★error  = c t x -> t a i l -> a nno t a t e (ctx->tail,  myself, 

PG  P A N N_L I T E R A L_N  A M E , 
p + 2,  ( s i z e_t ) pC 1 D ) ; 

if  (*error) 

break; 

ctx->state++; 

/★  FALLTHROUGH  */ 

case  3 : 

/*  Parse  4-byte  timestamp  ★/ 

p = i nputMe rgedPt r ( &c tx-> i nput ) ; 

★ error  = c t x -> t a i l -> a n n o t a t e (ctx->tail,  myself, 

PG  P A N N_L I T E R A L_T IMESTAMP, 
p+2+pC1D,  4); 

if  (*error) 

break; 


case  4 : 


case  5 : 


/*  FALLTHROUGH  */ 


if  ( c t x-> n e ed c a l l ba c k ) { 

★ error  = c t x-> t a i l -> a n no t a t e 

if  (*error) 

break; 

> 

ctx->state++; 

/*  FALLTHROUGH  */ 


(ctx->tail,  myself, 

P G P A N N_C  0 M M I T , 0,  0); 


if  ( c t x -> n e ed c a l l ba c k ) T 

★ error  = P r o c e s s C a l l ba c k 


if  (*error) 

break; 

> 

ctx->state++; 


(myself, 

PGPANN_PARSER_PROCESS, 

0,  0); 
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size  -=  myself->write(myself,  buf,  size,  error); 
break; 


default  : 


assert  ( 0 ) ; 


/*  I should  never  get  here  */ 


return  sizeO-size; 


static  s i z e_t 

parseCipher  (struct  PgpPipeline  *myself,  byte  const  *buf,  si ze_t  size, 
int  * e r r o r ) 


struct 

Context 

* c t x ; 

s i z e_t 

written 

= 0; 

assert 

(myself); 

assert 

(myself 

- > m a g i c 

assert 

(error) 

/ 

c t x = 

(struct 

Context 

assert 

(ctx); 

assert 

(ctx->tai  l); 

assert 

( ! s i z e 

||  ! ctx 

★error 

= 0; 

switch 

(ctx->state)  C 

case  0 

/*  Parse  header;  needed  before  callbacks  are  allowed  */ 
written  = inputMerge(Sctx->input,  buf,  size,  IVLEN,  error); 
buf  +=  written; 
size  -=  written; 
if  (*error  ||  ! si ze) 

break; 

/*  Size  is  non-zero  but  we  haven't  got  desired?  EOP  */ 
if  ( i npu t Me rged ( Sc t x-> i npu t ) < IVLEN)  { 

assert(inputFinished(Sctx->input.head)); 

*error  = c t x - > t a i l -> a n n o t a t e ( c t x - > t a i l , myself, 

PG  P A N N_P  A C KE  T_S  H 0 R T , 

0,  0); 

if  (*error) 

break; 

myself->write  = nextScope; 

size  - = nextScope  (myself,  buf,  size,  error) ; 
break; 

> 


ctx 

->needcallback  = 

/* 

* 

If  we 

're  already 

* 

sent 

some  ESKs  to 

* 

one. 

*/ 

i f 

(ctx- 

> e nd_s  cope) 

we've  already 


ctx->state  = 2 ; 
goto  got_esk; 
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> 


/*  No  ESKs  seen  yet  - open  the  scope  */ 
c tx->end_s cope  = PG P A N N_C I PH E R_E N D ; 

★error  = c t x -> t a i L -> a n n o t a t e (ctx->tail,  myself, 

PGPANN  CIPHER  BEGIN 


if  (*error) 

break; 


0, 


0) 


case  1 : 


/*  FALLTHROUGH  */ 


/*  No  ESKs  seen  yet  - dummy  one  up  ★ / 

★ error  = c t x -> t a i l -> a n n o t a t e (ctx->tail,  myself. 


if  (*error) 

break; 


P G P A N N_S  K C I P H E R_E  S K , 


0, 


0) 


case  2 : 
g o t_e  s k 


case  3 : 


/*  FALLTHROUGH  */ 


/★  Okay,  do  a commit  */ 
if  ( c t x -> n e e d c a l l ba c k ) { 

★error  = c t x-> t a i l -> a n no t a t e 

if  (*error) 

break; 

> 

ctx->state++; 

/*  FALLTHROUGH  */ 


(ctx->tail,  myself, 

P G P A N N_C  0 MM  I T , 0,  0); 


i f 


> 


( c t x -> n e ed c a l l ba c k ) { 

★ error  = P r o c e s s C a l l ba c k (myself, 

PGPANN_PARSER_PASSTH ROUGH, 

0,  0); 

if  (*error) 

break; 


ctx->state++; 

written  +=  my s e l f -> w r i t e ( my s e l f , 
break; 

default: 


> 


assert  ( 0 ) ; 


buf  , 


size,  error); 


return  written; 


static  s i z e_t 
parseCompressed 

C 


(struct  PgpPipeline 
int  *error) 


struct  Context  * c t x ; 
s i z e_t  written  = 0; 


★myself. 


byte 


const  *buf. 


s i z e_t  size. 


assert  (myself); 

assert  (myself->magic  ==  PARSERMAGIC); 
assert  (error); 


ctx  = (struct  Context  *)myself->priv; 
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assert 

assert 

assert 

★error 

switch 
case  0 : 


case  1 : 


case  2 : 


default 


( c t x ) ; 

(ctx->tai  l ) ; 

( I size  ||  !ctx->eof); 

= 0; 

(ctx->state)  { 

/*  Make  sure  we  have  the  compression  type  */ 
written  = inputMerge(8ctx->input/  buf,  size,  1,  error); 
but  +=  written ; 
size  -=  written; 
if  (*error  ||  !size) 
break; 

/*  Size  is  non-zero  but  we  haven't  got  desired?  EOP  */ 
if  ( i n pu t M e r g e d ( & c t x-> i n pu t ) < 1)  { 

assert(inputFinished(Sctx->input.head)); 

★ error  = c t x -> t a i l -> a n n o t a t e ( c t x-> t a i l , myself, 

PG  P A N N_P A C K E T_S  H 0 R T , 

0,  0); 

if  (*error) 

break; 

myself->write  = nextScope; 

size  -=  nextScope  (myself,  buf,  size,  error); 
break; 

} 


ctx->needca  l Iback  = 1; 

c t x-> e n d_s  cope  = PG P AN N_C 0M P R E S S E D_E  N D ; 

★ error  = c t x-> t a i l -> a n n o t a t e (ctx->tail,  myself, 

P G P A N N_C  OMPRESSE  D_B  E G I N , 
inputMergedPtr(&ctx->input),  1 ); 

if  (*error) 

break; 


/*  FALLTHROUGH  ★/ 


if  (ctx->needcallback)  { 

★ error  = c t x - > t a i l - > a n n o t a t e 

if  (*error) 

break; 

> 

/*  FALLTHROUGH  */ 


(ctx->tail,  myself, 

P G P A N N_C  0 M M I T , 0,  0); 


if  ( c t x -> n e e d c a l l ba c k ) { 

★error  = P r o c e s s C a l l ba c k 


if  (*error) 

break; 

} 

ctx->state++; 

written  +=  my s e l f -> w r i t e ( my s e l f , 
break; 


(myself, 

PGPANN_PARSER_RE CURSE , 

0,  0); 


buf,  size,  error); 


assert  (0); 
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> 


> 


return  written; 


/ * 


* Parse  a general  headerless  packet.  Unknown 

* and,  in  fact,  things  that  aren't  packets  at 

* / 


static  s i z e_t 
parseUnknown  (struct 
int  *error) 


PgpPipeline  *myself,  byte 


struct  Context  * c t x ; 
size_t  written  = 0; 
byte  b ; 

int  beg  intype; 


packets,  comment 
all! 


const  * bu  f , size 


packets 


t size. 


assert  (myself); 

assert  (myself->magic  = = PARSERMAGIC); 
assert  (error); 


ctx  = (struct  Context  *)myself->priv; 

assert  (ctx); 

assert  (ctx->tail); 

assert  ( ! si ze  ||  !ctx->eof); 

*error  = 0; 


switch  (ctx->state)  C 
case  0 : 

/* 

* As  a convenience,  we  merge  a leading  prefix  of  the  packet 

* for  identification  purposes. 

* / 

written  = inputMerge(&ctx->input,  buf,  size,  256,  error); 
buf  +=  written; 
size  - = written; 
if  (*error) 

return  written; 

if  ( i n pu t Me r g ed ( S c t x-> i n pu t ) < 256  && 
!inputFinished(Sctx->input.head)) 

{ 

assert(  ! si ze); 
return  written; 

> 

/ * 

* We  use  this  one  function  to  provide  different 

* annotations  for  non-packets,  comment  packets,  and 

* unknown  packets.  Figure  out  the  right  one  to  use. 

* / 

b = ctx->input.bufferCO]; 

if  ( ! I S_0 LD_PKTBYTE(b)  &&  ! I S_N E W_P KTB Y T E ( b ) ) { 

begintype  = P G P A N N_N  0 N P A C K E T_B  E G I N ; 
c t x -> e nd_s c ope  = PG P ANN_N0N P A C KE T_E N D ; 

> else  if  ( PKTBYTE_TYPE  (b)  ==  P KTB YT E_C 0 MM E N T ) { 
begintype  = P G P A N N_C  0 M M E N T_B  EGIN; 
c t x ->  e nd_s  cope  = PG  P A N N_C  0 MM  E NT_E  N D ; 
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> else  { 

begintype  = P G P A N N_U  N KN  0 W N_B  EGIN; 
c t x ->  e nd_s  cope  = P G P A N N_U  N KN  0 W N_E  N D ; 

> 


ctx->needcal Lback  = 1; 

★error  = ctx->tail->annotate  (ctx->tail,  myself,  begintype, 

inputMergedPtr(Sctx->input), 
inputMerged(&ctx->input) ); 

if  ( *e  r ro  r ) 

break; 


case  1 : 


case  2 : 


default 

> 


/*  FALLTHROUGH  */ 


if  ( c t x-> n e ed c a l l ba c k ) { 

★ error  = c t x -> t a i l -> a n n o t a t e 

if  (*error) 

break; 

> 

ctx->state++; 

/*  FALLTHROUGH  */ 


(ctx->tail,  myself, 

P G P A N N_C  0 MM  I T , 0,  0); 


i f 


> 


(ctx->needcal lback)  { 

★ error  = P r o c e s s C a l l ba c k (myself,  PG P A N N_P A R S E R_E AT  I T , 

0,  0); 

if  (*error) 

break; 


ctx->state++; 

return  written  + myself->write(myself,  buf,  size,  error); 
/*  NOTREACHED  */ 


assert  (0); 


> 


return  written; 


/ * 

* This  is  called  for  most  all  key-type  packets.  Keys  are  just  output 

* within  a key  annotation  scope.  There  is  no  callback,  since  no 

* processing  is  done. 

* / 

static  s i z e_t 

parseKey  (struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  int  *error) 
C 

struct  Context  * c t x ; 
struct  PgpPipeline  * t a i l ; 
si ze_t  sizeO  = size; 
byte  const  *p; 
s i z e_t  len; 


assert  (myself); 

assert  (myself->magic  ==  PARSERMAGIC); 
assert  (error); 


ctx  = (struct  Context  *)myself->priv; 
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assert  (ctx); 

tail  = ctx->tail; 
assert  (tail); 

assert  ( ! size  ||  !ctx->eof); 

★error  = 0 ,- 

if  ( ctx->end_scope  &&  c t x->end_s cope  !=  P G P A N N_P GPKEY_END)  { 
/★  Umm.  . Key  block  within  another  scope???  Why???  ★ / 
★error  = PG P E R R_W R0 NG_S C 0 P E ; 
return  0; 

> 


/* 
i f 


If  we  haven't  output  the  begin  annotation,  do  so  now.  ★/ 

( ! c t x -> e nd_s c o pe ) f 

★ error  = t a i l -> a nno t a t e (tail,  myself,  PG P ANN_PG PKE Y_B E G I N , 

NULL,  0); 

if  (*error) 

return  0; 


c t x - > e nd_s  cope  = P G P A N N_P  G P KE  Y_E  N D ; 

/*  Set  the  flag  to  add  a header  module  */ 
ctx->needca  l l b a c k + + ; 


/*  Make  sure  we  only  send  the  annotations  once!  */ 
switch  (ctx->state)  { 
case  0 : 

/ * 

* Ask  the  user  what  to  do  with  these  keys...  Really, 

* the  only  real  answers  are  "Eatlt"  or  "Process".. 

* "Recurse"  gets  mapped  to  "Process",  and 

* " P a s s T h r oug h " has  the  same  effect.  But  let  the 

* user  decide,  anyways.  They  may  wish  to  eatit. 

*/ 


i f 


> 


( c t x-> n e ed c a l l ba c k ) { 

★ error  = t a i l -> a n no t a t e (tail,  myself,  PG P A NN_C OMM I T , 

0,  0); 

if  (*error) 

return  0; 


case  1 : 


> 


ctx->state++; 

/*  FALLTHROUGH  */ 


i f 


> 


( c t x-> n e e d c a l l ba c k ) { 

★error  = ProcessCallback  (myself, 

PGPANN_PARSER_PR0CESS, 
NULL,  0); 

if  (*error) 

return  0; 


/*  output  this  packet  */ 

/*  empty  out  the  buffered  data  and  then  the  packet  */ 
for  ( ; ; ) f 

p = inputRawPeek(Sctx->input,  buf,  size,  Slen); 
if  ( ! I e n ) 


1075 


lib/ pgp/ pipe/ parser/ parsebin.c 


break; 

Len  = tail->write  (tail,  p , len,  error); 

len  = inputRawSeek  (&ctx->input,  buf,  size,  Len); 

buf  + = len; 

size  -=  len; 

if  (*error) 

return  sizeO-size; 

> 

/ * 

* If  we've  hit  the  end  of  the  packet,  check  if  we  have 

* another  one.  If  so,  check  if  it  is  a key  certificate 

* packet.  If  so,  go  parse  the  new  packet.  Otherwise,  end 

* this  scope. 

*/ 

if  ( i nput Fi ni shed  ( & c t x-> i n pu t . h e a d ) &&  (size  ||  ctx->eof  )) 

/ * End  of  input  * / 
i f ( s i z e ) 

switch  ( PKTB YTE_T Y PE  (*buf))  { 

case  PKTBYTE_SECKEY : 

case  PKTBYTE_PUBKEY : 

case  PKTBYTE_SECSUBKEY : 

case  PKTBYTE_PUBSUBKEY : 

case  P KT  B Y T E__T  RUST: 

case  P KT  B Y T E_N  A M E : 

case  P KT  B Y T E_S I G : 

ctx->findpkt  = 1; 

my s e l f -> w r i t e = parsePacket; 

size  -=  parsePacket  (myself,  buf,  si 

break; 

default: 


myself->wri te  = nextScope; 

size  -=  nextScope  (myself,  buf,  size 

break; 

> 

else  { 

myself->write  = nextScope; 

size  -=  nextScope  (myself,  buf,  size,  error) 

> 

> 


} 


return  sizeO-size; 


/*  Shared  entry  point  for  1-pass  and  old-style  sig  header  parsing 
static  s i z e_t 

parseSignature  (struct  PgpPipeline  * m y s e l f , byte  const  * b u f , size 

int  *error) 


{ 


struct 

Context  *ctx; 

s i z e_t 

written  = 0; 

assert 

(myself); 

assert 

( myse  l f->mag i c 

assert 

(error); 

c t x = 

(struct  Context 

assert 

( c t x ) ; 

assert 

(ctx->tai  l); 

assert 

(Isize  ||  !ctx 

= = PARSERMAGIC); 
*)myself->priv; 


> e o f ) ; 


*/ 

t 


ze,  error); 


, error); 


size. 
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switch  (ctx->state)  { 
case  0 : 

/★  Suck  in  the  whole  packet  */ 

written  = inputMerge(&ctx->input,  but,  size,  -1u,  error); 
but  +=  written; 
size  - = written; 


/*  Handle  a packet  larger  than  the  buffer  somehow  */ 
if  ( i nputOverf u l l (&ctx->i nput ) ) { 

♦error  = c t x -> t a i l -> a nn o t a t e (ctx->tail,  myself, 

PGPANN_SIGNATURE_TO  0_B I G , 
inputMergedPtr(&ctx->input), 
inputMerged(Sctx->input) ) ; 

if  (*error) 

return  written; 

/*  Skip  the  body  of  the  packet  */ 
myse  l f->wri te  = DoSkip; 

return  written  + DoSkiplmyself,  buf,  size,  error); 

> 


/*  Have  we  sucked  in  the  whole  packet?  */ 
if  ( ! inputFinished(&ctx->input.head)) 
return  written; 

/*  We  also  want  one  byte  of  look-ahead  ★ / 
if  ( ! si ze  &&  !ctx->eof) 
return  written; 


/*  Check  if  this  is  a key  signature  */ 
i n t type; 


> 


type  = pg p S i g S i g Ty pe  ( i nputMe rgedPt r ( & c t x-> i n pu t ) , 

inputMerged(Sctx->input)  ); 

if  (type  < 0)  C 

★error  = type; 
return  written; 

> 


i f 


> 


(type  & OxFO)  f 

/★  This  is  a key  signature  */ 
myself->write  = parseKey; 

return  written  + parseKey  (myself,  buf,  size, 

error); 


/ * 

* We  can  get  here  if  there  is  a normal  signed  message 

* just  after  a key  packet.  In  this  case  we  need  to 

* end  the  PGPKEY  scope  and  then  start  a new  one. 

* / 

if  ( ctx->end_scope  ==  P G P A N N_PG  P K E Y_E  N D ) { 

/*  we  need  to  end  the  PGPKEY  scope.  Yikes!  */ 

★ error  = c t x-> t a i l -> a n no t a t e (ctx->tail,  myself, 

c tx->end_s cope,  NULL,  0); 
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if  (*error) 

return  0 ; 

c t x -> e nd_s c op e = 0; 

> 

if  (ctx->eof  || 

( ! IS_OLD_PKTBYTE(*buf)  &&  ! I S_N E W_P KTB Y T E ( * b u f ) ) ) 

{ 

/*  Do  separate  signature  thing  */ 
ctx->state  = 2 0; 
goto  sepsig; 

> 

if  ( PKTBYTE_TYPE (*buf ) ==  P KT B Y T E_L I T E R A L ) { 

/*  Do  signature  on  Literal  */ 
ctx->state  = 10; 
goto  sigliteral; 

> 


case 


case 


case 


1 : 


2 : 


3 : 


ctx->state++; 

/*  FALLTHROUGH  */ 


/*  It's  a signed  PGP  file  (not  a Literal)  */ 
ctx->needcal  Lback  = 1; 

/*  Send  only  one  BEGIN  annotation  ★ / 
if  ( ctx->end_scope  !=  PG P AN N_S I G N E D_E N D ) { 
c tx->end_s cope  = PG P AN N_S I G N E D_E N D ; 

★error  = c t x -> t a i L -> a n n o t a t e (ctx->tail,  myself, 

PG  P A N N_S I G N E D_B EGIN,0,0) 


if  (*error) 

break; 


> 


/*  FALLTHROUGH  */ 


/*  Dump  the  signature  as  an  annotation  ★ / 

★ error  = c t x-> t a i l -> a n n o t a t e (ctx->tail,  myself, 

P G P A N N_S I G N E D_S I G , 

inputMergedPtr(Sctx->input), 

inputMerged(Sctx->input)); 

if  (*error) 

break; 

ctx->state++; 

/*  FALLTHROUGH  */ 

if  ( c t x -> s i g 1 pa s s ) { 

if  ( !pgpSigNestFlag(inputMergedPtr(&ctx->input), 

i n pu t M e r g e d ( S c t x-> i n pu t ) ) ) { 

/★  No  nest  flag  means  another  sighdr  follows  */ 

myself->write  = nextScope; 

break;  /★  Call  nextScope  next  time  */ 

} else  if  ( I S N E W_P  KT  B YTE(*buf)  && 

PKTBYTE_TYPE(*buf )==PKTBYTE_SIG)  { 

/ * 

* A 1-pass  header  immediately  followed  by 

* a 1-pass  footer  can  only  mean  one  thing: 

* a separate  signature.  With  these,  the 

* reader  will  try  to  check  sigs  as  soon  as 


1078 


lib/ pgp/ pipe/ parser/ parsebin.c 


★ we  ask  it  to  commit.  So  we  can't  do  that 

★ until  we  have  read  our  footer  signatures. 

*/ 

ctx->sepsig  = 1; 

★ error  = c t x-> t a i l -> a n n o t a t e (ctx->tail, 

myself, 

PG  P A N N_S IGNED_SEP,  0,  0); 

/*  Process  end  of  message  sigs  */ 

myself->write  = nextScope; 

break;  / * Call  nextScope  next  time  ★ / 

> 

> 


case  4 : 


if  (ctx->needcal Iback)  C 

★error  = c t x -> t a i l -> a n n o t a t e 

if  (*error) 

break; 

> 

ctx->state++; 

/*  FALLTHROUGH  */ 


(ctx->tail,  myself, 

P G P A N N_C  0 M M I T , 0,  0 ) ; 


if  ( ctx->needca l Iback)  { 

★error  = P r o c e s s C a l l ba c k 


if  (*error) 

break; 

> 

ctx->state  = 0; 

written  +=  my s e l f -> w r i t e ( my s e l f , 
break; 


(myself, 

P G P A N N_P  A RSER_RECURSE, 
0,  0); 


buf,  size,  error); 


/*  Signature  on  literal  case  */ 
case  10: 
s i g l i t e r a l : 


ctx->needcal  Iback  = 1 ; 

/★  Send  only  one  BEGIN  annotation  */ 
if  ( c t x-> e nd_s c op e !=  PG P A N N_S I G N E D_E N D ) { 
c t x->  e nd_s  cope  = PG P AN N_S I G N E D_E N D ; 

★error  = c t x-> t a i l -> a n no t a t e (ctx->tail,  myself, 

P G P A N N_S I G N E D_B  EGIN,0,0) 


if  (*error) 

break; 


> 


ctx->state++; 

/★  FALLTHROUGH  */ 

case  11: 

/★  Dump  the  signature  as  an  annotation  */ 

★error  = c t x-> t a i l -> a n no t a t e (ctx->tail,  myself, 

PGPANN_SIGNE  D_S I G , 

inputMergedPtr(&ctx->input), 

inputMerged(&ctx->input)); 

if  (*error) 

break; 

ctx->state++; 

/*  FALLTHROUGH  */ 
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case 


case 


1 2 : 


i f 


> 


( c t x -> n e e d c a L L ba c k ) { 

★ error  = c t x -> t a i l -> a n n o t a t e (ctx->tail,  myself, 

PGPANN_COMMIT,  0,  0); 

if  (*error) 

break; 


/*  FALLTHROUGH  */ 

1 3 : 

if  (ctx->needca l Iback)  { 

★error  = P r o c e s s C a l l ba c k 


if  (*error) 

break; 

> 

ctx->state  = 0; 

written  +=  my s e l f -> w r i t e ( my s e l f , 
break; 


(myself, 

PGPANN_PARSER_RE CURSE, 

0,  0); 


buf,  size,  error); 


s e p s i g : 


/★  Separate  signature  case  */ 
case  20: 


ctx->needca l Iback  = 1; 

/*  Send  only  one  BEGIN  annotation  */ 
if  ( ctx->end_scope  !=  PG P A N N_S I G N E D_E N D ) { 
c t x-> e nd_s  cope  = PG P ANN_S I G N E D_E N D ; 

★ error  = c t x-> t a i l -> a n no t a t e (ctx->tail,  myself, 

P G P A N N_S I G N E D_B  EGIN,0,0); 

if  (*error) 

break; 


> 

ctx-: 

/*  FALLTHROUGH 


*/ 


case  21 


/ * 

* Say  that  this  will  be  a separate  signature. 

* Note  that  we  don't  set  the  sepsig  flag  here,  as  we  don't 

* need  to  know.  That  flag  is  just  for  1-pass  signatures. 
*/ 

★ error  = c t x -> t a i l -> a n n o t a t e (ctx->tail,  myself, 

PG  P A N N_S IGNED_SEP,  0,  0); 

if  (*error) 

break; 

/*  FALLTHROUGH 


*/ 


case  22 


★error 


i f 


ctx->tai l->annotate 


(★error) 

break; 

ctx->state++; 
/*  FALLTHROUGH 


(ctx->tail,  myself, 

P G P A N N_S I G N E D_S I G , 
inputMergedPtr(Sctx->input), 
inputMerged(Sctx->input) ); 


*/ 


case  23 


if  ( c t x -> n e ed c a l l ba c k ) { 

★error  = c t x -> t a i l -> a n n o t a t e 


(ctx->tail,  myself. 
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if  (*error) 

break; 

> 

ctx->state++; 

/*  FALLTHROUGH  */ 

case  24: 

if  ( c t x -> n e ed c a L l ba c k ) { 

★error  = P r o c e s s C a L L ba c k 

if  (*error) 

break; 

> 

ctx->state  = 0 ; 

written  +=  my s e l f - > w r i t e ( my s e l f , 
break; 


P G P A N N_C  0 M M I T , 0,  0); 


(myself,  PG P A N N_P A R S E R_E AT  I T , 

0,  0); 


buf,  size,  error); 


default: 


assert  (0); 


return  written; 


/ * 

* Parse  2nd  signature  packet  after  the  signed  packet  after  a 

* 1-pass  signature  packet.  These  are  the  "sig  footer"  packets 

★ which  are  full-sized  signature  packets,  paired  with  the  1-pass 

★ sig  header  packets. 

*/ 


static 

parses 


s i z e_t 

gnaturel Pass2  (struct  PgpPipeline  *myself,  byte  const  *buf, 
si ze_t  size,  int  *error) 


struct 

Context  ★ c t x ; 

s i z e_t 

written  = 0; 

assert 

(myself); 

assert 

( my s e l f -> ma g i c ==  PARSERMAGIC) 

assert 

(error); 

c t x = 

(struct  Context  *)myself->priv; 

assert 

( c t x ) ; 

assert 

(ctx->tai  l); 

assert 

( ! size  ||  !ctx->eof); 

switch 

( c t x->  s t a t e ) f 

case  0 

: 

/★  Suck  in  the  whole  signature  packet  */ 


written  = inputMerge(Sctx->input,  buf,  size,  - 1 u , error); 
buf  +=  written; 
size  - = written; 


/*  Handle  a packet  larger  than  the  buffer  somehow  ★ / 
if  ( i npu t Ove r f u l l ( &c t x-> i npu t ) ) { 

★ error  = c t x-> t a i l -> a nno t a t e (ctx->tail,  myself, 

PGPANN_S IGNAT URE_T00_BIG, 
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inputMergedPtr(&ctx->input), 
inputMerged(Sctx->input)  ) ; 

if  (*error) 

return  written; 

/*  Skip  the  body  of  the  packet  */ 
myself->write  = DoSkip; 

return  written  + DoSkipCmyself,  buf,  size,  error); 

> 

/*  Have  we  sucked  in  the  whole  packet?  */ 
if  ( !inputFinished(Sctx->input.head)) 
return  written; 

/*  FALLTHROUGH  */ 

case  1 : 

/*  Dump  the  signature  data  as  an  annotation  */ 
ctx->needcal  Iback  = 1 ; 

★ error  = c t x -> t a i l -> a n n o t a t e (ctx->tail,  myself, 

PGPANN_S IGNED_S I G 2 , 
inputMergedPtr(&ctx->input), 
inputMerged(&ctx->input) ) ; 

if  (*error) 

break; 


/*  Decrement  count  of  sig  footers  needing  to  be  seen  */ 

— ctx->sig1pass; 

if  ( ! c t x-> s e p s i g ||  c t x-> s i g 1 pa s s !=  0)  { 

/* 

★ In  normal  case,  we  are  done  now. 

* nextScope  will  end  sig  scope  if  siglpass  is  0. 
*/ 

myse lf->wri te  = nextScope; 

written  +=  nextScopelmyself,  buf,  size,  error); 
break; 

> 


case  2 : 


case  3 : 


/*  Here  on  last  si 

ctx->needcal Iback 
/*  FALLTHROUGH  */ 


9 


footer  of  separate  signature  */ 

i; 


if  ( c t x-> n e ed c a l l ba c k ) { 

★error  = c t x -> t a i l -> a n n o t a t e 

if  (*error) 

break; 

> 

/★  FALLTHROUGH  */ 


(ctx->tail,  myself, 

P G P A N N_C  0 MM  I T , 0,  0); 


if  ( c tx->needca l Iback)  { 

★ error  = ProcessCal  Iback 

if  (*error) 

break; 

> 

ctx->state 
written  += 


(myself,  PG P A N N_P A R S E R_E AT  I T , 

0,  0); 


= 0; 

myself->write(myself,  buf,  size,  error); 
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break; 

> 

return  written; 

> 

static  si z e_t 

parseESK  (struct  PgpPipeline  *myself,  byte  const  *buf,  si ze_t  size,  int  *error) 
{ 

struct  Context  * c t x ; 
si ze_t  written  = 0; 
byte  b ; 


assert  (myself); 

assert  (myself->magic  = = PARSERMAGIC); 
assert  (error); 

ctx  = (struct  Context  *)myself->priv; 

assert  (ctx); 

assert  (ctx->tail); 

assert  ( ! si ze  ||  !ctx->eof); 

b = PKTBYTE_TYPE  (ctx->input.bufferC03); 
★error  = 0; 


switch  (ctx->state)  { 
case  0 : 

/*  It's  a public-key-encrypted  PGP  file  */ 
if  ( ! c t x -> e nd_s c o pe ) ( 

ctx->end  scope  = PGPANN  CIPHER  END; 


★error  = ctx->tai 


if  (*error) 

break; 

> 

ctx->state++; 

/*  FALLTHROUGH  */ 

case  1 : 

written  = i n pu t Me r g e ( S c t x 
buf  + = written; 
size  -=  written; 


->annotate  (ctx->tail,  myself, 

P G P A N N_C I P H E R_B  E G I N , 
0,  0); 


>input,  buf,  size,  -1u,  error); 


/*  Handle  a packet  larger  than  the  buffer  somehow  */ 
if  ( i n pu t 0 v e r f u l l ( S c t x-> i n pu t ) ) { 

★ error  = c t x-> t a i l -> a n no t a t e (ctx->tail,  myself, 

PGPANN_ES  K_T  0 0_B I G , 
inputMergedPtr(Sctx->input), 
inputMerged(Sctx->input)); 

if  (*error) 

return  written; 

/★  Skip  the  body  of  the  packet  ★/ 
myself->write  = DoSkip; 

return  written  + DoSkip(myself,  buf,  size,  error); 

> 


/*  Have  we  sucked  in  the  whole  packet?  */ 
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if  ( ! inputFinished(&ctx->input.head)) 
return  written; 


ctx->state++; 

/*  FALLTHROUGH  */ 

case  2 : 

/*  Dump  the  ESK  as  an  annotation  */ 

★error  = c t x-> t a i L -> a n n o t a t e (ctx->tail,  myself, 

(b  ==  P KT  B Y T E_E  S K ? 

P G P A N N_P  K C I P H E R_E  S K : 

(b  = = PKTBYTE_CONVESK  ? 

PGPANN_SKCIPHE  R_E  S K : 

-1  ) ) , /*  XXX  */ 
inputMergedPtr(Sctx->input), 
inputMerged(&ctx->input)); 

if  (*error) 

break; 


ctx->state++;  / * This  really  isn't  needed 
myself->write  = nextESK; 

return  written  + n e x t E S K ( my s e l f , buf,  size, 
/*  NOTREACHED  */ 

default: 


> 


assert  (0); 


*/ 

error); 


} 


return  written; 


/★ 

★ This  just  sends  appropriate  messages  about  the  lack  of 

* / 


static  s i z e_t 
parseCipherNoText 

{ 


(struct  PgpPipeline  *myself,  byte  const 
int  *error) 


struct  Context  * c t x ; 


text  downstream. 


★ buf,  siz  e_t  size. 


assert  (myself); 

assert  (myse l f->magi c ==  PARSERMAGIC); 
assert  (error); 


ctx  = (struct  Context  *)myself->priv; 

assert  (ctx); 

assert  (ctx->tail); 

assert  ( ! si ze  ||  !ctx->eof); 

★error  = 0; 


switch  (ctx->state)  C 
case  0 : 

ctx->needca  l Iback  = 1; 

/*  Send  an  annotation  */ 

★ error  = c t x-> t a i l -> a n n o t a t e 

if  (*error) 

break; 

/★FALLTHROUGH*/ 


(ctx->tail,  myself, 
PGPANN_CIPHE  R_N  0 T E X T , 0,  0); 
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case 


/ ★ Send  a commit  ★ / 

if  ( ctx->needca L Iback)  { 

★error  = c t x -> t a i L -> a n n o t a t e 


> 


if  (*error) 

break; 


(ctx->tail,  myself, 

PG  P ANN_C  OMM  I T , 0,  0); 


case  2 : 


default: 


> 

return  0; 

/ 

/* 

★ 

The 

default  state 

when 

★ 

size 

of  the  packet 

has 

* 

the 

end  of  the  pac 

k e t . 

★ 

(by 

the  sizeAdvise 

(0) 

★ 

* / 

cleanup  code  also 

r e s i 

ctx->state++; 

/★  FALLTHROUGH  */ 

if  ( ctx->needca  l Iback)  { 

★error  = ProcessCal Iback  (myself,  PG P A N N_P A R S E R_E A T I T , 

0,  0); 

if  (*error) 

break; 

> 

return  myself->write(myself,  buf,  size,  error); 
assert  ( 0 ) ; 

/*  Never  executed;  makes  compilers  happy.  * / 


starting  to  parse  a packet.  Once  the  type  and 
been  determined,  we  don't  come  back  until 
This  function  *is*  called  after  each  packet 
handler  if  necessary),  because  post-packet 
d e s here. 


static  s i z e_t 

parsePacket  (struct  PgpPipeline  *myself,  byte  const  *buf, 
int  *error) 

{ 


s i z e_t  size. 


struct 

Context  *ctx; 

s i z e_t 

written  = 0; 

unsigned  b; 

assert 

(myself); 

assert 

(mysel f->mag  i c 

==  PARSERMAGIC); 

assert 

(error); 

c t x = 

(struct  Context 

*)myself->priv; 

assert 

( c t x ) ; 

assert 

(ctx->tai l); 

assert 

( ! si ze  ||  !ctx 

- > e o f ) ; 

★error 

= 0; 

/* 

* findpkt  is  set  to  1 by  create  and  every  time  we  change  to 

* the  parsePacket  state,  and  indicates  that  the  first  packet 

* byte  has  not  been  found. 

* / 

if  (ctx->findpkt)  { 

inputReset(&ctx->input); 
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if  ( ! s i z e ) 

return  0;  / * I need  a packet  header!  * / 

ctx->findpkt  = 0 ; 
b = *(buf++); 
size--; 


if  ( i n p u t S t a r t ( & c t x -> i n pu t , b)  < 0)  { 

ctx->state  = 0;  / * Need  to  set  this  * / 

/*  before  jumping  ahead  */ 
my s e l f -> w r i t e = parseUnknown; 

return  1+parseUnknown  (myself,  buf,  size,  error); 

> 


written  = 1 ; 


/ * 

* Okay,  now  we  have  a packet,  with  the  parser  state  set  up 

* and  the  header  byte  in  c t x -> i n pu t . bu f f e r C 0 ] . 

* 

* The  p a c k e t -s p e c i f i c parsers  use  a state  variable,  and 

* expect  it  to  be  set  to  0 when  they  begin. 

*/ 

ctx->state  = 0 ; 


b = PKTBYTE_TYPE  (ctx->input.bufferC0]); 


if  ( ctx->end_scope  ==  PG P A N N_C I P H E R_E N D ) { 
switch  (b)  { 

case  PKTBYTE_C0NVENTI0NAL : 

myself->write  = parseCipher; 
break; 

case  PKTBYTE_C0NVESK: 
case  P KT  B Y T E_E  S K : 

myself->write  = parseESK; 
break; 

default: 

myse  l f->wri te  = parseCipherNoText; 
break; 

} 

> else  { 


switch  (b)  f 

case  PKTBYTE_C0NVENT I 0NAL : 

myself->write  = parseCipher; 
break; 

case  PKTBYTE_LITERAL : 

myself->write  = parseLi teral; 
break; 

case  PKTBYTE  COMPRESSED: 


case 


case 


myself->write  = parseCompressed; 
break; 

P KT  B Y T E_S I G : 

if  (ctx->sig1pass) 

myself->write  = parseSignaturelPass2; 

else 

myself->write  = parseSignature; 

break; 

P KT  B Y T E_1 PASSSIG : 

++ctx->sig1pass; 
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ctx->sig1nest  = 0 ; 
ctx->sepsig  = 0; 

myself->write  = parseSignature; 
break; 

case  P KT  B Y T E_C  0 N V E S K : 
case  P KT  B Y T E_E  S K : 

myse  Lf->wri te  = parseESK; 
break; 

case  P KT  B Y T E_M  AGICNUMBER: 

myself->write  = DoSkip; 
break; 

case  P KTB  Y T E_S  E C KE  Y : 
case  PKTBYTE_PUBKEY : 
case  PKTBYTE_SECSUBKEY : 
case  PKTBYTE_PUBSUBKEY : 
case  P KT  B Y T E_T  RUST: 
case  P KT  B Y T E_N  A M E : 

myself->write  = parseKey; 
break; 

PKTBYTE  COMMENT: 


case 


default: 


my se  l f->wr i te 
break; 


parseUnknown; 


> 

/*  continue  processing,  if  we  can  ★ / 

return  written  + myself->write  (myself,  buf,  size,  error); 

} 

/ * 

* Start  a new  packet.  This  mostly  cleans  up  after  old  ones,  then 

* falls  through  to  parsePacket . 

*/ 

static  siz  e_t 

nextScope  (struct  PgpPipeline  *myself,  byte  const  *buf,  si ze_t  size, 

int  *error) 


struct 

Context 

* c t x ; 

s i z e_t 

written 

= 0; 

assert 

(myself); 

assert 

(myself 

->ma  g i c ==  PARSERMAGIC) 

assert 

(error) 

r 

c t x = 

(struct 

Context  *)myself->priv; 

assert 

( c t x ) ; 

assert 

(ctx->tai  l); 

assert 

( ! s i z e 

| | !ctx->eof); 

★error 

= 0; 

/★  Get 

rid  of 

any  buffered  data  */ 

inputPurge(Sctx->input); 


/★  Clean  up  any  pipeline  set  up  to  process  the  packet.  */ 
if  (ctx->end)  t 

★error  = ctx->tail->sizeAdvise  (ctx->tail,  0); 
if  (*error) 

return  written; 
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parsePipelineTeardown  (ctx); 
ctx->nextparser  = NULL; 

> 

/ * 

* Special  handling  at  end  of  1 pass  sig  signed  packet. 

* Retain  hashes  and  end_scope;  parsePacket  will  then  handle 

* the  following  signature  packet. 

* XXX 

* Need  to  recognize  error  of  having  another  packet  type  there. 

* / 

if  ( ! c t x - > s i g 1 pa s s ) { 


/* 
i f 


Send  the  end-scope  annotation  for  the  last  scope,  if  any.  */ 
( c t x-> e n d_s c o p e ) { 

★ error  = c t x-> t a i l -> a nno t a t e (ctx->tail,  myself, 

c t x-> e nd_s c o p e , 0,  0); 

if  (*error) 

return  written; 


c t x-> e n d_s c ope  = 0; 
ctx->input . si lent_trunc  = 0; 


/*  Clean  up  any  pending  hashes  */ 
if  (ctx->hashes)  { 

pgpHashListDestroy  (ctx->hashes,  ctx->numhashes); 
ctx->hashes  = 0; 

> 


> 

ctx->findpkt  = 1; 
myself->write  = parsePacket; 

return  parsePacket  (myself,  buf,  size,  error); 

> 

/ * 

* After  an  ESK,  call  this  function,  which  copies  the  current  packet  to 

★ the  byte  FIFO,  and  sets  things  up  for  parsePacket  again. 

★ It  doesn't  flush  the  FIFO  or  end  the  current  scope. 

* / 

static  s i z e_t 

nextESK  (struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  int  *error) 
{ 

struct  Context  * c t x ; 
assert  (myself); 

assert  (myself->magic  = = PARSERMAGIC); 
assert  (error); 

ctx  = (struct  Context  *)myself->priv; 

assert  (ctx); 

assert  (ctx->tail); 

assert  ( ! si ze  ||  !ctx->eof); 

★error  = inputToFifo(&ctx->input); 
if  (*error) 
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return  0; 

ctx->findpkt  = 1 ; 
myself->write  = parsePacket; 

return  parsePacket  (myself,  buf,  size,  error); 


static  i n t 

Flush  (struct  PgpPipeline  *myself) 

struct  Context  *ctx; 
int  error  = 0; 

assert  (myself); 

assert  (myself->magic  = = PARSERMAGIC); 

ctx  = (struct  Context  *)myself->priv; 
assert  (ctx); 
assert  (ctx->tail); 

/*  Do  a write  to  force  out  any  hanging  data  */ 
myself->wri te  (myself,  (byte  const  * ) 0,  (size_t)0,  &error); 
return  error  ? error  : c t x-> t a i l->f  l us h (ctx->tail); 

> 


static  int 

Annotate  (struct  PgpPipeline  *myself,  struct 
byte  const  *string,  si ze_t  size) 


PgpPipeline  * o r i g i n , 


i n t 


struct  Context  * c t x ; 
int  error; 

byte  const  *oldbufptr; 

si ze_t  (*oldwri te)  (struct  PgpPipeline  *,  byte  const  *,  si ze_t 


assert  (myself); 

assert  (myself->magic  ==  PARSERMAGIC)  ; 


ctx  = (struct  Context  *)myself->priv; 
assert  (ctx); 
assert  (ctx->tail); 


/* 
i f 


> 


Do  any  expected  callbacks  */ 

( c t x-> n e e d c a l l ba c k ) { 
switch  (type)  C 
case  P G P A N N_P  A RSER_EATIT : 
case  PG  P A N N_P A R S E R_P A S STHROUGH : 
case  PG  P A N N_P  A R S E R_P  R 0 C E S S : 
case  P G P A N N_P A R S E R_R  E C U R S E : 

return  P r o c e s s C a l l ba c k (myself,  type,  string, 

> 


/ * 

* If  this  is  a hash  request  callback,  and  we  have  the 

* requested  hash  being  computed,  copy  it,  hash  in  the 

* extra  bytes,  and  pass  back  the  resultant  hash. 

* / 

if  (type  ==  PG  P A N N_H  A S H_R  E Q U E S T ) f 


type. 


int  * ) ; 


s i z e ) ; 
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> 


> 


struct  PgpHashContext  const  * h c ; 
struct  PgpHashContext  *temp_hc; 


i f 
h c 
i f 


( ! s i z e ) 

return  PG P E R R_B A D_H A S H N UM ; 

= pg p H a s h L i s t F i nd ( c t x-> h a s h e s , c t x -> n um h a s h e s , 

pgpHashByNumber(stringCOD)  ) ; 

( ! he) 


return  PG P E R R_B A D_H A S H N UM ; 
temp_hc  = pgpHashClone  (he); 
if  ( ! t emp_h  c ) 

return  PG P E R R_N 0 M E M ; 

pgpHashUpdate  (temp_hc,  string+1,  size-1); 
error  = c t x -> t a i L -> a n n o t a t e (ctx->tail,  origin, 

PGPANN_HAS  H_V  A LU  E , 
pgpHashFinaLCt  emp_h  c ) , 
hc->hash->hashsize); 

pg p H a s h D e s t r oy  (temp_hc); 


return  error; 


/ * 

* Now,  ensure  that  we  have  written  out  everything  buffered  that 

* we  plan  on  writing  out.  Run  the  state  machine  forward  until 

* it  stops  changing. 

*/ 

do  { 

oldbufptr  = ctx->input.bufptr; 
oldwrite  = myself->write; 

(void)oldwrite(myself,  0,  0,  Serror); 
if  (error) 

return  error; 

> while  ( c t x-> i npu t . bu f p t r !=  oldbufptr  ||  my s e l f -> w r i t e !=  oldwrite); 
return  ctx->tail->annotate  (ctx->tail,  origin,  type,  string,  size); 


static  i n t 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

£ 

struct  Context  * c t x ; 
int  error; 

byte  const  *oldbufptr; 

size_t  (*oldwrite)(struct  PgpPipeline  *,  byte  const  *,  si ze_t,  int  *); 
assert  (myself); 

assert  ( my s e l f -> ma g i c ==  P A R S E RM A G I C ) ; 

ctx  = (struct  Context  *)myself->priv; 
assert  (ctx); 
assert  (ctx->tail); 

/ * 

* If  we're  in  the  middle  of  a packet  that  can  be  truncated 

* without  error,  deal  with  it. 

* / 

if  ( c t x -> i n pu t . s i l e n t_t r u n c &&  c t x -> i n pu t . h e a d . p k t l e n > bytes) 
ctx->input.head.pktlen  = bytes; 
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> 


/ * 

* Set  eof  flag,  which  a few  of  the  parsing  functions  need 

* to  do  special  things  at  EOF  when  the  default  processing  here 

* is  not  desired. 

* / 

if  (Ibytes) 

ctx->eof  = 1 ; 

/* 

* Now,  ensure  that  we  have  written  out  everything  buffered  that 

* we  plan  on  writing  out.  Run  the  state  machine  forward  until 

* it  stops  changing. 

*/ 

do  { 

oldbufptr  = ctx->input.bufptr; 
oldwrite  = myself->wri te; 

(void)oldwrite(myself,  0,  0,  Serror); 
if  (error) 

return  error; 

> while  ( c t x-> i npu t . bu f p t r ! = oldbufptr  ||  my s e l f -> w r i t e !=  oldwrite); 


/* 


* Are  we  shutting  down,  yet  not  in  a c l e a n - s h u t d o w n state? 

* (No  pending  packets,  no  bytes  waiting  to  be  parsed.) 

*/ 


i f 


(Ibytes 
i f 


> 


&&  ! i n pu t F i n i s h e d ( S c t x -> i n pu t . h e a d ) ) t 
(!ctx->input.silent_trunc)  { 

error  = c t x-> e nd_s c o p e ? PG P A N N_S C 0 P E_T R U N C AT E D : 

PG  P A N N_P  A C K E T_T  RUNCATED; 
error  = c t x - > t a i l - > a n n o t a t e (ctx->tail,  myself, 

error,  0,  0); 

i f (error) 

return  error; 

ctx->i nput . si lent_trunc  = 1;  /*  Don't  repeat  */ 


> 


/*  Let  nextScope  do  the  cleanup.  */ 
myself->write  = nextScope; 
(void)nextScope(myself,  0,  0,  Serror); 
if  (error) 

return  error; 


/* 

* Send  down  a final  annotation... 

* / 

if  (Ibytes  &&  c t x -> e nd_s c o pe  ==  0) 

return  ctx->tail->sizeAdvise  (ctx->tail,  0); 
return  0; 


static  void 

Teardown  (struct  PgpPipeline  *myself) 
struct  Context  * c t x ; 
assert  (myself); 

assert  (myself->magic  ==  PARSERMAGIC); 
ctx  = (struct  Context  * ) myse  l f->pr i v; 
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assert  (ctx); 
if  (ctx->tail) 

ctx->tai l->teardown  (ctx->tai  l ) ; 

pg p F i f o D e s t r oy  ( &pg pBy t e F i f o D e s c , c t x-> i npu t . f i f o ) ; 
memset  (ctx,  0,  sizeof  ( * c t x ) ) ; 
pgpMemFree  (ctx); 

memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 

> 

struct  PgpPipeline  ** 

pgpParseBinCreate  (struct  PgpPipeline  **head,  struct  PgpEnv  const  *env) 
{ 

struct  PgpPipeline  *mod; 
struct  Context  * c t x ; 

if  ( ! h e a d | | ! env) 

return  NULL; 

ctx  = (struct  Context  *)pgpMemAlloc  (sizeof  ( * c t x ) ) ; 
if  ( ! c t x ) 

return  NULL; 

mod  = (struct  PgpPipeline  *)pgpMemAlloc  (sizeof  (*mod)); 
if  ( ! mod ) { 

pgpMemFree  (ctx); 
return  NULL; 

> 


> 


memset  (ctx,  0,  sizeof  (*ctx)); 

ctx->input.fifo  = pgpFifoCreate  (SpgpByteFifoDesc); 
if  ( ! c t x -> i n pu t . f i f o ) C 
pgpMemFree(mod); 
pgpMemFree(ctx); 
return  NULL; 

> 

inputReset(Sctx->input); 
ctx->findpkt  = 1; 
ctx->env  = env; 


mod->magic  = PARSERMAGIC; 
mod->wri te  = parsePacket; 
mod->flush  = Flush; 
mod->si zeAdvi se  = SizeAdvise; 
mod->annotate  = Annotate; 
mod->teardown  = Teardown; 
mod->name  = "PGP  Message  Parser"; 
mod->priv  = ctx; 

ctx->tail  = *head; 

*head  = mod; 
return  &ctx->tail; 
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parsebin.h 

/ * 

* parsebin.h  — The  PGP  Binary  Message  parser 

★ 

* Written  by:  Derek  Atkins  <warlord3MIT. EDU> 

★ 

* $ I d : parsebin.h, v 1.1  5 1 996/1  1 /1  2 02:1  8:09  mhw  Exp  $ 
*/ 

# i f nd  e f PG P_P A R S E B I N_H 
#define  PGP  PARSEBIN  H 


^include  "pgp/usua  L s . h" 


struct  PgpPipeline; 

# i f nd  e f T Y P E_PG P P I P E L I N E 
#define  T Y P E_PG P P I P E L I N E 1 

typedet  struct  PgpPipeline  PgpPipeline; 

# e nd  i f 

struct  PgpEnv; 

# i f nd  e f T Y P E_P G P E N V 

^define  T Y P E_P  G P E N V 1 

typedef  struct  PgpEnv  PgpEnv; 

#end  i f 


/ * 

* Create  a binary  parser  module.  This  module  will  read  in  data, 

* figure  out  what  kind  of  PGP  message  it  is,  and  create  the 

* appropriate  sub-modules  to  actually  decode  the  message,  depending 

* on  the  user's  wishes. 

* 

* It  communicated  with  the  Annotation  Reader,  which  is  a part  of  the 

* User  Interface,  to  explain  exactly  what  is  going  on  with  the 

* decoding  process.  This  module,  once  the  pipeline  is  put  into 

* action,  will  add  and  delete  modules  downstream. 

*/ 


struct  PgpPipeline 


**pgpParseBi nCreate 


(struct  PgpPipeline  **head, 
struct  PgpEnv  const  *env); 


# e n d i f /*  PGP  PARSEBIN  H */ 
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readann.c 


/ * 

* readann.c  --  Annotation  Reader 

* 

* Written  by:  Colin  Plumb  and  Derek  Atkins  <warlordaMIT.EDU> 


* $ I d : readann.c, v 1.90  1 996/1  1 /1  2 02:1  8:1  0 mhw  Exp  $ 

* / 

#ifdef  HAVE  CONFIG  H 


/^include 
#end i f 

" c o n f i g . h " 

# i nc l ude 

<assert . h> 

#include 

< s t d i o . h > 

ft  include 

<errno.h> 

//include 

"readann . h" 

U i nc l ude 

"vrfysig.h" 

//include 

"pgp/annotate . h" 

# i n c l ud  e 

"pgp/esk.h" 

//include 

"pgp/hash.h" 

//include 

"pgp/pgpmem . h" 

# i n c l u d e 

"pgp/ pgperr . h" 

//include 

"pgp/pgpmsg . h " 

//include 

"pgp/pgpui . h" 

//include 

" pgp / p i pe l i ne  . h " 

//include 

"pgp/sig.h" 

//include 

"pgp/textfi  It.h" 

//include 

"pgp/usuals.h" 

//define  R E A D A N N 0 T A T I 0 N M AG  I C 

/ * should 

never  have  more  than 

//define  MAX  RECURSE  50 


OxfOObOb 

this  many  nested  scopes 


* / 


struct  Context  C 

int  stackCMA  X_R  ECURSEO; 

i n t sp; 

int  til e_s  p ; 

int  type; 

char  * n a m e ; 

struct  PgpPipeline  * t a i l ; 

struct  PgpUICb  const  * u i ; 

struct  PgpEnv  const  * e n v ; 

void  *ui_arg; 

struct  PgpESK  * e s k l i s t ; 

struct  PgpSig  * s i g l i s t C M A X_R E C U R S E D ; 

byte  sepsigCMA  X_R  ECURSEd; 

/*  For  the  sigverify  c a l l ba c k- c a l l ba c k to  check  the  signature  */ 
struct  PgpSig  const  *cursig; 

/*  flag  --  do  we  need  a new  output?  */ 
byte  newoutput; 

>; 

struct  TryCB  { 

struct  PgpPipeline  *myself,  *origin; 
int  reply; 

>; 
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static  s i z e_t 

Write  (struct  PgpPipeline  *myself,  byte  const  *buf,  si ze_t  size,  int  *error) 
{ 

struct  Context  *context; 
assert  (myself); 

assert  ( my s e l f ->ma g i c ==  R E A D A N N 0 T A T I ONM AG  I C ) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (error); 


if  ( c o n t e x t -> n e w o u t p u t ) { 

★error  = c on t e x t -> u i -> n e wO u t pu t ( c on t e x t -> u i _a r g , 

&context->tai  l, 
context->type, 
context->name)  ; 

if  (*error) 

return  0; 

/*  Remember  scope  to  close  output  */ 
c o n t e x t -> f i l e_s p = context->sp; 
c o n t e x t -> n e w o u t pu  t = 0; 


assert  (context->tail); 

return  context->tail->write  (context->tail,  buf,  size,  error); 


static  int 

sighash(struct  PgpPipeline  *myself,  struct  PgpPipeline  *origin,  int  reply) 
{ 

struct  Context  *context; 
byte  * b u f ; 
int  err; 
unsigned  len; 


assert  (myself); 

assert  (myself->magic  ==  READANNOTATIONMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

/*  Build  list  of  hashes  we  need  */ 

len  = pgpSigDistinctHashCount(context->siglistEcontext->sp-1d); 
buf  = (byte  *)pgpMemAlloc(len); 
if  ( ! b u f ) 

return  PG P E R R_N0M E M ; 

pgpSigDistinctHashes(context->siglistCcontext->sp-1d,  buf); 

/*  Tell  the  parser  to  do  the  hashes  */ 

err  = ori gi n->annotate  (origin,  myself,  reply,  buf,  len); 

pgpMemFree(buf); 

return  err; 

> 

/*  Try  out  all  the  hashes  */ 

/*  (Note  that  this  is  called  with  context->sp  already  decremented)  */ 
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static  i n t 

sigtry  (struct  PgpPipeline  *myself,  struct  PgpPipeline  *origin) 
{ 

struct  Context  *context; 
byte  bufCIOOD; 
byte  const  *extra; 
unsigned  extralen ; 
struct  PgpSig  const  * s i g ; 
int  error; 


> 


assert  (myself); 

assert  (myself->magic  ==  READANNOTATIONMAGIC); 


context  = (struct  Context  *)myself->priv; 
assert  (context)  ; 


for 


> 


(sig  = context->siglist[context->spl;  sig; 

sig  = pgpSigNext  (sig))  { 
bufCO]  = pgpSigHash(sig)->type; 
extra  = pgpSigExtra(sig,  Sextralen); 
memcpy(buf+1,  extra,  extralen); 
context->cursig  = sig; 

/*  This  ends  up  invoking  sigverify,  below  */ 
error  = origin->annotate  (origin,  myself, 

PGPANN_HASH_REQUEST, 
buf,  extralen  + 1 ); 

if  (error)  { 

c on t e x t -> u i ->me s s a g e ( c on t e x t -> u i _a r g , error. 


> 


PGPMSG_SIG_ERROR,  0); 


context->cursig  = 0; 

pgpSigFreeList  (context->siglistlcontext->sp]); 
context->siglist[context->sp]  = 0; 
return  0; 


/*  Get  the  callback  from  the  callback...  */ 

/*  (Note  that  this  is  called  with  context->sp  already  decremented)  */ 
static  int 

sigverify(struct  PgpPipeline  *myself,  byte  const  *string,  size_t  size) 
{ 

struct  Context  *context; 
struct  PgpHash  const  *hash; 


> 


assert  (myself); 

assert  (myself->magic  = = READANNOTATIONMAGIC); 


context  = (struct  Context  *)myself->priv; 

assert  (context); 

assert  (context->cursig); 


hash  = pgpSigHash  ( c o n t e x t -> c u r s i g ) ; 
assert  (hash); 

assert  (size  ==  h a s h -> h a s h s i z e ) ; 


return  c o n t e x t -> u i -> s i g Ve r i f y ( c on t e x t -> u i _a r g , c on t e x t -> c u r s i g , 

string); 
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static  int 

sepsighash  (struct  Context  nontext) 
int  err; 

err  = p g p S e p s i g V e r i f y ( c o n t e x t - > s i g L i s t C c o n t e x t - > s p- 1 1 , context 

context->ui,  context->ui_arg); 
pgpSigFreeList  (context->siglistCcontext->sp-1d); 
context->sigli stCcontext->sp-1 D = 0; 

return  err; 

> 


/* 


* Try  a single 
*/ 

key 

to  see 

if  it 

works . 

static  int 
eskTryKey  (void 

*arg 

, byte 

const 

*key,  si ze_t 

keylen 

struct 

TryCB 

const 

* c b = 

(struct  TryCB 

* ) a r g 

} 


assert  (cb); 
assert  (cb->myself); 

assert  ( cb->myse L f->mag i c ==  R E A D ANN 0T AT  I ONM AG  I C ) ; 
assert  (cb->origin); 


return  c b-> o r i g i n-> a n no t a t e (cb->origin,  cb->myself,  cb->reply, 

key,  keylen); 


/* 

* Decrypt  an  PgpESK  from  an  esklist  — this  calls  the  UI  function  to 

* decrypt  an  esklist.  Uses  the  eskTryKey  function  to  try  the  keys, 

* and  pre-allocates  a buffer  which  is  the  largest  possible  PgpESK  from 

* all  the  PgpESKs  in  the  list.  Returns  0 or  an  error. 

*/ 

static  int 

eskdecrypt  (struct  PgpPipeline  *myself,  struct  PgpPipeline  *origin,  int 
l 

struct  TryCB  cb; 

struct  Context  *context; 

struct  PgpESK  const  * e s k ; 

byte  * b u f = 0; 

int  i,  buflen  = 0; 

s i z e_t  keylen  = 0 ; 

assert  (myself); 

assert  (myself->magic  ==  READANNOTATIONMAGIC); 


context  = (struct  Context  *)myself->priv; 
assert  (context); 


cb. myself  = myself; 
cb. origin  = origin; 
cb. reply  = reply; 

/*  Figure  out  the  size  of  the  largest  PgpESK  */ 

for  (esk  = context->esklist;  esk;  esk  = pgpEskNext(esk))  { 


> e n v , 


reply) 
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> 


i = pg  p E s kMa  x Ke y S i z e (esk); 

if  (buflen  < i) 

buflen  = i ; 


if  (buflen)  { 

buf  = (byte  * ) p g pMem A l l o c ( bu f l e n ) ; 
if  ( ! bu  f ) 


> else 


return  P G P E R R_N  OM  E M ; 
return  PG P E R R_E S K_N 0 DECRYPT; 


keylen  = ( s i z e_t ) b u f l e n ; 

i = c o n t e x t -> u i -> e s k D e c ry p t ( c on t e x t -> u i_a r g , c on t e x t -> e s k l i s t , buf, 

Skeylen,  eskTryKey,  & c b ) ; 


memset(buf,  0,  buflen); 
pgpMemFree(buf); 

pgpEskFreeList  (context->esklist); 
context->esklist  = 0; 


if  ( i ) { 

/*  Cannot  decrypt...  Either  eatit  or  passthrough  */ 
if  (i  ! = P G P A N N_P A R SER_EATIT  SS  i !=  PG P A N N_P A R S E R_P A S S T H R 0 U G H ) 
return  PG P E R R_C B_I N V A L I D ; 

cb. reply  = i;  / * What  to  do?  * / 
i = eskTryKey  ( & c b , NULL,  0); 

> 


> 


return  i ; 


static  i n t 

Annotate  (struct  PgpPipeline  *myself,  struct 
byte  const  *string,  size_t  size) 


{ 


struct  Context  *context; 
int  error  = 0; 
i n t i ; 

struct  PgpUICbArg  msgargl; 


PgpPipeline  *origin. 


int  type. 


assert  (myself); 

assert  ( myse l f->mag i c ==  R E A D A N N 0T AT  I ONM AG  I C ) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 


if  ( PGP_I S_SC0PE_MARKER  (type))  { 

if  ( P G P_I S_B  E G I N_S  COPE  (type))  { 

context->stack[context->sp++]  = type; 

> else  C 

assert(PGP_IS_END_SCOPE  (type)  ); 

if  ( c o n t e x t -> s t a c k [ c o n t e x t -> s p - ID  !=  type  - 1) 
context->ui->message  ( context->ui_arg, 

P G P E R R_U  NBALANCE  D_S  COPE, 
P G P M S G_U  NBALANCED_SCOPE, 
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context->stack[--context->sp]  = 0; 
context->sepsig[context->sp]  = 0; 


> 

/* 

* For  clearsigned  messages,  preserve  type.  See  comments 

* re  P G P A N N_C L E A R S I G_B E G I N / E N D below.  Otherwise  go  back 

* to  type  of  next  annotation  on  the  stack. 

* / 

if  ( ! ( type==PGPANN_ARMOR_BEGIN  && 

cont ext->type==PGP_LI TERAL_TEXT ) ) 

i f ( context->sp) 

context->type  = context->stack[context->sp-1 ]; 


if  ( context->ui ->annotate  ) t 

error  = c o n t e x t -> u i -> a n n o t a t e 


> 


if  (error) 

return  error; 


( c on t e x t -> u i_a r g , origin, 
type,  string,  size); 


switch  (type)  { 
case  P G P A N N_C  0 M M I T : 
do  { 

i = c on t ex t->u i ->do C ommi t 
(context->ui_arg, 
context->stackCcontext->sp  - 1 ] ) ; 


if  (i  ! = P G P A N N_P A RSER_PASSTHROUGH  && 
i ! = P G P A N N_P  A R S E R_E  A T I T &S 
i ! = PGPANN_PARSER_PROCESS  && 
i ! = PG  P A N N_P  A R S E R_R  E C U R S E ) { 

msgargl  .type  = PG P_U I_A R G_I NT ; 
msgargl.val.i  = i ; 

context->ui->message  (context->ui_arg, 

PGPERR_COMMIT_INVALID, 
PGPMSG_COMMI T_I N V A L I D , 
1, 

Smsga  rgl ) ; 

continue; 

} 


if  ( i 


< PGPANN_PARSER_PROCESS ) { 

error  = ori gin->annotate  (origin,  myself, 

0,  0); 

if  (error) 

context->ui->message 

(context->ui_arg,  error. 


i , 


P G PM  S G_A  N N 0 T A T E_E  R R 0 R , 0); 
> else  if  ( c o n t e x t -> s t a c k [ c on t e x t -> s p-1 ] = = 


P G P A N N_C I P H E R_B  E G I N ) { 
error  = eskdecrypt(myself,  origin,  i); 
if  (error)  { 

context->ui->message 

( c on t e x t -> u i _a r g , error. 
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case 

case 


PG  PM  S G_E  S K_N  ODECRYPT,  0); 

break; 

> 

> else  if  (context->stack[context->sp-1 ] == 

PG  P A N N_S I G N E D_B  E G I N ) C 
if  (context->sepsigCcontext->sp-1Il)  f 
error  = sepsighash(context); 
if  (error)  { 

context->ui->message 

( c on t e x t -> u i _a r g , error, 

PG  PM  S G_S  E P S I G_N  OVERIFY,  0); 
break; 

} 

> else  { 

error  = sighash(myself,  origin,  i); 
if  (error)  { 

context->ui->message 

(context->ui_arg,  error, 

PG  P M S G_S I G_N  OVERIFY,  0); 
break; 

} 


> 

> else  { 


> 


error  = o r i g i n-> a n no t a t e (origin,  myself,  i, 

0,  0); 

if  (error) 

context->ui->message 

( c o n t e x t -> u i _a r g , error, 

P G PM  S G_A  NN0TATE_ERR0R,  0); 


> while  (error); 
break; 

PGPANN_PKCIPHER_ESK: 

PG  P A N N_S  K C I P H E R_E  S K : 

i = pg p E s k Add ( & c o n t e x t -> e s k l i s t , type,  string,  size); 
if  ( i ! = 0 ) { 


> 


context->ui->message  (context->ui_arg,  i, 

PGPMSG_ES  K_A  D D_E  R R 0 R , 0); 


break; 


case  PGPANN_SIGNE  D_S I G : 
case  PG  P A N N_S I G N E D_S I G 2 : 

/*  Add  signature  for  */ 

i = pgpSigAdd  ( & c on t e x t -> s i g l i s t [ c on t e x t -> s p-1 ] , type, 

string,  size); 

if  ( i ! = 0)  { 

c o n t e x t -> u i -> m e s s a g e ( c on t e x t -> u i _a r g , i, 

P G P M S G_S I G_A  D D_E  R R 0 R , 0); 

> 

break; 


case  P G P A N N_S IGNED_SEP: 

/*  This  signature  context  is  for  a separate  signature  */ 

context->sepsig[context->sp-1]  = 1; 

break; 

case  PGPANN_S IGNED_END : 

error  = s i g t r y ( my s e l f , origin); 
break; 
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case  P G P A N N_H  A S H_V  A L U E : 

error  = sigverify(myself,  string,  size); 
break; 

case  PG  P A N N_L I T E R A L_T  Y P E : 
if  (size) 

context->type  = stringCOD; 

break; 

case  PGPANN_LITERA  L_N  A M E : 
if  (size)  { 

if  (context->name) 

pgpMemFree  (context->name); 
context->name  = (char  OpgpMemAlloc  (size+1); 
if  ( c o n t e x t -> n a me ) { 

memcpy  (context->name,  string,  size); 
context->nameCsize]  = 0; 

> else 

error  = PG P E R R_N0M E M ; 

> 

break; 

/ * 

* The  actual  sequence  is:  PG P AN N_C L E A R S I G_B E G I N , PG P A N N_C L E A R S I G_E N D , 

* P G P A N N_A R M 0 R_B E G I N , and  then  we  do  a Write  when  we  want  our  type 

* to  be  PG P_L I T E R A L_T E X T . So  it  takes  some  careful  work  here  and 

* above  . 

*/ 

case  PG  P A N N_C  L E A R S I G_B  E G I N : 
case  P G P A N N_C  L E A R S I G_E  N D : 

/*  Clearsigned  messages  are  always  text!  */ 

context->type  = P G P_L I T E R A L_T  EXT; 

break; 

default: 

; / * Do  nothing  * / 

> 


/*  At  end  of  scope,  shut  down  output  */ 

if  ( lerror  &&  c o n t e x t -> t a i l &&  PG P_I S_E N D_S C 0 P E (type)  && 
context->  sp  < c on t ex t -> f i l e_s p ) 

error  = context->tail->sizeAdvise  (context->tail,  0); 
if  (lerror)  < 

if  ( c on t e x t -> n a me ) T 

pgpMemFree  (context->name); 
context->name  = NULL; 

> 

c o n t e x t -> t y p e = -1; 
context->newoutput  = 1; 

> 

> 


return  error; 

> 

static  i n t 

Flush  (struct  PgpPipeline  * myself) 
struct  Context  *context; 
assert  (myself); 

assert  ( my s e l f -> ma g i c ==  R E A D ANNOT AT  1 0 NM AG  I C ) ; 
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context  = (struct  Context  *)myself->priv; 
assert  (context); 

if  (!context->tail) 
return  0 ; 

return  context->tail->flush  (context->tail); 

> 

static  i n t 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 
{ 

struct  Context  *context ; 
int  error  = 0 ; 

assert  (myself); 

assert  (myself->magic  ==  READANNOTATIONMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 


> 


i f 


> 


(Ibytes  &&  c o n t ex t -> t a i l ) { 

error  = c on t e x t -> t a i l -> s i z e Ad v i s e ( c on t e x t -> t a i 
if  ( lerror)  C 

if  ( c on t e x t -> n a m e ) { 

pgpMemFree  ( c o n t e x t -> n a me  ) ; 
context->name  = NULL; 

> 


context->type  = - 1 ; 
context->newoutput  = 1; 


return  error; 


static  void 

Teardown  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert  (myself); 

assert  ( my se  l f->mag i c ==  READANNOTATIONMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

pgpEskFreeList  (context->esklist); 
context->esklist  = 0; 
if  (context->tail) 

context->tai  l->teardown  (context->tai  l); 

memset  (context,  0,  sizeof  (*context ) ); 
pgpMemFree  (context); 

memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 

> 

struct  PgpPipeline  ** 


l,  bytes); 
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pgpAnnotationReaderCreate  (struct  PgpPipeline  **head, 

struct  PgpEnv  const  *env, 

struct  PgpUICb  const  *ui,  void  *arg) 

{ 

struct  PgpPipeline  ★ m o d ; 
struct  Context  *context; 

if  (!head  ||  ! env) 

return  NULL; 

★head  = 0; 

context  - (struct  Context  *)pgpMemAlloc  (sizeof  (*context)); 
if  ([context) 

return  NULL; 

mod  = (struct  PgpPipeline  * ) pgpMemA  l l oc  (sizeof  (*mod)  ); 
if  ( ! mod)  { 

pgpMemFree  (context); 
return  NULL; 

> 

mod->mag i c = R E A D A N N OT A T I 0 NM AG  I C ; 

mod->write  = Write; 

mod->flush  = Flush; 

mod->si zeAdvi se  = SizeAdvise; 

mod-> a n n o t a t e = Annotate; 

mod->teardown  = Teardown; 

mod->name  = "Simple  Annotation  Reader"; 

mod->priv  = context; 

memset  (context,  0,  sizeof  (*context)); 

context->ui  = ui; 

context->ui_arg  = arg; 

context->env  = env; 

context->newoutput  = 1 ; 

context->type  = - 1 ; 

★head  = mod; 

return  &context->tail; 
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readann.h 

/* 

* readann.h  --  A debugging  Annotation  Reader. 

* 

* Written  by:  Derek  Atkins  <warlord3MIT. EDU> 

* 

* $ I d : readann.h, v 1.1  9 1 996/1  1 /1  2 02:1  8:1  0 mhw  Exp  $ 
*/ 

# i f n d e f PG P_R E A D A N N_H 
//define  PGP  READANN  H 


//include  " pg  p / u s u a l s . h " 


struct  PgpPipeline; 

//ifndef  T Y P E_PG  P P I P E L I N E 
//define  T Y P E_PG  P P I P E L I N E 1 
typedef  struct  PgpPipeline  PgpPipeline; 
U e nd  i f 


struct  PgpEnv; 

//ifndef  T Y P E_P  G P E N V 
//define  T Y P E_P  G P E N V 1 
typedef  struct  PgpEnv  PgpEnv; 
U e n d i f 


struct  PgpUICb; 

# i f nd  e f TYPE_PGPUICB 
//define  TYPE_PGPUICB  1 
typedef  struct  PgpUICb  PgpUICb; 
//end  i f 


/* 

★ 

Create 

an  annotation 

reader.  This  will 

create 

output  fi 

l e s 

a s 

★ 

appropriate.  If  fil 

ename  is  non-NULL, 

it  will 

use  that 

f i l 

ename 

★ 

as  the 

output  file. 

Otherwise  it  will 

ask  the 

user  or  use 

the  name 

★ 

*/ 

out  of 

the  message. 

struct  PgpPipeline  ** 
pgpAnnotationReaderCreate  (struct 

struct 

struct 


PgpPipeline  **head, 

PgpEnv  const  * e n v , 

PgpUICb  const  *ui,  void  *arg); 


//end  i f /*  P G P_R  E A D A N N H */ 
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verifyra.c 


/ * 

* verifyra.c  An  Annotation  Reader  to  do  Signature  Verification 

* 

* Written  by:  Derek  Atkins  < wa r l o rd a M I T . E D U> 

k 

* $ I d : verifyra.c, v 1.29  1 996/1  1 /1  2 07:00:24  hal  Exp  $ 

* / 

//ifdef  H A V E_C  0 N F I G_H 


# i n c L ud  e 

"config.h" 

#end  i f 

# i n c L ude 

<assert  . h> 

^include 

< s t d i o . h > 

# i n c L u d e 

"veri f yra . h" 

tt  i n c l ud  e 

"vrfysig.h" 

ft  i n c L ude 

"pgp/annotate . h" 

# i n c L ud e 

"pgp/devnull.h" 

# include 

"pgp/hash.h" 

//include 

"pgp/join.h" 

//include 

"pgp/pgpmem . h " 

# i n c l ude 

"pgp/pgpenv . h" 

# i nc l ude 

"pgp/pgperr . h" 

//include 

"pgp/pgpmsg . h" 

# i n c l ud  e 

"pgp/pgpui . h" 

//include 

"pgp/pipeline.h" 

//include 

"pgp/sig.h" 

//define  V E R I F Y R AM A G I C S 
//define  VERI  FYRAMAGICT 


0x51 9c43c7 
0x51 9c43c8 


struct 


Context 

struct 

struct 

struct 

struct 

struct 


PgpPipeline  *joinhead,  *jointext,  **jointail; 
PgpHashContext  * h a s h e s ; 

PgpSig  *siglist; 

PgpEnv  const  *env; 

PgpUICb  const  * u i ; 
void  * u i _a  r g ; 
int  numhashes; 
int  scope_depth; 
int  i g n o r e_d  e p t h ; 
byte  i gnore_text; 
byte  textclosed; 
byte  sigclosed; 
byte  textdone; 
byte  sigdone; 


>; 


static  int 

verifySizeAdvise  (struct  Context  *ctx) 
int  error  = 0; 


/*  when  both  text  and  sig  are  done,  verify  the  signature  */ 
if  ( c t x-> t e x t c l o s ed  &&  c t x-> s i g c L o s ed  &&  c t x-> s i g L i s t ) { 
error  = pgpSigVerify  (ctx->siglist,  ctx->hashes, 

ctx->numhashes,  ctx->ui,  ctx->ui_arg); 
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> 


> 


i f 


> 


( lerror)  -C 

if  (ctx->siglist)  f 

pg p S i g F r e e L i s t ( c t x -> s i g l i s t ) ; 
ctx->siglist  = 0; 

> 

if  (ctx->hashes)  { 

pgpH a s h L i s t De s t r oy  ( c t x-> h a s h e s , 

ctx->numhashes); 

ctx->hashes  = NULL; 
ctx->numhashes  = 0 ; 


return  error; 


static  void 

veri fyTeardown  (struct  PgpPipeline  *myself) 

{ 

struct  Context  * c t x = (struct  Context  *)myself->priv; 

assert  (ctx->joinhead); 
assert  (ctx->jointext); 

if  ( ! c t x -> t e x t d on e ||  ! c t x-> s i g d o n e ) 

return; 


} 


ctx->joinhead->teardown  (ctx->joinhead); 
ctx->jointext->teardown  (ctx->jointext); 

if  (ctx->hashes)  C 

pgpHashListDestroy  (ctx->hashes,  ctx->numhashes); 
ctx->hashes  = NULL; 

> 

if  (ctx->siglist)  C 

pgpSigFreeList  (ctx->siglist); 
ctx->siglist  = 0; 

> 


memset  (ctx,  0,  sizeof  (*ctx)); 
pgpMemFree  (ctx); 

memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 


static  i n t 

tFlush  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert  (myself); 

assert  (myself->magic  ==  VERIFYRAMAGICT); 

context  = (struct  Context  *)myself->priv; 

assert  (context); 

assert  (context->jointext); 
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return  context->jointext->flush  (context  — >jointext); 


static  siz e_t 
tWrite  (struct 

struct 


PgpPipeline  ★myself,  byte  const  *buf,  size_t  size,  int 
Context  *context; 


assert  (myself); 

assert  ( myse l f->mag i c ==  VERIFYRAMAGICT); 
assert  (error); 


context  = (struct  Context  *)myself->priv; 

assert  (context); 

assert  (context->jointext); 

return  context->jointext->write  (context->jointext,  buf,  size. 


static  int 
tAnnotate 

{ 


(struct  PgpPipeline  *myself,  struct 
byte  const  *string,  si ze_t  size) 


struct  Context  *context; 


PgpPipeline  *origin. 


i n t 


> 


assert  (myself); 

assert  (myse l f->magi c = = VERIFYRAMAGICT); 

context  = (struct  Context  *)myself->priv; 

assert  (context); 

assert  (context->jointext); 

return  c o n t e x t - > j o i n t e x t -> a n n o t a t e ( c o n t ex t -> j o i n t e x t , origin, 

string,  size); 


static  int 

tSizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

{ 

struct  Context  *context; 
int  error; 

assert  (myself); 

assert  (myself->magic  = = VERIFYRAMAGICT); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

if  (bytes) 

return  0; 

error  = context->jointext->sizeAdvise  (context->jointext,  0); 
if  (error) 

return  error; 

context->textclosed  = 1; 

return  verifySizeAdvise  (context); 


★error) 


error); 


type. 


type. 
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> 


static  void 

tTeardown  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert  (myself)  ; 

assert  ( my se  l f->mag i c ==  V E R I F Y R AM AG  I C T ) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

context->textdone  = 1; 
verifyTeardown  (myself); 

> 


static  i n t 

sFlush  (struct  PgpPipeline  *myself) 
{ 

struct  Context  *context; 


assert  (myself); 

assert  (myself->magic  ==  VERIFYRAMAGICS); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

return  0; 

> 


static  siz  e_t 

sWrite  (struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  int 
{ 

struct  Context  *context; 


assert  (myself); 

assert  (myself->magic  ==  VERIFYRAMAGICS); 
assert  (error); 


context  = (struct  Context  *)myself->priv; 
assert  (context); 

(void)  buf; 

if  (size)  C 

if  ( c on t e x t -> i g no r e_t e x t ) 
return  size; 


★error  = PG P E R R_V R F Y S I G_W R I T E ; 
return  0; 


> 


return  0; 


static  int 

sAnnotate  (struct  PgpPipeline  *myself,  struct  PgpPipeline  *origin,  int 
byte  const  *string,  size_t  size) 


★error) 


type. 
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struct  Context  *context; 
int  error  = 0; 

assert  (myself); 

assert  ( my s e l f ->ma g i c ==  V E R I F Y R AM AG  I C S ) ; 

context  - (struct  Context  *)myself—  > p r i v ; 
assert  (context); 

(void)origin; 

/* 

* We  only  accept  a few  annotations  here.  Things  we  dont  know 

* are  considered  an  error.  Only  a known  set  of  annotations  are 

* accepted,  and  most  of  these  are  ignored.  We  are  allowed  to  be 

* in  armor,  and  only  a sepsig  is  allowed. 

* 

* Text  is  only  ignored  if  it  is  within  a NONPGP  scope.  Otherwise 

* it  is  not  ignored  and  an  error  will  be  returned. 

* 

* Commit  requests  are  ignored,  too. 

*/ 

switch  (type)  C 
case  P G P A N N_A  R M 0 R_B  E G I N : 
case  P G P A N N_A  RM0R_END : 
case  PGPANN_F I LE_BEG I N : 
case  P G P A N N_  FILE. _ END  : 
case  PGPANN_I NPUT_BEG I N : 
case  P G P A N N_I N P U T_E  N D : 
case  P G P A N N_C  0 M M I T : 
case  P G P A N N_S I G N E D_B  E G I N : 
case  PGPANN_SIGNED_END : 
case  P G P A N N_S IGNED_SEP: 
break; 

case  PGPANN_NONPG  P_B  E G I N : 

if  ( c o n t ex t -> i g no r e_t e x t ) 
break; 

c o n t ex t -> i g n o r e_t e x t = 1; 

context->i gnore_depth  = c o n t e x t -> s c op e_d e p t h + 1; 
break; 

case  PGPANN_N0NPG  P_E  N D : 

assert  (context->ignore_text); 

if  ( context->i gnore_depth  ==  c o n t ex t -> s c op e_d e p t h ) 
c o n t e x t -> i g n o r e_t e x t = 0; 

break; 

case  P G P A N N_S IGNED_SIG : 

error  = pgpSigAdd  (&context->siglist,  type,  string,  size); 
if  (error)  C 

c o n t e x t -> u i ->me s s a g e ( c on t e x t -> u i _a r g , error, 

PG  PM  S G_S I G_A  DD_ERR0R,  0); 

> 

break; 
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default  : 

error  = PG P E R R_V R F Y S I G_B A D A N N ; 

> 

PG P_S C 0 P E_D E PT H_U P D A T E ( c o n t e x t - > s c o p e_d e p t h , type); 
assert  ( c o n t e x t -> s c o p e_d e p t h !=  -1); 

return  error; 

> 

static  i n t 

sSizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

{ 

struct  Context  *context; 
int  error  = 0; 

assert  (myself); 

assert  (myself->magic  ==  VERIFYRAMAGICS) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

if  (bytes) 

return  0; 

/*  setup  the  hashes,  then  close  the  join  module  */ 
if  ( ! c o n t e x t -> s i g l i s t ) 

return  0;  / * No  signatures???  * / 

if  ( ! c o n t e x t -> n urn h a s h e s ) 

error  = pg p S i g S e t u p H a s h e s 

(context->jointai l,  context->env, 
&context->hashes,  &context->numhashes, 
context->siglist,  context->ui,  context->ui_arg); 


i f 

(error) 

return 

error; 

/* 

now  turn  on 

the  pipe  to  verify  the 

text  * / 

error  = context 

->j  oi nhead->si zeAdvi se 

(context->joinhead 

i f 

(error) 

return 

error; 

context->sigclosed  = 1; 

return  verifySizeAdvise  (context); 

} 

static  void 

sTeardown  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert  (myself); 

assert  (myself->magic  ==  VERIFYRAMAGICS); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
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> 

struct 

pgpVer 

{ 


con t ex t-> s i gdone  = 1; 
veri fyTeardown  (myself); 


PgpPipeline  * 

fyReaderCreate  (struct  PgpPipeline  **texthead, 

struct  PgpPipeline  **sighead, 

struct  PgpEnv  const  *env,  struct  PgpFifoDesc  const  *fd, 
byte  const  *hashlist,  unsigned  hashlen,  int  textmode, 
struct  PgpUICb  const  *ui,  void  *ui_arg) 

struct  PgpPipeline  *smod,  * t m o d ; 

struct  PgpPipeline  * j o i n h e a d = NULL,  *jointext,  * * j o i n t a i l ; 

struct  Context  *context; 

struct  PgpHashContext  * h a s h e s = NULL; 

int  numhashes  = 0,  err; 

if  ( ! texthead  ||  Isighead  ||  !env) 
return  NULL; 

context  = (struct  Context  * ) pg pM em A l l o c (sizeof  (*context)  ) ; 
if  (Icontext) 

return  NULL; 

smod  = (struct  PgpPipeline  * ) pg pMem A l l o c (sizeof  (*smod)); 
if  ( ! smod)  { 

pgpMemFree  (context); 
return  NULL; 

> 

tmod  = (struct  PgpPipeline  * ) p g pM em A l l o c (sizeof  (*tmod)); 
if  ( ! t mod  ) ( 

pgpMemFree  (context); 
pgpMemFree  (smod); 
return  NULL; 

> 

jointail  = pgpJoinCreate  (Sjoinhead,  fd); 
if  ( ! jointai  l)  { 

pgpMemFree  (context); 
pgpMemFree  (smod); 
pgpMemFree  (tmod); 
return  NULL; 

> 

jointext  = pgpJoinAppend  (joinhead); 
if  (Ijointext)  { 

j o i n h e a d-> t e a r d o w n (joinhead); 
pgpMemFree  (context); 
pgpMemFree  (smod); 
pgpMemFree  (tmod); 
return  NULL; 

> 

if  (hashlist  &&  hashlen)  { 

byte  const  *charmap; 

if  ( ! pg p D e vN u l l C r e a t e (jointail))  { 

joinhead->teardown  (joinhead); 
jointext->teardown  (jointext); 
pgpMemFree  (context); 
pgpMemFree  (smod); 
pgpMemFree  (tmod); 
return  NULL; 
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> 


> 


charmap  = (byte  const  *) 

pgpenvGetPoi nter  (env,  PG P E N V_C H A R M A PTO L A T I N 1 , NULL); 
err  = pg p S i g S e t up P i p e l i n e (jointail,  Snumhashes,  Shashes, 

hashlist,  hashlen, 

(textmode  ? charmap  : NULL)); 
if  (err  | | numhashes  <=  0)  { 

joinhead->teardown  (joinhead); 
jointext->teardown  (jointext); 
pgpMemFree  (context); 
pgpMemFree  (smod); 
pgpMemFree  ( tmod ) ; 
return  NULL; 

> 

err  = joinhead->sizeAdvise  (joinhead,  0); 
if  (err)  { 


joinhead->teardown  (joinhead); 

jointext->teardown  (jointext) ; 

pgphlashListDestroy  (hashes,  numhashes); 

pgpMemFree  (context); 

pgpMemFree  (smod); 

pgpMemFree  (tmod); 

return  NULL; 


smod->mag i c = V E R I F Y R AM AG  I C S ; 
smod->write  = sWrite; 
smod->flush  = sFLush; 
smod->sizeAdvise  = sSizeAdvise; 
smod->annotate  = sAnnotate; 
smod->teardown  = sTeardown; 

smod->name  = "Signature  Verification  Annotation  Reader 
smod->pri v = context; 


(sighead)"; 


tmod->mag i c = VERI  FYRAMAGICT; 
tmod->write  = tWrite; 
tmod->flush  = tFlush; 
tmod->si zeAdvi se  = tSizeAdvise; 
tmod->annotate  = tAnnotate; 
tmod->teardown  = tTeardown; 

tmod->name  = "Signature  Verification  Annotation  Reader  (texthead)"; 
tmod->priv  = context; 


memset  (context,  0, 
c o n t e x t -> j o i n h e a d = 
c o n t e x t -> j o i n t e x t = 
c o n t e x t -> j o i n t a i L = 
context->env  = env; 
context->ui  = ui; 
c o n t e x t -> u i _a r g = 
c o n t ex t -> h a s h e s = 
context->numhashes 


sizeof  (*context)); 
joinhead; 
jointext; 
jointai  l; 


ui_arg; 

hashes; 

= numhashes; 


> 


*sighead  = smod; 
*texthead  = tmod; 
return  smod; 
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verify  ra.h 

/ * 

* verifyra.h  --  Signature  Verification  Annotation  Reader 

★ 

* Written  by:  Derek  Atkins  < w a r L o r daM  I T . E D U > 

* 

* Sid:  verifyra.h, v 1.12  1996/11/12  02:18:11  mhw  Exp  $ 

*/ 

ZHfndef  PG P_V E R I F Y R A_H 
//define  PG P_V E R I F Y R A_H 

//include  "pgp/usua  L s . h" 

struct  PgpPipeline; 

# i f nde  f T Y P E_PG P P I P E L I N E 
//define  T Y P E_PG  P P I P E L I N E 1 

typedef  struct  PgpPipeline  PgpPipeline ; 

U e nd  i f 

struct  PgpEnv; 

//ifndef  T Y P E_P  G P E N V 

//define  T Y P E_PG  P E N V 1 

typedef  struct  PgpEnv  PgpEnv; 

# e n d i f 

struct  PgpUICb ; 

//ifndef  TYPE_PGPUICB 

//define  TYPE_PGPUICB  1 

typedef  struct  PgpUICb  PgpUICb; 

#end  i f 

struct  PgpFifoDesc; 

//ifndef  T Y P E_PG P F I F 0 D E S C 

//define  T Y P E_PG P F I F 0 D E S C 1 

typedef  struct  PgpFifoDesc  PgpFifoDesc; 

//end  i f 

struct  PgpPipeline  *pg p Ve r i f y R e a d e r C r e a t e (struct  PgpPipeline  **texthead, 

struct  PgpPipeline  **sighead, 
struct  PgpEnv  const  *env, 
struct  PgpFifoDesc  const  *fd, 
byte  const  *hashlist, 
unsigned  hashlen, 
int  textmode, 
struct  PgpUICb  const  *ui, 
void  *ui_arg); 


#endif  /*  PGP  VERIFYRA  H */ 


1113 


lib/ pgp/ pipe/ parser/vrfysig.c 


vrfysig.c 


/ * 

* vrfysig.c  --  Code  shared  between  readann  and  verifyra  to  deal  with 

* checking  and  verifying  signatures. 

* 

* Written  by:  Derek  Atkins  <warlordaMIT.EDU> 

* 

* $ I d : vrfysig.c, v 1.29  1 996/1  1 /1  2 02:1  8:1  1 mhw  Exp  $ 

* / 

ZHfdef  HAVE  CONFIG  H 


ft  i n c l ud  e 
ft  e nd  i f 

" c o n f i g . h " 

ft  include 

<assert.h> 

/^include 

< s t d i o . h > 

ft  i n c l u d e 

"vrfysig.h" 

ft  i n c l u d e 

"pgp/devnull.h" 

^include 

"pgp/hash.h" 

//include 

"pgp/hashmod.h" 

//include 

"pgp/pgpmem.h" 

ft  i n c l ud  e 

"pgp/pipeline.h" 

//include 

"pgp/pgpenv . h" 

^include 

"pgp/pgperr . h" 

ft  include 

"pgp/pgpmsg . h" 

^include 

"pgp/pgpui . h" 

//include 

"pgp/sig.h" 

//include 

"pgp/textfi It . h" 

//include 

"pgp/usuals.h" 

i n t 

pg p S i g S e t u p P i p e l i n e (struct 

struct  Pg p H a s h C o n t ex t **hashes, 

byte  const  *hashlist,  unsigned  hashlen, 

byte  const  *charmap) 

i n t num; 

struct  PgpPipeline  *mod  = NULL,  * * t a i L = Smod; 


if  (ihead  ||  '.hashes  | | lhashlist 
return  0; 


lhashlen  ||  Inumhashes) 


num  = *numhashes  = pgpHashListCreate  (hashlist,  hashes,  hashlen); 
if  (num  <=  0) 

return  0 ; 

if  (charmap)  -C 

tail  = pgpTex t F i 1 1 C r ea t e (tail,  charmap,  0,  PG P_T E X T F I LT_C R L F ) ; 
if  ( ! t a i l ) ( 

pgpHashListDestroy  (*hashes,  num); 
return  P G P E R R_N 0M E M ; 

> 

> 


tail  = pgpHashModListCreate  (tail,  *hashes,  num); 
if  ( ! t a i l ) C 

pgpHashListDestroy  (*hashes,  num); 
mod->teardown  (mod); 
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return  PG P E R R_N OM E M ; 

> 

/*  splice  in  the  modules  */ 
★tail  = * h e a d ; 

★head  = mod; 
return  0 ; 


/* 


* Given  a bunch  of  signatures,  setup  a string  of  hash  modules  and 

* hashes  in  order  to  process  the  signatures. 

*/ 


i n t 

pgpS i gSetupHashes 


{ 


(struct  PgpPipeline  **tail,  struct  PgpEnv  const  *env, 
struct  PgpHashContext  **hashlist,  int  *hashnum, 
struct  PgpSig  const  *siglist, 
struct  PgpUICb  const  *ui,  void  *ui_arg) 


unsigned  len; 

int  numhashes,  err; 

byte  * b u f ; 

struct  PgpHashContext  ★ h a s h e s ; 
byte  const  *charmap; 
byte  const  * e x t r a ; 
unsigned  extralen; 


if  (!tail  ||  Isiglist  ||  lhashlist  ||  ihashnum  ||  !ui) 
return  PG P E R R_B A D P A R AM ; 


★hashlist  = NULL; 
★hashnum  = 0 ; 


len  = pg pS i g D i s t i n c t Ha s h Coun t (siglist); 
buf  = (byte  *)pgpMemAlloc  (len); 
if  ( ! bu  f ) 

return  PG P E R R_N0M E M ; 
pgpSigDistinctHashes  (siglist,  buf); 

if  ( ! pg p D e v N u l l C r e a t e (tail))  { 

ui->message  (ui_arg,  PG P E R R_N0M E M , PG PM S G_D E V N U L L_C R E A T E , 0); 
pgpMemFree  (buf); 
return  PG P E R R_N OM E M ; 

> 

extra  = pgpSigExtra  (siglist,  Sextralen); 

charmap  = (byte  const  * ) pgpen vGe t Po i n t e r (env,  P G P E N V_C  HARMAPT0LATIN1 , 

N U L L ) ; 

err  = pg p S i g S e t u p P i p e l i n e (tail,  Snumhashes,  Shashes,  buf,  len, 

((extra  &&  extraCO])  ? charmap  : NULL)); 

pgpMemFree  (buf); 
if  (err)  C 

(*tai  l)->teardown  (*tail); 

> 

if  (numhashes  < 0)  f 

(*tai  l )->teardown  (*tai  l ) ; 
return  numhashes; 

> 

if  (numhashes  — 0)  ( 
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(*tai l)->teardown  (*tail); 

ui->message  (ui_arg,  PG P E R R_V E R BO S E_0 , PG PM S G_S I G_N 0_C H E C K 
return  PG P E R R_C A NN 0 T_H A S H ; 


★hashlist  = hashes; 
★hashnum  = numhashes; 
return  0 ; 


/ * 

* Verify  a Signature  with  a list  of  hashes 

* / 


i n t 

pgpSigVeri fy 


(struct  PgpSig  const  *siglist,  struct  Pg p H a s h C o n t e x t 
numhashes,  struct  PgpUICb  const  *ui,  void  *ui_arg) 


i n t i ; 

unsigned  len,  extralen ; 

byte  const  * b u f ; 

byte  const  *extra; 

struct  Pg p H a s h C on t ex t const  *hc; 

struct  PgpHashContext  *temp_hc; 

struct  PgpSig  const  *sig; 

int  err  = 0 ; 


★hashes. 


if  (Isiglist  | | ! hashes  ||  !ui) 

return  0; 


/*  Now,  verify  the  signatures  */ 
len  = 0 ; 

for  (i  = 0;  i < numhashes;  i++)  { 

if  (len  < h a s h e s C i ] . h a s h -> h a s h s i z e ) 

len  = hashesCi].hash->hashsize; 


> 


for 


h c 
i f 


> 


siglist;  sig;  sig  = pgpSigNext  (sig))  i 
= pg p H a s h L i s t F i n d (hashes,  numhashes,  pgpSigHash 
( ! he  ) C 

ui->message  (ui_arg,  PG P E R R_B A D_H A S H N UM , 
PGPMSG_SI G_B  A D H A S H , 0); 

continue; 


(sig)) 


temp_hc  = pgpHashClone  (he); 
if  ( ! t emp_h  c ) t 

ui->message  (ui_arg,  PG P E R R_N0M E M , 

P G PM  S G_A  LL0C_HASH_CL0NE,  0); 

continue; 

> 

extra  = pgpSigExtra  (sig,  &extralen); 

pg  p H a s h 1)  pd  a t e (temp_hc,  extra,  extralen); 
buf  = pgpHashFinal  (temp_hc); 
err  = ui->sigVerify  (ui_arg,  sig,  buf); 
pgpHashDestroy  (temp_hc); 

> 

return  0; 


> 
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i n t 

pgpSepsigVerify  (struct  PgpSig  const  * s i g L i s t , struct  PgpEnv  const  * e n v , 

struct  PgpUICb  const  *ui,  void  *ui  arq) 

{ 

struct  PgpPipeline  * h e a d = 0 , * * t a i l = Shead; 
struct  PgpHashContext  * h a s h e s = NULL; 
int  err  = 0,  numhashes  = 0 ; 

if  (Isiglist)  { 

u i ->mes  sage  (ui_arg,  PG P E R R_S I G_E R R0 R , PG PM S G_S I G_N0 S I G S , 0); 
return  0 ; 

> 


ui->message  (ui_arg,  P G P E R R_V E R B 0 S E_0 , P G P M S G_S E P S I G , 0); 


err  = pg p S i g S e t u p H a s h e s 
if  (err) 

goto  cleanup2; 


(tail,  env,  Shashes,  Snumhashes,  siglist, 
ui,  ui_arg); 


/*  Ask  the  UI  to  input  the  message  to  verify  the  signature  */ 
err  = ui->needlnput  (ui_arg,  head); 
if  (err) 

goto  cleanup2; 


err  - pgpSigVerify  (siglist,  hashes,  numhashes,  ui,  ui_arg); 

c l ea  nup2 : 

if  (head) 

head->teardown  (head); 
pgpHashListDestroy  (hashes,  numhashes); 
return  err; 

> 

/*  requires  pgpSigListDestroy  ();  */ 
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vrfysig.h 

/ * 

* vrfysig.h  --  Signature  Verification  Code 

* 

* Written  by:  Derek  Atkins  < w a r l o r d 3M I T . E D U > 

* 

* $Id:  vrfysig.h, v 1.16  1996/11/12  02:18:11  mhw  Exp  $ 

* / 

# i f nd  e f PG P_V R F Y S I G_H 
^define  PGP  VRFYSIG  H 


#include  " pg p / u s u a L s . h " 


struct  Pg p H a s h C o n t e x t ; 
struct  PgpPipeline; 
struct  PgpEnv; 
struct  PgpUICb; 
struct  PgpSig; 

int  pg p S i g S e t u p P i p e L i n e (struct  PgpPipeline  **head,  int  *numhashes, 

struct  Pg p H a s h C on t e x t **hashes, 

byte  const  *hashlist,  unsigned  hashlen, 

byte  const  *charmap); 

int  pgpSi gSetupHashes  (struct  PgpPipeline  **tail,  struct  PgpEnv  const 

struct  Pg p H a s h C o n t e x t **hashlist,  int  *hashnum, 

struct  PgpSig  const  *siglist, 

struct  PgpUICb  const  *ui,  void  *ui_arg); 

int  pgpSigVerify  (struct  PgpSig  const  *siglist,  struct  Pg p H a s h C o n t e x t 

int  numhashes,  struct  PgpUICb  const  *ui,  void  *arg); 

int  pgpSeps i gVe r i f y (struct  PgpSig  const  *siglist,  struct  PgpEnv  const 

struct  PgpUICb  const  *ui,  void  *ui_arg); 

# e nd i f /*  PGP  VRFYSIG  H */ 


* e n v , 


★hashes. 


* e n v , 
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sig/ 
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.cvsignore 


Makefile  DONE 


lib/ pgp/ pipe/ sig/ Makefile,  in 


Makefile.in 

u 

# lib/pipe/sig 

# 

U $ I d : Makef i Le. in,v  1.9  1 996/1  1 /1  2 02:1  8:1  2 mhw  Exp  $ 
# 

LOCALINCLUDES=  -I ../../ i n c L ude 

0 B J S = sigmod.o  hashmod.o 
P U B H D R S = h a s h m o d . h sigmod.h 
PRI  VHDRS  = 

all::  DONE 
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makefile.msc 


C FLAGS= 

P G P L I B= . 

-I..\..\..\..\include  -I..\..\..\include  \ 

-I . . \ . . \ . . \ . . -DHAVE  CONFIG  H S(DEBUG) 

. .\. .\. .\pgplib.  lib 

all:: 

l i b 

headers : 

: i n c l 

include  "makefile. in 


i n c l : 

if  not  "$(PUBHDRS)"==""  \ 

for  %f  in  ( $(PUBHDRS)  ) do  copy  %f  . . \ \ \ \ i n c l ud e \ pg p 
if  not  "$( PRIVHDRS)  \ 

for  %f  in  ( $(PRIVHDRS)  ) do  copy  %f  . . \ . . \ . . \ i n c l u d e 

DOB J S = 

lib: 

$(0BJS:  . o=  . ob  j ) 

$( DOBJ  S ) 

. c . ob j : 

$ ( C C ) $(CFLAGS)  -17  -c  $< 

lib  /out  : $ ( PGPLIB  ) $(PGPLIB)  $*.obj 

clean: 

del  * . ob  j 

DONE  : 

if  exist  $( PGPLIB)  lib/out:$(PGPLIB)  $(PGPLIB)  $(DOSOBJS) 
if  not  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(DOSOBJS) 
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hashmod.c 

/ * 

* hashmod.c  --  module  to  hash  data 

* 

* Written  by:  Derek  Atkins  <warlordaMIT.EDU>  and  Colin  Plumb 

* 

* $ I d : hashmod.c, v 1.27  1 996/1  1 / 1 2 02:1  8:1  2 mhw  Exp  $ 

* / 

# i 1 d e f HAVE  CONFIG  H 


^include 
U e nd i f 

" c o n f i g . h " 

U i n c l u d e 

<assert  . h> 

1/include 

< s t d i o . h > 

//include 

"hashmod.h" 

//include 

"pgp/hash.h" 

//include 

"pgp/ pgpmem  . h " 

//include 

"pgp/pipeline.h" 

//define 

HASHMODMAGIC  0x8a5430d1 

struct 

Context 

struct 

PgpHashContext  *hash; 

>; 

struct 

PgpPipeline  *tail; 

static 

i n t 

Flush(struct  PgpPipeline  *myself) 

f 

struct 

Context  *context; 

assert(myself); 

assert(myself->magic  ==  HASHMODMAGIC); 

context  = (struct  Context  *)myself->priv; 

assert(context); 

assert(context->tai l ) ; 

return  context->tai l->flush(context->tai  l ) ; 

> 

static  s i z e_t 

Wri teCstruct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size, 

C 

struct  Context  *context; 
s i z e_t  written; 

assert(myself); 

assert(myself->magic  ==  HASHMODMAGIC)  ; 
assert(error); 

context  = (struct  Context  *)myself->priv; 

assert(context); 

assert ( context->tai  l); 

written  = context->tail->write(context->tail,  but,  size. 


int  *error) 


error)  ; 
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if  (written) 

pgpHashtlpdate(context->hash,  but,  written) ; 
return  written; 

} 


static  i n t 

An n o t a t e ( s t r u c t PgpPipeline  *myself, 
byte  const  *string,  si ze_t 


{ 


struct  Context  *context; 


struct 

size) 


PgpPipeline  *origin. 


i n t 


> 


assert(myself); 

assert(myself->magic  = = HASHMODMAGIC); 

context  = (struct  Context  *)myself->priv; 

assert(context); 

assert(context->tai l ) ; 

return  c o n t e x t -> t a i l -> a n no t a t e ( c o n t ex t -> t a i l , origin,  type, 

string,  size); 


static  i n t 

SizeAdvise(struct  PgpPipeline  * m y s e l f , unsigned  long  bytes) 

{ 

struct  Context  *context; 
assert(myself); 

assert(myself->magic  ==  HASHMODMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert (context); 
assert(context->tai  l); 

return  cont ex t-> t a i l->s i zeAdvi se( cont ex t->t ai l , bytes); 

> 


static  void 

Teardown(struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert(myself); 

assert(myself->magic  = = HASHMODMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert(context) ; 

if  (context->tail) 

context->tai  l->teardown(context->tai l) ; 

memset(context,  0,  sizeof (*context)); 
pgpMemFree(context); 

memset(myself,  0,  sizeof(*myself)); 
pgpMemFree(myself); 

> 


struct  PgpPipeline  ** 


type. 
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pgpHa s hModC rea t e ( s t rue t PgpPipeline  **head, 

struct  Context  *context; 
struct  PgpPipeline  * m o d ; 


struct  Pg p Ha s h C on t e x t *hash) 


assert(hash); 


if  ( ! h e a d ) 

return  NULL; 


context  - (struct  Context  * ) pg pM em A l l o c ( s i z e o f ( * c o n t e x t ) ) ; 
if  ( ! context) 

return  NULL; 

mod  = (struct  PgpPipeline  *)pgpMemAlloc(sizeof(*mod)); 
if  ( ! mod ) C 

pgpMemFree(context); 
return  NULL; 

> 

mod->magic  = HASHMODMAGIC; 
mod->write  = Write; 
mod->flush  = Flush; 
mod->si zeAdvi se  = SizeAdvise; 
mod->annotate  = Annotate; 
mod->tea  rdown  = Teardown; 
mod->name  = "Hash  Module"; 
mod->priv  = context; 

memset(context,  0,  sizeof (*context)); 
context->hash  = hash; 

context->tail  = *head; 

*head  = mod; 

return  &context->tai  In- 


struct PgpPipeline  ** 
pgpHashModListCreate(struct  PgpPipe 
unsigned  num) 

C 


struct  PgpPipeline  *th  = 0, 


ine  **head,  struct  Pg pH  a s h C on t e x t *hashes, 
**tt  = &th; 


> 


while 


> 


( num — ) C 


1 1 
i f 


> 


= pgpHashModCreate(tt,  hashes++); 
( ! tt ) C 

if  (th) 

th->teardown(th); 
return  0; 


*tt  = *head; 

★head  = th; 
return  tt; 
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hashmod.h 

/* 

* hashmod.h  --  A Generic  Hash  Module. 

* 

* Written  by:  Derek  Atkins  <warlord3MIT.EDU> 

* 

* $ I d : hashmod.h, v 1.1  5 1 996/1  1 /1  2 02:1  8:1  2 mhw  Exp  $ 

* / 

# i f nd  e f PG P_H A S HMO D_H 

# d e f i n e PG P_H A S H MO D_H 

struct  PgpPipeline; 

# i f nd  e f T Y P E_PG P P I P E L I N E 
#d  e f i n e T Y P E_PG P P I P E L I N E 1 

typedef  struct  PgpPipeline  PgpPipeline; 

# e n d i f 

struct  PgpHashContext  ; 

# i f nd  e f T Y P E_PG P H A S H C 0 N T E X T 
^define  T Y P E_P G P H A S H C 0 N T E X T 1 

typedef  struct  PgpHashContext  PgpHashContext ; 

#e  nd  i f 

/ * 

* Create  a module  that  will  hash  its  input  and  copy  it  to  the  output, 

* using  the  passed-in  PgpHashContext.  The  caller  assumes  control  of  the 

* PgpHashContext,  and  when  this  module  returns  success  from  a 

* sizeAdvise(O),  the  PgpHashContext  is  valid  for  use. 

* 

* Note:  the  calling  function  must  destroy  the  PgpHashContext. 

*/ 

struct  PgpPipeline  ** 

pgpHashModCreate  (struct  PgpPipeline  **head,  struct  PgpHashContext  *hash); 
struct  PgpPipeline  ** 

pgpHashModLi stCreate  (struct  PgpPipeline  **head,  struct  PgpHashContext  *hashes, 
unsigned  num); 

# e n d i f 
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sigmod.c 

/* 

* Sid:  sigmod.c, v 1.40  1996/11/12  02:18:13  mhw  Exp  $ 

★ / 

//ifdef  H A V E_C  0 N F I G H 


ft  i n c l ude 

" c o n f i g . h " 

ft e nd i f 

//include 

<assert . h> 

ft i n c l ud  e 

" copymod  . h " 

ft  i n c l ude 

" ma  k e s i g . h " 

ft  i n c l ud e 

"pktbyte  . h" 

//include 

" s i gmod . h " 

//include 

"pgp/annotate.h" 

ft  i n c l ud e 

"pgp/hash.h" 

//include 

"pgp/hashmod.h" 

//include 

"pgp/ j oi n . h" 

//include 

"pgp/pgpmem. h" 

//include 

"pgp/pi pe  l i ne . h" 

ft  include 

"pgp/pgperr.h" 

//include 

"pgp/sigspec.h" 

//include 

"pgp/usuals.h" 

//define 

SIGMODMAGIC  0x519a10fe 

//define 

M A X_E  X T R A 5 

struct  PerSi gnature  { 

struct  PerSignature  * n e x t ; 
struct  PgpSigSpec  const  * s p e c ; 
struct  PgpHashContext  * h c ; 

>; 


struct 


PgpPipeline 

PgpPipeline 

PgpPipeline 

PgpPipeline 

PerSignature 


Context 
struct 
struct 
struct 
struct 
struct 
struct 
struct 
PgpVersion 
byte  * b u f ; 
unsigned  buflen; 
byte  const  * s i g ; 
i n t s i g l e n ; 
i n t sc  o pe_d  e p t h ; 
byte  onepass; 


* t a i l ; 

★join,  *joinlast, 

* * j o i n t a i l ; 
**texttai  l; 

* s i g l i s t ; 


PerSignature  * s i g p t r ; 
Pg p R a n dom C o n t e x t const 
version; 


*rc 


★newjoin; 


>; 

/* 

★ 

For 

each 

* 

The 

fact 

* 

*/ 

this 

a l 

signature  on  the  signature  list,  get  rid  of  it. 

that  duplicate  Pg p H a s h C on t e x t s are  allowed  complicates 

1 1 l e bit. 
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static  void 

T e a rd o w n S i g L i s t ( s t r u c t PerSignature  *siglist) 

{ 

struct  PerSignature  * p s ; 
struct  PgpHashContext  * h c ; 

while  (siglist)  { 

he  = siglist->hc; 
if  ( he  ) { 

/*  Walk  to  end  of  list  deleting  duplicates  */ 
for  (ps  = siglist->next;  ps;  ps  = ps->next) 
if  (ps->hc  ==  he) 

ps->hc  = 0; 
pgpHashDestroy(hc); 

> 

ps  = siglist->next; 

memsetlsiglist,  0 , sizeof(*siglist)); 

pgpMemFree(siglist); 

siglist  = ps; 

> 

> 

static  s i z e_t 

Wri telstruct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  int  *error) 
{ 

struct  Context  *context; 
assert(myself); 

assert(myself->magic  = = SIGMODMAGIC); 
assert(error); 

context  = (struct  Context  *)myself->priv; 

assert(context); 

assert(context->tai  l ) ; 

/* 

* If  we're  doing  1-pass  signatures  we  might  need  to  open  a 

* new  input  (for  the  real  signature  data)  which  is  appended 

* to  the  current  data  using  pgpSigTextlnsert,  just  like  the 

* data  did.  Then  we  need  to  close  the  current  input,  tear  it 

* down,  and  replace  it  with  the  new  one.  Finally,  we  need  to 

* set  a flag  that  says  that  we  did  this,  so  we  don't  do  it 

* again.  * / 

if  ( context->versi on  > PG P VE R S I 0N_2_6  && 
c on t ex t-> j o i n l a s t !=  c on t e x t -> j o i n ) { 

/ * 

* Do  the  switch  if  we  have  new  version  packets  and 

* pgpS i gText Insert ( ) was  called 
*/ 

struct  PgpPipeline  *head  = NULL,  * * t a i l ; 

switch  ( c o n t ex t -> o n e pa s s ) { 

case  0 : 

/*  Create  the  new  module...  */ 

tail  = pgpSigTextlnsert  (myself,  Shead); 

if  ( ! t a i l ) { 

*error  = PG P E R R_N 0M E M ; 
return  0; 
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> 

context->new join  = head; 
context->onepass++; 

/*  FALLTHROUGH  */ 

case  1 : 

/*  close  the  old  one...  */ 

*error  = context->join->sizeAdvise  (context->join,  0 ) ; 
if  (*error) 

return  0 ; 

context->onepass++; 

/*  FALLTHROUGH  */ 

case  2 : 

/*  ...and  shut  it  down...  */ 
context->join->teardown  (context-> join); 

/*  inserting  the  new  one  in  its  place  */ 
context-> join  = context->newjoin; 
context->onepass++; 

default: 

break; 

} 


return  context->tail->write(context->tail,  buf,  size,  error); 

> 


static  int 

Annotate ( st ruct  PgpPipeline  *myself, 
byte  const  *string,  si ze_t 


struct  Context  *context; 
int  error; 


struct 

size) 


PgpPipeline  *origin. 


int  type. 


assert(myself); 

a s s e r t ( my s e l f ->ma g i c ==  S I GMO D M AG  I C ) ; 


context  = (struct  Context  * ) my s e l f -> p r i v ; 

assert(context); 

assert(context->tai  l ) ; 


error  = c o n t e x t - > t a i l - > a n n o t a t e ( c o n t e x t -> t a i l , 

string,  size); 


if  (lerror) 


origin. 


type. 


PGP_SC0PE_D  E PT  H_U  P D AT  E (context->s  c ope_d  epth,  type); 
a s s e r t ( c o n t e x t -> s c o pe_d e p t h !=  -1); 


> 


return  error; 


static  int 

S i z e Ad v i s e ( s t r u c t PgpPipeline  *myself,  unsigned  long  bytes) 

struct  Context  *context; 
struct  PerSignature  *ps; 
int  i,  len,  error; 
s i z e_t  size; 

assert(myself); 

assert(myself->magic  = = SIGMODMAGIC); 


1129 


lib/ pgp/pipe/ sig/ sigmod.c 


context  = (struct  Context  *)myself->priv; 

assert(context); 

assert(context->tai l ) ; 


i = context->tail->sizeAdvise(context->tail,  bytes); 
i f ( i II  bytes  | | c o n t ex t -> s c o pe_d e p t h ) 
return  i ; 


/* 


* Not  inside  any  scope  and  got  a s i z e Ad v i s e ( 0 ) : EOF! 

* So  write  out  all  the  signatures.  */ 

/*  Find  out  how  big  a buffer  we  need  and  allocate  it  */ 
if  ( c on t ex t-> s i g p t r &&  ! c on t e x t -> bu f ) { 
l e n = 0 ; 

for  (ps  = context->sigptr;  ps;  ps  = ps->next)  { 
i = pg pMa k e S i g Ma x S i z e ( p s -> s pe c ) ; 
if  ( l e n < i ) 

l e n = i ; 


> 


context->buf  - (byte  * ) pgpMemA  l l oc ( ( uns i gned ) l en  + 3 ) ; 
if  (!context->buf) 

return  P G P E R R_N 0 M E M ; 
c on t e x t -> bu f l e n = ( uns i gned ) l en+3; 

> 


/*  Walk  the  list  of  signatures  writing  them  out.  * / 

ps  = c o n t e x t -> s i g p t r ; 

while  (ps  ||  c o n t e x t -> s i g l e n ) { 

/*  Write  any  partial  signature  */ 
if  ( c on t ex t -> s i g l e n ) { 

assert(context->sig); 

assert(context->join); 

/*  Dump  it  down  the  join  module  */ 

size  = c o n t e x t -> j o i n-> w r i t e ( c o n t e x t -> j o i n , 

context->si g, 
context->siglen 
Serror)  ; 


context->sig  +=  size; 
c o n t e x t -> s i g l e n -=  size; 
if  (error) 

return  error; 


> 


continue; 


/*  Okay,  now,  make  a new  signature.  */ 

assert(context->buf  len  >=  3u  + pgpMakeSigMaxSize(ps->spec)); 
i = pgpMa ke S i g ( con t ex t->buf  + 3 , ps->spec,  context->rc,  ps->hc); 
/*  XXX  Force  old-style  format  here  */ 
context->bufC3d  = PG P V E R S I 0 N_2_6 ; 
if  (i  < 0) 

return  i ; 

if  (context->versi on  > PG P V E R S I 0 N_2_6 ) { 
if  ( PKTLEN_ONE_BYTE ( i ) ) { 
context->bufC1d  = 

PKTBYTE_BUILD_NEW(PKTBYTE_SIG) ; 
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# i f 0 

/*  PGP  2.6.2 


# e nd i f 


> 


context ->bufC23  = PKTLEN_1 BYTE ( i ) ; 
context->sig  = context->buf+1; 
context->siglen  = (unsigned)i+2; 

> else  { 

context->bufCOD  = 

P KT  B Y T E_B  U I L D_N  EW(PKTBYT  E_S I G ) ; 
context->buf [1 3 = PKT  L E N_B  YTEO(i); 
context->buf C2]  = P K T L E N_B  YTE1 (i ) ; 
context->sig  = context->buf; 
context->siglen  = (unsigned)i+3; 

> 

> else  { 

screws  up  on  this  * / 

i f ( i < 256)  { 

context->buf[1D  = 

P KTB  Y T E_B  UILD(PKTBYTE_SIG,  0); 
context->buf E2]  = (byte)i; 
context->sig  = context->buf+1; 
context->siglen  = (unsigned)i+2; 

> else  { > 

context->buf COD  = PKTB Y T E_BU I L D ( PKTB YT E_S I G , 1); 
context->bufE1]  = (byte)(i>>8); 
context->bufE2D  = (byte)i; 
context->sig  = context->buf ; 
context->siglen  = (unsigned)i+3; 

> 

/*  Okay,  signature  made  */ 

context->sigptr  = ps  = ps->next; 


TeardownSigList(context->siglist); 
context->siglist  = 0; 

if  (context->buf)  { 

memset(context->buf,  0,  context->buf  len)  ; 

pgpMemFree(context->buf); 

context->buf  = 0; 


if  (context->join)  { 

error  = context->join->sizeAdvise(context->join,  0); 
if  (error) 

return  error; 

context->join->teardown(context->join); 
context->join  = 0; 


return  0; 

> 


static  i n t 

FlushCstruct  PgpPipeline  * myself) 
{ 

struct  Context  *context; 
int  error; 
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assert(myself); 

assert(myself->magic  = = SIGMODMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert(context); 

/*  XXX  Do  nothing  */ 
it  (context->tail)  { 

error  = context->tail->flush(context->tail); 
if  (error) 

return  error; 

> 

if  ( c o n t e x t -> j o i n ) { 

error  = c o n t e x t -> j o i n-> f L u s h ( c o n t e x t -> j o i n ) ; 
if  (error) 

return  error; 

> 

return  0; 

> 

static  void 

T e a r d o w n ( s t r u c t PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert(myself); 

assert (myse  Lf->magi c ==  SIGMODMAGIC)  ; 

context  = (struct  Context  *)myself->priv; 

assert(context); 

if  (context->tail) 

context->tai L->teardown(context->tai l ) ; 
if  (context->join) 

context->join->teardown(context->join); 
TeardownSigLi st(context->sigli st) ; 
if  ( c on t ex t -> bu f ) C 

memset(context->buf,  0,  context->buf Len); 
pgpMemFree(context->buf) ; 

> 

memset(myself,  0,  sizeof (*myself )); 
pgpMemFree(myself); 

} 


struct  PgpPipeline  ** 
pg p S i g C r e a t e ( s t r u c t PgpPipeline 
struct  PgpFifoDesc 


C 


**head,  PgpVersion  version, 

const  *fd,  struct  Pg p R a nd om C on t e x t const 


struct  PgpPipeline  *mod; 
struct  PgpPipeline  * * t a i l ; 
struct  Context  *context; 


* r c ) 


if  (!head) 

return  NULL; 


context  = (struct  Context  * ) pg pM em A l l o c ( s i z e o f ( * c o n t e x t ) ) ; 
if  (!  context) 

return  NULL; 

mod  = (struct  PgpPipeline  *)pgpMemAlloc(sizeof(*mod)); 
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if  ( ! mod)  { 

pgpMemFree(context); 
return  NULL; 

> 


/*  Create  the  join  module  for  stuffing  the  signatures  into.  */ 
memsetCcontext,  0,  sizeof (*context)); 

context->jointai  l = pgpJoinCreate(&context->join,  f d ) ; 
if  ( ! c o n t e x t -> j o i n t a i l ) { 
pgpMemFree(mod); 
pgpMemFree(context); 
return  NULL; 

> 

context->jo inlast  = context->join; 
context->rc  = rc; 
context->version  = version; 

/*  Tack  a copy  mod  onto  the  output  to  provide  a stable  tail  pointer.  */ 
context->tail  = * h e a d ; 

tail  = pg p C o py Mod C r e a t e ( S c o n t e x t -> t a i l ) ; 
if  ( ! t a i l ) { 

context->join->teardown(context->join); 

pgpMemFree(mod) ; 

pgpMemFree(context); 

> 

/*  Finally,  fill  in  all  the  values  */ 
mod->magic  = SIGMODMAGIC; 
mod->write  = Write; 
mod->flush  = Flush; 
mod->sizeAdvise  = SizeAdvise; 
mod->annotate  = Annotate; 
mod->teardown  = Teardown; 
mod->name  = "Signature"; 
mod->pri v = context; 


*head  = mod; 

return  tail; 


/* 


★ 

T h i 

s 

adds 

one  signature  to 

the 

signing 

★ 

w h i 

c h 

the 

signatures  will 

come 

out  of. 

* 

t a i 

l 

pointer  - this  joins 

them 

t o g e t h e 

* / 


module.  It  returns  a tail  pointer 
Each  call  returns  the  same 
r internally. 


static  struct  PgpPipeline  ** 

addSignature  (struct  PgpPipeline  *myself,  struct  PgpSigSpec  *spec, 
byte  clearsig,  byte  nest) 


struct  Context  *context  = (struct  Context  *)myself->priv; 
struct  PerSignature  *ps,  *ps2; 

struct  PgpHash  const  *hash  = pgpSigSpecHash(spec); 
struct  PgpHashContext  *hc; 


assert(myself); 

assert(myself->magic  = = SIGMODMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert(context); 
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ps  = (struct  PerSignature  *)pgpMemAlloc(sizeof(*ps)); 


/ * If  we  already  have  a request  for  this  hash,  use  it  * / 
he  = 0 ; 

for  (ps2  = context->siglist;  p s 2 ; ps2  = ps2->next)  f 
if  ( p s 2 -> h c -> h a s h ==  hash)  { 
he  = ps2->hc; 
break; 

> 

> 


/* 
i f 


> 


If  not,  generate  a new  one,  and  a module  to  make  it.  */ 
( ! he)  { 

he  = pgpHashCreate(hash); 

if  ( ! he)  { 

pgpMemFree(ps) ; 
return  0 ; 

> 

if  C!pgpHashModCreate(&context->tail,  he))  ( 
pgpHashDestroy(hc); 
pgpMemFree(ps); 
return  0 ; 


/*  Fill  in  the  PerSignature  structure  */ 
ps->spec  = spec; 
ps->hc  = he; 


if  ( ! c learsi g &&  c o n t e x t -> v e r s i o n > PG PV E R S I 0 N_2_6 ) { 

/ * 

* Add  the  1-pass  signature  header  here.  It  gets 

* buffered  in  the  order  the  signatures  come  in,  in  a 

* LIFO  stack.  For  clearsigs  we  don't  do  this,  there  is 

* just  the  sig  at  the  end.  The  hash  info  goes  in  the 

* clear. 

* / 

byte  * b u f ; 
i n t l e n ; 


> 


len  = pg pMa k e S i g H e a d e r Ma x S i z e (spec); 
assert  ( P KT  L E N_0  N E_B  YTE(len)); 
buf  = (byte  *)pgpMemAlloc  (len+2); 
if  ( ! buf  ) 

return  NULL; 

len  = pgpMakeSigHeader  (buf+2,  spec,  nest); 
bufCO]  = P KT  B Y T E_B  U I L D_N  E W ( P KT B Y T E_1 P A S S S I G ) ; 
buf Cl  ] = P KT  L E N_1 BYTE  (len); 

len  -=  pgpJoinBuffer  (context->join,  buf,  len+2); 
memset  (buf,  0,  sizeof  (buf)); 
pgpMemFree  (buf); 
if  (len  ! = -2) 

return  NULL; 


/*  Add  to  the  beginning  of  the  list,  reversing  the  stack  */ 
ps->next  = context->siglist; 
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c o n t e x t -> s i g L i s t = ps; 
context->si gptr  = context->siglist; 


/*  And  we're  done...  */ 
return  context->jointail; 


/* 

* Set  up  to  create  a(nother)  signature.  Clearsig 

* use  the  1-pass  sigs. 

*/ 


struct  PgpPipeline  ** 
pgpSigSignatureCstruct 

byte  c L 


{ 


Pg p P i p e L 
e a r s i g ) 


n e 


struct  Context  * c o n t e x t ; 
struct  PgpSigSpec  *ss; 
struct  PgpPipeline  * * t a i l ; 


*myse  If, 


struct 


tells  us  not  to 


try  to 


PgpSigSpec  * s pe  c , 


assert(myself); 

assert(myself->magic  ==  SIGMODMAGIC); 


/ * Just  checking  ! * / 

context  = (struct  Context  *)myself->priv; 
assert(context); 


> 


/*  Only  one  signature  on  a PG PVE R S I 0N_2_6  packet  */ 
if  ( c on t e x t -> v e r s i o n <=  PG PV E R S I 0 N_2_6 ) 

return  addSignature  (myself,  spec,  clearsig,  0 ) ; 


/*  P G P V E R S 1 0 N_3  packets  can  have  multiple  signatures  */ 
tail  = NULL; 

for  (ss  = spec;  ss;  ss  = pgpSigSpecNext  (ss))  { 

tail  = addSignature  (myself,  ss,  clearsig, 

((pgpSigSpecNext  (ss))?0:1)) 


if  ( ! t a i l ) 


> 


return  tail; 


return  tail; 


/* 


* This  inserts  some  text  into  the  signature  output  in  the  appropriate  place 

* to  make  a signed  message,  as  opposed  to  separate  signatures. 

* It  is  possible  that  you  might  take  the  output  of  the  signature  from 

* pg p S i g C r e a t e , apply  some  processing  (such  as  compression,  or  encapsulation 

* in  a literal  which  PGP  does  right  now)  and  feed  it  back  into  here. 

* (Should  we  hide  *that*  processing,  too?) 

*/ 


struct  PgpPipeline  ** 

pgpSigTextInsert(struct  PgpPipeline  *myself,  struct  PgpPipeline  **head) 
{ 


struct  Context  *context; 
struct  PgpPipeline  *newjoin; 


assert(myself); 

assert (myself->magi c = = SIGMODMAGIC); 
context  = (struct  Context  *)myself->priv; 
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> 


assert(context); 

assert(context->join); 

assert(context->joinlast); 

if  ( ! h e a d ) 

return  NULL; 

new  join  = pgpJoinAppend(context->joinlast); 
if  (newjoin)  { 

* h e a d = context->joinlast  = newjoin; 
return  context->jointail; 

> else  i 

return  0; 

> 
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sigmod.h 


/ * 

* sigmod.h  --  A module 

* 

* This  is  a Public  API 

* 

* Sid:  sigmod.h, v 1.15 
*/ 

//  i f nd  e f PGP_SIGMOD_H 
//define  PGP  SIGMOD  H 


//include  " pg  p / u s u a l s . h " 


that  is  used  to  make  a signed  message. 
Function  Header. 

1996/11/12  02:18:13  mhw  Exp  $ 


struct  PgpPipeline; 

//ifndef  T Y P E_PG  P P I P E L I N E 
//define  T Y P E_PG  P P I P E L I N E 1 
typedef  struct  PgpPipeline  PgpPipeline; 
U e nd i f 

struct  PgpFifoDesc; 

//ifndef  T Y P E_PG  P F I F 0 D E S C 
//define  T Y P E_PG  P F I F 0 D E S C 1 
typedef  struct  PgpFifoDesc  PgpFifoDesc ; 
# e nd i f 

struct  PgpSigSpec  ; 

//ifndef  T Y P E_PG  P S I G S P E C 
//define  T Y P E_PG  P S I G S P E C 1 
typedef  struct  PgpSigSpec  PgpSigSpec ; 
//end  i f 


struct  PgpRandomContext; 

//ifndef  T Y P E_PG  P R A N D 0M  C 0 NT  E X T 
//define  T Y P E_PG  P R A N D 0M  C 0 NT  E XT  1 

typedef  struct  PgpRandomContext  PgpRandomContext; 
U e nd  i f 


/* 

* This  creates  a signing  module.  Initially,  it  just  passes  through  its 

* input  data  unmodified. 

*/ 


struct 


/* 

★ 

This 

★ 

w h i c 

* 

tail 

★ 

true 

★ / 

PgpPipeline  **pgpSigCreate  (struct  PgpPipeline  * * h e a d , 

PgpVersion  version, 

struct  PgpFifoDesc  const  *fd, 

struct  PgpRandomContext  const  * r c ) ; 

adds  a signature  to  the  signing  module.  It  returns  a tail  pointer 
h the  signatures  will  come  out  of.  Each  call  returns  the  same 
pointer  - this  joins  them  together  internally.  If  clearsig  is 
it  won't  try  to  output  the  special  one-pass  signature. 


struct  PgpPipeline  ** pg p S i g S i g n a t u r e (struct  PgpPipeline  *pipe, 

struct  PgpSigSpec  *spec,  byte  clearsig); 

/* 

* This  inserts  some  text  into  the  signature  output  in  the  appropriate  place 

* to  make  a signed  message,  as  opposed  to  separate  signatures. 

* It  is  possible  that  you  might  take  the  output  of  the  signature  from 
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* pgpSigCreate,  apply  some  processing  (such  as  compression,  or  encapsulation 

* in  a literal  which  PGP  does  right  now)  and  feed  it  back  into  here. 

* (Should  we  hide  *that*  processing,  too?) 

*/ 


struct 


PgpPipeline  **pgpSigText!nsert 


(struct 

struct 


PgpPipeline  * p i p e , 
PgpPipeline  * * head); 


U end  i f 


/*  PGP  SIGMOD  H */ 
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lib/ pgp/ pipe/text/ Makefile. 


Makefile.in 

# 

# Lib/pipe/text 

n 

tt  $ I d : Makef  i Le.  in,v  1.1  0 1 996/1  1 /1  2 02:1  8:1  4 mhw  Exp  $ 

# 

LOCALINCLUDES=  - I ../../ i nc L ude 

0BJS=  compmod.o  defmod.o  infmod.o  literal. o textfilt. 
zdeflate.o  ztrees.o 

PUBHDRS=  compmod  . h literal. h textfilt. h 
PRIVHDRS= 


zbi ts  . o \ 


all::  DONE 


lib/ pgp/ pipe/text/ makefile. msc 


makefile.msc 


CFLAGS  = 

P G P L I B = 

-DHAVE  CONFIG  H $(DEBUG) 

all:: 

l i b 

headers 

: i n c l 

include  "makefile. in 


i n c l : 

if  not  "$( PUBHDRS  ) " = = \ 

for  %f  in  ( $(PUBHDRS)  ) do  copy  %f  . .\..\..\..\include\pgp 
if  not  "$(PRIVHDRS)"==""  \ 

for  %f  in  ( $(PRIVHDRS)  ) do  copy  %f  . . \ . . \ . . \ i nc  l ude 

DOB  J S = 
lib: 

$(0BJS:  . o = . o b j ) 

$ ( DOB J S ) 

. c . o b j : 

$(CC)  $(CFLAGS)  -17  -c  $< 

lib  /out : $( PGPLIB)  $(PGPLIB)  $*.obj 

clean: 

del  * . o b j 

DONE  : 

if  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(PGPLIB)  $(D0S0BJS) 
if  not  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(D0S0BJS) 
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compmod.c 


/* 


* compmod.c  --  General  Compression  and  Decompression  Module 

* 

* Written  by:  Derek  Atkins  <warlordaMIT.EDU> 


★ 

* $ I d : 

compmod.c, v 1.19 

* / 

#ifdef  H A V E_C  0 N F I G H 

U i n c l ud  e 

" c o n f i g . h " 

# e nd  i f 

# i n c l ud  e 

<assert  . h> 

#i nc  lude 

"addhdr.h" 

ft  i n c l ude 

"compmod.h" 

ft  i nc  l ude 

"defmod.h" 

ft  i nc  l ude 

" i nf mod  . h " 

ft  i n c l u d e 

"pktbyte  . h" 

# i n c l ud  e 

"pgp/ compress  . h 

ft  i n c l ud e 

"pgp/pipeline.h 

struct  PgpPipeline  ** 

pgpCompressModCreate  (struct  PgpPipeline  **head,  PgpVersion  version, 

{ struct  PgpFi foDesc  const  *fd,  byte  type,  int  quality) 

struct  PgpPipeline  *newhead  = NULL,  * * t a i l = &newhead; 

if  ( ! h e a d ) 

return  NULL; 


switch  (type)  { 

case  P G P_C  OMPRESSALG_ZIP : 

tail  = defModCreate  (tail,  quality); 
break; 

default: 

tail  = NULL; 

> 

if  (tail)  { 

tail  = pgpAddHeaderCreate  (tail,  version,  fd, 

PKTBYTE_COMPRESSED,  3,  Stype,  1); 

if  ( ! t a i l ) C 

newhead->teardown  (newhead); 
return  NULL; 

> 

★tail  = * h e a d ; 

★head  = newhead ; 

> 

return  tail; 

} 

struct  PgpPipeline  ** 

pgpDecompressModCreate  (struct  PgpPipeline  **head,  byte  type) 
if  ( ! h e a d ) 
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> 


return  NULL; 


switch  (type)  { 

case  P G P_C  OMPRESSA  LG_Z I P : 

return  infModCreate 

default: 


> 


return  NULL; 


(head); 
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compmod.h 

/* 

* compmod.h  this  defines  the  compression  and  decompression 

* functions  for  PGP..  It  provides  a generalized  interface  to  the 

* compression  modules,  and  keeps  applications  from  requiring 

* knowledge  of  all  the  different  types  of  compression  that  may  be 

* supported. 

* 

* Written  by:  Derek  Atkins  <warlordaMIT.EDU> 

★ 

* $ I d : compmod.h, v 1.1  6 1 996/1  1 /1  2 02:1  8:1  4 mhw  Exp  $ 

*/ 

# i f nd  e f PGP_C0MPM0D_H 
#define  PGP_C0MPM0D_H 

^include  " pg p / u s u a l s . h " 

struct  PgpPipeline; 

# i f nde  f T Y P E_PG P P I P E L I N E 
^define  TYPE_PGPPI PELI NE  1 

typedef  struct  PgpPipeline  PgpPipeline; 

#end  i f 

struct  PgpFifoDesc; 

# i f ndef  T Y P E_PG P F I F 0 D E S C 

^define  T Y P E_PG P F I F 0 D E S C 1 

typedef  struct  PgpFifoDesc  PgpFifoDesc; 

Send  i f 

/ * 

* Create  a compression  module  of  the  appropriate  type  (must  be  one  of 

* the  C 0 M P R E S S A LG_*  types)  with  the  appropriate  compression  quality. 

* 

* Note:  There  can  only  be  one  ZIP  compression  module  in  existance 

* at  a time,  since  the  underlying  ZIP  code  is  not  re-entrant. 

* / 

struct  PgpPipeline  * * pg p C omp r e s s Mod C r e a t e (struct  PgpPipeline  **head, 

PgpVersion  version, 

struct  PgpFifoDesc  const  *fd, 

byte  type,  int  quality); 

/* 

* Create  a decompression  module  of  the  appropriate  type. 

* / 

struct  PgpPipeline  * * pg p D e c omp r e s s Mod C r ea t e (struct  PgpPipeline  **head, 

byte  type); 

# e nd i f /*  PGP  C0MPM0D  H */ 
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defmod.c 

/ * 

* defmod.c  --  Deflate  (compression)  module 

* 

* Written  by:  Derek  Atkins  < wa r l o rd 3M  I T . E D U > 

* 

* $Id:  defmod.c, v 1.27  1996/11/12  02:18:14  mhw  Exp  $ 

* / 

#ifdef  H A V E_C  0 N F I G H 


# i nc l ude 

"config.h" 

#end  i f 

^include 

<assert . h> 

#include 

< s t d i o . h > 

it  i n c l ud  e 

"bytefifo.h" 

#i nc l ude 

"defmod.h" 

it  i n c l u d e 

"zi p. h" 

it  i n c l ude 

"pgp/annotate.  h" 

# i n c l ud  e 

"pgp/pgpmem.  h" 

it  i n c l ud  e 

"pgp/pipeline.h" 

# d e f i n e 

DEFMODMAGIC  OxOdeflale 

static  int  defModLock  = 0; 

struct  Context  { 

struct  PgpFifoContext  *fifo; 
struct  PgpPipeline  * t a i l ; 
int  finished; 
int  scope_depth; 

>; 

static  int 

DoFlush  (struct  Context  *context) 

{ 

int  error  = 0 ; 
byte  const  * p t r ; 
unsigned  len; 
s i z e_t  retlen; 

/*  Try  to  flush  anything  that  we  have  buffered  */ 
bi_flush(); 

ptr  = byteFifoPeek  (context->fifo,  & l e n ) ; 
while  (len)  { 

retlen  = c on t e x t -> t a i l -> w r i t e ( c on t ex t-> t a i l , ptr, 

Serror); 

byteFifoSeek  (context->fifo,  retlen); 
if  (error) 

return  error; 

ptr  = byteFifoPeek  (context->fifo,  Slen); 

> 

return  error; 

> 

static  int 

Flush  (struct  PgpPipeline  *myself) 

{ 


len. 
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struct  Context  *context; 
int  error; 

assert  (myself); 

assert  (myse  l f->magi c = = DEFMODMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

error  = DoFlush  (context); 
if  (error) 

return  error; 

return  context->tail->flush  (context->tail); 

> 

static  s i z e_t 

Write  (struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  int 
struct  Context  *context; 
assert  (myself); 

assert  (myself->magic  ==  DEFMODMAGIC)  ; 
assert  (error); 


context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 


z i p_i nput  ((char 

const  *)buf. 

s i z e ) ; 

★error 

= DoFlush 

(context); 

> 

return 

size; 

static 

i n t 

Annotate  (struct  PgpPipe 

line  ★myse  If, 

struct  PgpPipeline  *origin 

{ 

byte 

const  *st 

ring,  s i z e_t 

size) 

struct 

Context  *context; 

int  error; 
assert  (myself); 

assert  (myself->magic  = = DEFMODMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

error  = DoFlush  (context); 
if  (error) 

return  error; 


error  = c o n t e x t -> t a i l -> a n n o t a t e 
if  ('.error) 


(context->tai l, 
string,  size); 


o r i g 


PGP_SCOPE_DEPTH_UPDATE ( c o n t e x t - > s c o p e_d e p t h, 
a s s e r t ( c on t e x t -> s c o pe_d e p t h !=  -1); 


n,  type. 


t y p e ) ; 


★error) 


type. 
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return  error; 

> 

static  i n t 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  Long  bytes) 

{ 

struct  Context  *context; 
int  error; 

assert  (myself); 

assert  (myself->magic  ==  DEFMODMAGIC)  ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

if  (bytes  | | c o n t e x t -> s c o pe_d e p t h ) 
return  0; 

if  ( ! c o n t ex t -> f i n i s h e d ) { 

/*  It  is  a Bad  Thing  to  call  z i p_ finish  multiple 
z i p_f inish  (); 
context->finished  = 1; 

> 

error  = DoFlush  (context); 
if  (error) 

return  error; 

return  context->tail->sizeAdvise  (context->tail,  0 ) ; 

> 

static  void 

Teardown  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert  (myself); 

assert  (my se  l f->mag i c ==  DEFMODMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

if  (context -> tail) 

context->tai  l->teardown  (context->tai  l ) ; 

ct_f  ree  ();  /*  Free  code  tree  buffers  */ 

lm_f ree  ();  /*  Free  longest  match  buffers  */ 

byteFifoDestroy  (context->fifo); 
memset  (context,  0,  sizeof  (*context)  ); 
pgpMemFree  (context); 

memset  (myself,  0,  sizeof  (*myself)); 

pgpMemFree  (myself); 

defModLock--; 

> 

struct  PgpPipeline  ** 

defModCreate  (struct  PgpPipeline  **head,  int  quality) 

{ 

struct  PgpPipeline  *mod; 


times.  * / 
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struct  Context  *context; 
struct  PgpFifoContext  * f i f o ; 

if  ( ! head) 

return  NULL; 

if  ( d e f Mod  Lo  c k ) 

return  NULL; 
defModLock++; 

if  (Lm_init  (quality)) 
return  NULL; 
if  ( c t_i  nit  ( ) ) { 

l m_f  ree  ( ) ; 
return  NULL; 

> 

context  = (struct  Context  * ) pgpMemA l l oc  (sizeof  (*context ) ) ; 
if  ( ! context  ) { 

c t_f  ree  ( ) ; 
l m_f  ree  ( ) ; 
return  NULL; 

> 

mod  = (struct  PgpPipeline  OpgpMemAlloc  (sizeof  (*mod)); 
if  ( ! mod  ) { 

c t_f  ree  ( ) ; 
l m_f  ree  ( ) ; 
pgpMemFree  (context); 
return  NULL; 

> 

fifo  = byteFifoCreate  (); 
if  ( ! f i f o ) C 

c t_f  ree  ( ) ; 
l m_f ree  ( ) ; 
pgpMemFree  (context); 
pgpMemFree  (mod); 
return  NULL; 

> 

mod->magic  = DEFMODMAGIC; 
mod->write  = Write; 
mod->flush  = Flush; 
mod->sizeAdvise  = SizeAdvise; 
mod->annotate  = Annotate; 
mod->teardown  = Teardown; 
mod->name  = "Deflation  Module"; 
mod->priv  = context; 

memset  (context,  0,  sizeof  (*context)  ); 
context->fifo  = fifo; 

b i i n i t (fifo); 

context->tail  = *head; 

*head  = mod; 

return  &context->tail; 
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defmod.h 

/ * 

* defmod.h  — Header  for  ZIP  Compression  (deflation) 

* 

* Written  by:  Derek  Atkins  < w a r l o r d a M I T . E D U > 

* 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP 

* You  should  not  be  using  these  functions  in  an  application. 

* 

* $ I d : defmod. h,v  1.1  0 1 996/1  1 /1  2 02:1  8:1  5 mhw  Exp  $ 

*/ 

struct  PgpPipeline; 

struct  PgpPipeline  * * d e f Mod C r e a t e (struct  PgpPipeline  **head. 


Library. 


int  quality); 
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infmod.c 

/ * 

* infmod.c  --  Inflation  (decompression)  module 

* 

* Written  by:  Derek  Atkins  <wa r l o rdBM I T . E DU> 

* 

* $ I d : infmod.c, v 1.27  1 996/1  1 /1  2 02:1  8:1  5 mhw  Exp  $ 

* / 

# i f d e f H A V E_C  0 N F I G_H 
//include  "config.h" 

//  e nd  i f 


//include  <assert.h> 
//include  <stdio.h> 


//include 

//include 

//include 

//include 

//include 


" i n f mod  . h " 
"zinflate.h" 
"pgp/annotate  . h " 
"pgp/pgpmem  . h" 
"pgp/pipeline.h" 


//define  INFMODMAGIC  0x01  258aef 


struct  Context  i 

struct  InflateContext  * i n f ; 
struct  PgpPipeline  * t a i l ; 
i n t scop  e_d  epth; 

>; 

static  i n t 

DoFlush  (struct  Context  *context) 

{ 

int  error  = 0; 
unsigned  len; 
byte  const  * p t r ; 
s i z e_t  ret  len; 

/*  Try  to  flush  anything  that  we  have  buffered  */ 
ptr  = infGetBytes  (context->inf , Slen); 
while  (len)  ( 

ret  len  = c o n t e x t -> t a i l -> w r i t e ( c on t ex t-> t a i l , 

ptr,  len, 
Serror); 

infSkipBytes  (context->inf,  retlen); 

if  (error) 

return  error; 

ptr  = infGetBytes  (context->inf,  &len); 

> 

return  error; 

> 


static  int 

Flush  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
int  error; 
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assert  (myself); 

assert  (myself->magic  ==  INFMODMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

error  = DoFlush  (context); 
if  (error) 

return  error; 

return  context->tail->flush  (context->tail); 

} 

static  s i z e_t 

Write  (struct  PgpPipeline  *myself,  byte  const  *buf,  si ze_t  size,  int 
{ 

struct  Context  *context; 
si ze_t  written,  retlen  = 0; 

assert  (myself); 

assert  ( my s e 1 f -> ma g i c ==  INFMODMAGIC); 
assert  (error); 


context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  ( c o n t e x t -> t a i l ) ; 

/*  Flush  what  is  buffered  */ 

★error  = DoFlush  (context); 
if  (*error) 

return  retlen; 

do  f 

/ * Process  data  * / 

written  = infWrite  ( c o n t e x t -> i n f , (byte  *)buf,  size, 

retlen  +=  written; 

buf  +=  written; 

size  -=  written; 

if  (*error) 

return  retlen; 

/ ★ And  flush  it!  * / 

★error  = DoFlush  (context); 
if  (*error) 

return  retlen; 

} while  (size); 

/*  Continue  until  we  have  left  to  read  */ 
return  retlen; 

} 


static  int 

Annotate  (struct  PgpPipeline  *myself,  struct 
byte  const  *string,  size_t  size) 


{ 


struct  Context  *context; 


Pg  p P i p e 


ine  *origin. 


i n t 


★error) 


error); 


type. 
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int  error; 
assert  (myself); 

assert  ( my s e l f ->ma g i c ==  I N F MO  DM A G I C ) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context) ; 
assert  (context->tail); 

error  = DoFlush  (context); 
if  (error) 

return  error; 


> 


error  = context->tail->annotate  (context->tail 

string,  size); 


if  ( lerror) 

PGP_SCOPE_DEPTH_UPDATE ( context->scope 
assert  ( c o n t e x t -> s c o pe_d e p t h ! = -1  ) ; 
return  error; 


, origin,  type 


depth,  type); 


r 


static  int 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

struct  Context  *context; 
int  eoferr; 
int  error; 


assert  (myself); 

assert  ( my s e l f ->ma g i c ==  I N F MO  DM A G I C ) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 


if  (Ibytes  &&  ! c on t e x t -> s c ope_d ep t h ) { 
do  { 

eoferr  = infEOF  (context->inf); 
if  (eoferr  < 0) 

return  eoferr; 


error  = DoFlush  (context); 
if  (error) 

return  error; 

> while  (eoferr); 

> 


return  context->tail->sizeAdvise  (context->tail,  bytes); 

> 

static  void 

Teardown  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert  (myself); 

assert  (myself->magic  ==  INFMODMAGIC); 
context  = (struct  Context  *)myself->priv; 
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assert  (context); 
if  (context->tail) 

context->tai L->teardown  (context->tai l ) 
i nf  Free  (context->inf); 

memset  (context,  0,  sizeof  (*context)); 
pgpMemFree  (context); 

memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 

> 

struct  PgpPipeline  ** 

infModCreate  (struct  PgpPipeline  **head) 

{ 

struct  PgpPipeline  *mod; 
struct  Context  ^context; 

if  ( ! h e a d ) 

return  NULL; 

context  = (struct  Context  *)pgpMemAlloc  (sizeof 
if  (!  context) 

return  NULL; 

mod  = (struct  PgpPipeline  * ) pgpMemA l l o c (sizeof 
if  ( ! mod) ( 

pgpMemFree  (context); 
return  NULL; 

> 

mod->magi c = INFMODMAGIC; 
mod->write  = Write; 
mod->flush  = Flush; 
mod->si zeAdvi se  = SizeAdvise; 
mod->annotate  = Annotate; 
mod->teardown  = Teardown; 
mod->name  = "Inflation  Module"; 
mod->priv  = context; 

memset  (context,  0,  sizeof  (*context) ) ; 
context->inf  = infAlloc  (); 

context->tail  = *head; 

*head  = mod; 

return  &context->tail; 

} 


(★context)); 

(★mod)); 
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infmod.h 

/ * 

* infmod.h  — inflation  module 

* 

* Written  by:  Derek  Atkins  <warlordaMIT.EDU> 

★ 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  functions  in  an  application. 

* 

* $ I d : infmod.h, v 1.9  1 996/1  1 /1  2 02:18:1  5 mhw  Exp  $ 

* / 

struct  PgpPipeline, - 

struct  PgpPipeline  **infModCreate  (struct  PgpPipeline  **head); 


1155 


lib/ pgp/ pipe/ text/literal,  c 


literal. c 


/* 

* Literal. c --  create  a Literal  packet 

* 

* Written  by:  Derek  Atkins  < w a r l o r d 5)  M I T . E D U > 

* 

* $ I d : literal.c,v  1.14  1996/11/12  02:18:15  mhw  Exp  $ 

* / 

# i f d e f H A V E_C  0 N F I G_H 
#include  "config.h" 

#end  i f 


^include  <stdio.h> 


# i nc  l ude 

# i n c l ude 

# i n c L ud  e 
U include 

# i n c l u d e 


"addhdr.h" 

" literal. h" 
"pktbyte . h" 
"pgp/pipeline.h" 
"pgp/usuals.h" 


struct  PgpPipeline  ** 

pg p L i t e r a l C r e a t e (struct  PgpPipeline 

struct  PgpFifoDesc 
byte  len,  w o r d 3 2 t 

{ 


**head,  PgpVersion  version, 

const  *fd,  byte  type,  byte  *name, 

mestamp) 


byte  headerC261];  / * Maximum  size  of  a literal  header  * / 

i n t i ; 

struct  PgpPipeline  **mod; 


if  ( ! h e a d ) 

return  NULL; 


headerCOH  = type; 
headerHI]  = len; 
memcpy  (header+2,  name,  len); 
len  +=  2 ; 

for  ( i = 3 ; i > 0;  i - - ) { 

headerClen+iH  = (byte)  (timestamp  & Oxff); 
timestamp  >>=  8; 

> 

mod  = pg p Add H e a d e r C r e a t e (head,  version,  fd,  PKTB Y T E_L I T E R A L , 0, 

header,  len+4); 

memset  (header,  0,  sizeof  (header)); 
if  ( mod ) 

(*head)->name  = "Literal  Module"; 
return  mod; 

> 
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literal,  h 

/* 

* Literal. h --  Create  a Literal  Packet  Module 

* 

* Written  by:  Derek  Atkins  <warlordaMIT.EDU> 

* 

* $Id:  literal. h,v  1.14  1 996/1  1 /1  2 02:1  8:1  6 mhw  Exp  $ 
*/ 

# i f nde  f PG P_L I T E R A L_H 
#d  e f i n e PG P_L I T E R A L_H 

ft  include  "pgp/usuals.h" 

struct  PgpPipeline; 

#ifndef  T Y P E_PG P P I P E L I N E 
#define  T Y P E_PG P P I P E L I N E 1 
typedef  struct  PgpPipeline  PgpPipeline ; 
ft  e nd  i f 


struct  PgpFifoDesc; 
tfifndef  T Y P E_PG P F I F 0 D E S C 
#def i ne  T Y P E_PG P F I F 0 D E S C 1 
typedef  struct  PgpFifoDesc 
#endi f 


PgpFi foDesc; 


/* 

★ 


This  creates  a module 
either  ' b ' or  1 t ' for 
specifies  the  name  of 
the  file. 


* 

* 

*/ 

struct  PgpPipeline  ** 
pg pL i t e r a l C r ea t e (struct 

struct 
byte 


for  a literal  packet.  The 
binary  or  text.  The  name 


the  file.  The  timestamp 


type  should  be 
is  len  bytes  which 
is  the  timestamp  of 


PgpPipeline  **head,  PgpVersion  version, 
PgpFifoDesc  const  *fd,  byte  type,  byte  *name, 
len,  word32  timestamp); 


#endif  /*  P G P_L I T E R A L H */ 


1 157 


lib/ pgp/ pipe/text/textfilt.c 


textfilt.c 


/ * 

* textfilt.c  --  filter  text 

★ 

* Written  by:  Derek  Atkins  <warlordaMIT.EDU>  and  Colin  Plumb 

★ 

* $ I d : textfilt.c, v 1.31  1 996/1  1 /1  2 02:1  8:1  6 mhw  Exp  $ 

* / 

tfifdef  HAVE  CONFIG  H 


#i  nc  lude 

" con  f i g . h " 

#end  i f 

#i nc  lude 

<assert . h> 

# i n c l ud  e 

< s t d i o . h > 

U i n c l ud  e 

"textfi  It.h" 

# i n c l u d e 

"pgp/ pgpmem  . h " 

//include 

"pgp/pipeline.h" 

//include 

"pgp/pgperr  . h" 

//include 

"pgp/usuals.h" 

//define 

TEXTFILTMAGIC  0x1 e81 f 1 1 1 

struct 


>; 


Context  { 

byte  bufferCBUFSIZH; 
byte  *bufptr; 
si ze_t  buflen; 

F 

/*  256-entry  mapping  table  */ 

/*  0 = nothing,  1 = L F , 2 = CRLF,  3 = CR  */ 

int  stripspace; 
s i z e_t  spaces; 
int  ignorelf; 


struct  PgpPipeline  * t a i l 
byte  const  * m a p ; 
int  c r l f ; 


static  int 

DoFlush  (struct  Context  *context) 
{ 

int  error  = 0; 
s i z e_t  retlen; 


} 


/*  Try  to  flush  anything  that  we  have  buffered  */ 
while  ( c on t e x t -> b u f l e n ) { 

retlen  = context->tai  l->write  (context->tail, 

context->bufptr 
context->buf  len 
terror); 

context->buf  len  -=  retlen; 
memset  (context->bufptr,  0,  retlen); 
context->buf ptr  +=  retlen; 
if  (error) 

return  error; 


> 


/ 

/ 


return  error; 


/* 

* Note:  it  is  assumed  that  \r,  \n  and  ' ' use  the  identity  mapping. 
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* This  will  need  fixing  for  EBCDIC. 

*/ 

static  s i z e_t 

textFilt  (struct  Context  *context,  byte  const  *in,  size_t  inlen) 

size_t  spaces  = context->spaces; 

int  ignorelf  = c o n t e x t -> i g n o r e L f ; 

byte  *out  = context->buf pt r+context->buf len; 

s^ze— t outlen  = c o n t e x t -> b u f f e r + s i z e o f ( c o n t e x t -> b u f f e r ) -o u t ; 

size_t  inlenO  = inlen; 

byte  c ; 

assert  (outlen); 

while  (inlen  SS  outlen)  { 
c = * i n ; 


if  (ignorelf)  { 

ignorelf  = 0; 
if  ( c ==  ' \ n ' ) { 

in  + + ; 
inlen--; 
continue; 

> 

> 

if  ( c ==  ' \n ' ||  c ==  ' \ r ■ ) { 

if  (context->crlf)  { 

if  (context->crlf  ==  PG P_T E XT F I LT_C R L F ) 
if  (outlen  < 2 ) 
break; 
out l e n — ; 

> 

if  (context->crlf  S PG P_TE X T F I LT_C R ) 

* o u t + + = 1 \ r 1 ; 

if  ( con t ex t->c r l f S P G P_T  E X T F I L T_L  F ) 
*out  + + = ' \ n ' ; 
outlen--; 
i n + + ; 
inlen--; 

ignorelf  = (c  = = 1 \ r ' ) ; 

spaces  = 0 ; 

continue; 

} 


spaces  = 0; 

> 

if  ( con t ex t->s t r i pspa c e SS  c ==  ' ■)  { 

spaces++; 
i n + + ; 
inlen--; 
continue; 

> 


if  (spaces)  { 

int  i = min 

memset  (out 
outlen  -=  i 
spaces  -=  i 
out  + = i ; 
continue; 


(spaces,  outlen); 

' ' , i); 


{ 
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> 

*out++  = context->map[c]; 
i n + + ; 
out  Len--; 
inlen — ; 

} 

context->spaces  = spaces; 
context->ignorelf  = ignorelf; 
context->buf  Len  = out  - c on t e x t -> bu f p t r ; 
return  inlenO  - inlen; 

} 

static  i n t 

Flush  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
int  error; 

assert  (myself); 

assert  (myse l f->magi c = = TEXTFILTMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

error  = DoFlush  (context); 
if  (error) 

return  error; 

return  context->tai  l->f  lush  (context->tail); 

} 

static  s i z e_t 

Write  (struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  int  *error) 
f 


struct 

Context  *context; 

s i z e_t 

written,  retlen  = 

0; 

assert 

(myself); 

assert 

( my s e l f ->ma g i c = = 

TEXTFILTMAGIC); 

assert 

(error); 

context 

= (struct  Context 

*)myself->priv; 

assert 

(context); 

assert 

(context->tai l); 

do  ■( 

♦error  = DoFlush 
if  (*error) 

(context); 

return  retlen; 


/ * 

* Now  that  we  dont  have  anything  buffered,  bring  in  more 

* data  from  the  passed-in  buffer,  process  it,  and  buffer 

* that  to  write  out. 

*/ 

context->buf ptr  = context->buffer; 
written  = textFilt  (context,  buf,  size); 
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/*  context->buf  Len  is  set  by  textFiltO  */ 
buf  + = written; 
size  - = written; 
retlen  +=  written; 

> while  (context->buf  len  > 0); 

/*  Continue  until  we  have  nothing  buffered  * / 
return  retlen; 

> 


static  i n t 

Annotate  (struct  PgpPipe 
byte  const  *st 


line 

ring. 


*my  s e l f , struct 
s i z e_t  size) 


struct  Context  *context; 
int  error; 


PgpPipeline  * o r i g 


assert  (myself); 

assert  (myself->magic  = = TEXTFILTMAGIC); 

context  = (struct  Context  *)myself  — >priv; 
assert  (context); 
assert  (context->tail); 

error  = DoFlush  (context); 
if  (error) 

return  error; 

return  c o n t e x t -> t a i l - > a n n o t a t e ( c on t e x t -> t a i l , origin, 

string,  size); 

static  int 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

struct  Context  *context; 
int  error; 


assert  (myself); 

assert  ( myse l f->mag i c ==  TEXTFILTMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tai  l ); 

error  = DoFlush  (context); 

if  (error  ||  (bytes  &&  ( context->st  ri pspace  ||  context- 
return  error; 

return  c o n t e x t -> t a i l -> s i z e Ad v i s e ( c o n t e x t -> t a i l , bytes) 


static  void 

Teardown  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert  (myself); 


in,  int  type. 


type. 


>cr  If  ) ) ) 
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assert  ( my s e l f ->ma g i c ==  TEXT F I LTMAGI  C ) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

if  (context->tail) 

context->tai l->teardown  (context->tai L ) ; 

memset  (context,  0,  sizeof  (*context) ) ; 
pgpMemFree  (context); 

memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 


struct  PgpPipeline  ** 

pg pT e x t F i l t C r e a t e (struct  PgpPipeline  **head,  byte  const  *map,  int  stripspace, 

i n t c r l f ) 

{ 

struct  PgpPipeline  * m o d ; 
struct  Context  *context; 

assert  (map); 

if  ( ! h e a d ) 

return  NULL; 

context  = (struct  Context  OpgpMemAlloc  (sizeof  (*context)  ); 
if  (!  context) 

return  NULL; 

mod  = (struct  PgpPipeline  *)pgpMemAlloc  (sizeof  (*mod)  ); 
if  ( ! mod ) C 

pgpMemFree  (context); 
return  NULL; 

> 

mod->magi c = TEXTFILTMAGIC; 
mod->write  = Write; 
mod->flush  = Flush; 
mod->sizeAdvise  = SizeAdvise; 
mod->annotate  = Annotate; 
mod->teardown  = Teardown; 
mod->name  = "Text  Filter  Module"; 
mod->priv  = context; 

memset  (context,  0,  sizeof  (*context) ) ; 
context->buf ptr  = context->buf fer; 
context->map  = map; 
c o n t e x t -> s t r i ps pa c e = stripspace; 
context->crlf  = c r l f ; 

context->tail  = *head; 

*head  = mod; 

return  &context->tail; 

} 


1162 


lib  / pgp/ pipe/ text/ textfilt.h 


textfilt.h 

/* 

* textfilt.h  — Text  Filter  Module 

★ 

* Written  by:  Derek  Atkins  < w a r l o rda M I T . E D U > 

★ 

* This  is  a Public  API  Function  Header. 

■ k 

* $Id:  textfilt.h, v 1.13  1996/11/12  02:18:16  mhw  Exp  $ 
*/ 

# i f nd  e f PG  P_T E X T F I LT_H 
^define  PG  P_T  E X T F I L T H 


# i n c l ud  e "pgp/usuals.h" 


struct  PgpPi pe  l i ne; 

# i f nde  f T Y P E_PG P P I P E L I N E 
^define  T Y P E_PG P P I P E L I N E 1 
typedef  struct  PgpPipeline  PgpPipeline; 
#end  i f 


/ * 

* Create  a text  filtering  module.  It  will  use  the  appropriate 

* character  map  to  map  input  to  output  characters.  It  will  optionally 

* strip  ending  spaces  off  the  end  of  lines,  if  stripspace  is  non-zero. 

* It  will  also  convert  line-endings  to  the  appropriate  type  if 

* crlf  is  non-zero.  Use  T E X T F I L T_*  to  designate  the  Line-ending 

* required. 

* / 

struct  PgpPipeline  ** 

pgpTextFiltCreate  (struct  PgpPipeline  * * h e a d , byte  const  *map,  int  stripspace 

i n t c r l f ) ; 


^define  P G P_T  E X T F I L T_N  ONE  0 

#def i ne  PG P_T E X T F I L T_L F 1 

^define  PG P_T E X T F I LT_C R 2 

#def i ne  PG  P_T E X T F I L T_C R L F 3 

tfendif  /*  P G P_T  E X T F I LT  H */ 
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zbits.c 

/* 

* 

* Copyright  (C)  1990,1991  Mark  Adler,  Richard  B.  Wales,  and  Jean-loup 

* Gailly.  Permission  is  granted  to  any  individual  or  institution  to  use, 

* copy,  or  redistribute  this  software  so  long  as  all  of  the  original 

* files  are  included  unmodified,  that  it  is  not  sold  for  profit,  and 

* that  this  copyright  notice  is  retained. 

* 

* Hacked  up  for  PGP  by  Colin  Plumb 

★ 

* Sid:  zbits.c, v 1.1  3.2.1  1 996/1  1 /1  4 02:36:55  mhw  Exp  $ 

*/ 

/* 

* bits.c  by  Jean-loup  Gailly. 

* 

* This  is  a new  version  of  i m_b i t s . c originally  written  by  Richard  B.  Wales 

* 

* PURPOSE 

* 

* Output  v a r i a b l e - l e n g t h bit  strings. 

* 

* DISCUSSION 

* 

* The  PKZIP  "deflate"  file  format  interprets  compressed  file  data 

* as  a sequence  of  bits.  Multi-bit  strings  in  the  file  may  cross 

* byte  boundaries  without  restriction. 

* 

* The  first  bit  of  each  byte  is  the  low-order  bit. 

★ 

* The  routines  in  this  file  allow  a va r i ab  l e- 1 engt h bit  value  to 

* be  output  right-to-left  (useful  for  literal  values).  For 

* l e f t - 1 o- r i g h t output  (useful  for  code  strings  from  the  tree  routines), 

* the  bits  must  have  been  reversed  first  with  bi_reverse() . 

* 

* INTERFACE 

★ 

* void  bi_init  (struct  PgpFifoContext  *zipfifo) 

* Initialize  the  bit  string  routines.  If  zipfifo  is 

* non-NULL,  does  a hard  reset.  If  it  is  NULL,  just 

* sets  variables  to  re-fetch  the  FIFO  write  pointer, 

* because  it  has  been  invalidated  by  FIFO  reads. 

* 

* void  send_bits  (int  value,  int  length) 

* Write  out  a bit  string,  taking  the  source  bits  right  to 

* left. 

* 

* int  bi_reverse  (int  value,  int  length) 

* Reverse  the  bits  of  a bit  string,  taking  the  source  bits  left  to 

* right  and  emitting  them  right  to  left. 

* 

* void  bi_windup  (void) 

* Write  out  any  remaining  bits  in  an  incomplete  byte. 

* 

* void  c o py_b l o c k ( c h a r const  far  *buf,  unsigned  len,  int  header) 

* Copy  a stored  block  to  the  zip  file,  storing  first  the  length  and 

* its  one's  complement  if  requested. 
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* 

*/ 

#ifdef  H A V E_C  0 N F I G_H 
^include  "config.h" 

U e nd  i f 

# i nc l ude  "bytefifo.h" 

# i n c l ude  "zip.h" 

* Local  data  used  by  the  "bit  string"  routines. 
*/ 

static  unsigned  bi_buf; 

/*  Output  buffer,  bits  are  inserted  starting 

* bits).  High-order  unused  bits  are  always 
*/ 


#define  Buf_  .size  16 


/*  Number  of  bits  used  within  bi_buf 
* more  than  16  bits  on  some  systems 
*/ 

. ( b i 

. ) 

_buf  mi 

gh  t 

be  implemented  on 

static 
/*  All 
*/ 

int  bi_vali  de- 
bits above  the  last  valid  bit 

/* 

are 

numbe  r 
always 

of  valid 

zero. 

bits  in  b i _bu f * / 

# i f d e f 

Z I PDEBUG 

wo  rd32 
# e nd  i f 

bits_sent;  /*  bit  length  of 

the 

compressed 

data 

*/ 

/*  The  current  output  buffer  */ 
static  unsigned  char  *outptr; 
static  unsigned  outtotal; 
static  unsigned  outleft; 

/*  How  to  do  output.  */ 
struct  PgpFifoContext  * z f i f o ; 

#def i ne  b i_g e t s pa c e ( l e n ) by t e F i f oG e t S pa c e ( z f i f o , (len)) 

# d e f i n e b i _s k i p s pa c e ( l e n ) by t e F i f o S k i p S pa c e ( z f i f o , (len)) 

^define  PUTBYTE(c)  (outleft  = (outleft  ? outleft  : \ 

( b i_s k i ps pa c e ( ou t t o t a l ) , \ 
outptr  = bi_getspace(Souttota l ),  \ 
out  tota  l ) ) -1  , \ 

*outptr  + + = (unsigned  char)  (c)  ) 

#define  PUTSHORT(w)  (PUTBYTE(w),  P U T B Y T E ( ( w ) > > 8 ) ) 


at  the  bottom  (least  significant 
zero. 


void 

bi_init(struct  PgpFifoContext  *zipfifo) 
C 

outleft  = outtotal  = 0; 
zfifo  = zipfifo; 

b i _b  u f = 0 ; 
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b i _v  a l i d = 0 ; 

#ifdef  ZIPDEBUG 

b i t s_s  e n t = 0 L ; 

#end  i f 

> 

/ * 

* Make  sure  that  all  data  written  out  is  recorded,  and  invalidate 

* the  cached  pointers  because  reading  the  output  buffer  might 

* move  things  around.  PUTBYTE  will  re-fetch  the  appropriate  data. 

* / 

void 

bi_flush(void) 

{ 

bi_skipspace(outtotal-outleft); 
outleft  = outtotal  = 0 ; 

> 


void 

bi_windup(void) 

{ 

if  (bi_valid  > 8)  ( 

PUTSHORT (bi _b  u f ) ; 

> else  if  (bi_valid  > 0)  { 

PUTBYTE (bi_buf); 

> 

b i _bu  f = 0 ; 
b i_v  a l i d = 0 ; 

#ifdef  ZIPDEBUG 

bits_sent  = ( bi t s_sent+7 ) 8 ~7; 

#end  i f 

bi_skipspace(outtotal-outleft); 
outptr  = bi_getspace(&outtotal); 
outleft  = outtotal; 

> 

void 

c o py_b l o c k ( c h a r const  far  *buf,  unsigned  len,  int  header) 

{ 

bi_windup();  /*  align  on  byte  boundary  */ 

# i f d e f ZIPDEBUG 

bits_sent  +=  (word32)len<<3; 

tf  e n d i f 


# i f d e f 
#end  i f 


if  (header)  { 

PUTSHORT ( (word16) len); 

PUTSHORTC (word16)~len); 

ZIPDEBUG 

b i t s_s  ent  +=  2*16; 

> 

while  (len  >=  outleft)  { 

memcpyloutptr,  buf,  outleft); 

len  - = outleft; 

buf  +=  outleft; 

bi_skipspace(outtotal); 

outptr  = bi_getspace(8outtotal); 
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outleft  = outtotal; 

} 

if  ( l e n ) f 

memcpy (outptr,  buf,  Len); 
outptr  +=  len; 
outleft  - = len; 

} 

> 


* Send  a value  made  up  of  a given  number  of  bits. 

* IN  assertion:  length  <=  15  and  value  < (1  <<  lenqth). 

*/ 

void 

send_bi ts ( i nt  value,  int  length) 

{ 

#ifdef  ZIPDEBUG 

TracevvC (stderr,"  l %2d  v %4x  ",  length,  value)); 
ZipAssertC  length  > 0 88  length  <=  15,  "invalid  length"); 
ZipAssertCvalue  < (1  <<  length),  "invalid  value"); 
bits_sent  +=  (word32)  length; 

ft  e n d i f 

/ * 


* Add  extra  bits  to  bi_buf  and  add  length  to  bi_valid.  If  this 

* fills  bi — buf,  copy  Buf size  bits  to  the  output,  decrementing 

* b i _v a l i d appropriately  and  set  bi_buf  to  the  remaining  bi_valid 

* high  bits  of  value.  (value  >>  (length  - bi  valid)). 

*/ 


bi_buf  |-  (value  <<  bi_valid); 

b i _v  a l i d +=  length; 

if  ( bi_va l i d >=  ( i n t ) Bu f_s i z e ) { 

PUTSHORT(bi_buf ) ; 
bi_valid  -=  ( i n t ) Bu f _s i z e ; 

b i_bu f = ( unsigned )value  >>  (length  - bi_valid); 


> 
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zdeflate.c 


/ * 

* Copyright  (C)  1990-1993  Mark  Adler,  Richard  B.  Wales,  Jean-loup  Gailly, 

* Kai  Uwe  Rommel  and  Igor  Mandri chenko . 

* Permission  is  granted  to  any  individual  or  institution  to  use,  copy, 

* or  redistribute  this  software  so  long  as  all  of  the  original  files 

* are  included,  that  it  is  not  sold  for  profit,  and  that  this  copyright 

* notice  is  retained. 

* 

* Hacked  up  for  PGP  by  Colin  Plumb 

* 

* Sid:  zdeflate.c, v 1.8. 2.1  1 996/1  1 /1  4 02:36:56  mhw  Exp  $ 

*/ 


/* 

* 

★ 
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deflate. c by  Jean-loup  Gailly. 

PURPOSE 

Identify  new  text  as  repetitions  of  old  text  within  a fixed- 
length  sliding  window  trailing  behind  the  new  text. 

DISCUSSION 

The  "deflation"  process  depends  on  being  able  to  identify  portions 
of  the  input  text  which  are  identical  to  earlier  input  (within  a 
sliding  window  trailing  behind  the  input  currently  being  processed). 

The  most  s t r a i g h t f o rwa r d technique  turns  out  to  be  the  fastest  for 
most  input  files:  try  all  possible  matches  and  select  the  longest. 

The  key  feature  of  this  algorithm  is  that  insertions  into  the  string 
dictionary  are  very  simple  and  thus  fast,  and  deletions  are  avoided 
completely.  Insertions  are  performed  at  each  input  character, 
whereas  string  matches  are  performed  only  when  the  previous  match 
ends.  So  it  is  preferable  to  spend  more  time  in  matches  to  allow  very 
fast  string  insertions  and  avoid  deletions.  The  matching  algorithm 
for  small  strings  is  inspired  from  that  of  Rabin  & Karp.  A brute 
force  approach  is  used  to  find  longer  strings  when  a small  match  has 
been  found.  A similar  algorithm  is  used  in  comic  (by  Jan-Mark  Warns) 
and  freeze  (by  Leonid  Broukhis). 

A previous  version  of  this  file  used  a more  sophisticated  algorithm 
(by  Fiala  and  Greene)  which  is  guaranteed  to  run  in  linear  amortized 
time,  but  has  a larger  average  cost,  uses  more  memory  and  is  patented. 
However  the  F&G  algorithm  may  be  faster  for  some  highly  redundant 
files  if  the  parameter  ma  x__c  h a i n_l  e n g t h (described  below)  is  too  large. 

ACKNOWLEDGEMENTS 

The  idea  of  lazy  evaluation  of  matches  is  due  to  Jan-Mark  Warns,  and 
I found  it  in  'freeze'  written  by  Leonid  Broukhis. 

Thanks  to  many  info-zippers  for  bug  reports  and  testing. 

REFERENCES 

APPN0TE.TXT  documentation  file  in  PKZIP  1.93a  distribution. 

A description  of  the  Rabin  and  Karp  algorithm  is  given  in  the  book 
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* "Algorithms"  by  R.  Sedgewick,  Addi son-Wes l ey,  p252. 

★ 

* F i a l a , E . R . , and  Greene, D.H. 

* Data  Compression  with  Finite  Windows,  Comm. ACM,  32,4  (1989)  490-595 

* 

* INTERFACE 

* 

* int  lm_init  (int  pack_ level) 

* Initialize  the  "longest  match"  routines  for  a new  file 

* 

* word32  deflate  (void) 

* Processes  a new  input  file  and  return  its  compressed  length.  Sets 

* the  compressed  length,  crc,  deflate  flags  and  internal  file 

* attributes. 

* / 

tfifdef  H A V E_C  0 N F I G_H 
#include  "config.h" 

#end  i f 

^include  "zip.h" 

* Configuration  parameters 

* / 


/* 

* Compile  with  MEDIUM_MEM  to  reduce  the  memory  requirements  or 

* with  SMALL_MEM  to  use  as  little  memory  as  possible.  Use  BIG_MEM  if  the 

* entire  input  file  can  be  held  in  memory  (not  possible  on  16  bit  systems). 

* Warning:  defining  these  symbols  affects  HAS H_B ITS  (see  below)  and  thus 

* affects  the  compression  ratio.  The  compressed  output 

* is  still  correct,  and  might  even  be  smaller  in  some  cases. 

* / 


# i f d e f S M A L L_M  E M 

ft  define  HASH_BITS  13  /*  Number  of  bits  used  to  hash  strings  */ 

ft  e nd  i f 

# i f d e f M E D I U M_M  E M 

ft  define  HAS  H_B  ITS  14 
ft  e nd  i f 

flifndef  HAS  H_B ITS 
ft  define  HAS  H_B  ITS  15 

/*  For  portability  to  16  bit  machines,  do  not  use  values  above  15. 
#end i f 


*/ 


^define  HASH_SIZE  ( u n s i g n e d ) ( 1 < < H A S H_B I T S ) 

#def i ne  HAS  H_M  ASK  ( H A S H_S I Z E - 1 ) 

^define  WMASK  (WSIZE-1) 

/*  HASH_SIZE  and  WSIZE  must  be  powers  of  two  */ 

#define  NIL  0 

/*  Tail  of  hash  chains  */ 


# i f nd  e f T 0 0_F  A R 
ft  define  T 0 0_F A R 4096 
ft  e nd  i f 

/*  Matches  of  length  3 are  discarded  if  their  distance  exceeds  T00_FAR  */ 
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ft  if  del  A T A R I_S  T 

# undef  MSDOS  /*  avoid  the  processor  specific  parts  */ 

/*  (but  the  Atari  should  never  define  MSDOS  anyway  ...)  */ 
#end  i f 

#if  defined(MSDOS)  &&  ! d e f i n e d ( N 0_A S M ) &&  !defined(ASMV) 

# define  ASMV 
#end  i f 

#if  d e f i n ed ( A S MV ) SS  ! d e f i n e d ( M S D 0 S ) &&  d e f i n e d ( D Y N_A L L 0 C ) 
error:  DYN_ALL0C  not  yet  supported  in  match,  s 

# e nd  i f 


/ * = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = 

* Local  data  used  by  the  "longest  match"  routines. 

*/ 

#if  d e f i n ed ( B I G_M E M ) ||  d e f i n e d ( MM A P ) 

typedef  si ze_t  Pos;  /*  must  be  at  least  32  bits  */ 

# e l s e 

typedef  word16  Pos; 

#endi  f 

typedef  unsigned  IPos; 

/*  A Pos  is  an  index  in  the  character  window.  We  use  short  instead  of  int  to 

* save  space  in  the  various  tables.  IPos  is  used  only  for  parameter  passing. 
*/ 


# i f nd  e f D Y N_A  L L 0 C 

byte  windowC2L*WSIZE3; 

/*  Sliding  window.  Input  bytes  are  read  into  the  second  half  of  the  window, 

* and  move  to  the  first  half  later  to  keep  a dictionary  of  at  least  WSIZE 

* bytes.  With  this  organization,  matches  are  limited  to  a distance  of 

* W S I Z E -M A X_M A T C H bytes,  but  this  ensures  that  10  is  always 

* performed  with  a length  multiple  of  the  block  size.  Also,  it  limits 

* the  window  size  to  64K,  which  is  quite  useful  on  MSDOS. 

* To  do:  limit  the  window  size  to  WSIZE  + BSZ  if  S M A L L_M  E M (the  code  would 

* be  less  efficient  since  the  data  would  have  to  be  copied  WSIZE/BSZ  times) 
*/ 

Pos  prevCWSIZE]; 

/*  Link  to  older  string  with  same  hash  index.  To  limit  the  size  of  this 

* array  to  64K,  this  link  is  maintained  only  for  the  last  32K  strings. 

* An  index  in  this  array  is  thus  a window  index  modulo  32K. 

*/ 


Pos  headEHAS  H_S I Z E ] ; 

/ * Heads  of  the  hash  chains  or  NIL.  If  your  compiler  thinks  that 

* HAS  H_S I Z E is  a dynamic  value,  recompile  with  -DDYN_ALLOC. 

* / 

# e l s e 
/* 


* MS-DOS 

adjusts  the  pointers 

for  zero 

* original  pointers  in  these 

variables 

*/ 

static 

byte 

* near  o_w i nd o w 

•=  NULL; 

static 

Pos 

* near  o_p  rev  = 

N U L L ; 

static 

Pos 

* near  o_head; 

byte  * 

near 

window  = NULL; 

Pos  * 

near 

prev  = NULL; 

Pos  * 

near 

head; 

# e nd i f 

wo  rd32  w i 

ndow_ 

size; 

/ * window 

size 

, 2*WSIZE  except 

for  MM A P 

offset,  so  we  store  the 
for  later  freeOing 


or  BIG_MEM,  where  it  is 


the 
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* input  file  length  plus  M I N_L  0 0 K A H E A D . 

*/ 

long  block_start; 

/ * window  position  at  the  beginning  of  the  current  output  block.  Gets 

* negative  when  the  window  is  moved  backwards. 

* / 

static  unsigned  ins_h;  /*  hash  index  of  string  to  be  inserted  */ 

^define  H_S  H I F T ( ( H A S H_B I T S + M I N_M A T C H - 1 ) / M I N„M A T C H ) 

/*  Number  of  bits  by  which  ins_h  and  del_h  must  be  shifted  at  each 

* input  step.  It  must  be  such  that  after  M I N_M A T C H steps,  the  oldest 

* byte  no  longer  takes  part  in  the  hash  key,  that  is: 

* H_S  H I F T * M I N_M  A T C H >=  HAS  H_B ITS 

* / 

unsigned  int  near  pre v_ length ; 

/*  Length  of  the  best  match  at  previous  step.  Matches  not  greater  than  this 


* are 

*/ 

di scarded 

• 

Th 

is  is  used  in 

the  l 

azy  match 

e va  l ua  t i 

o n . 

unsigned 

near 

strstart; 

/* 

start  of 

string 

t 0 

insert 

*/ 

unsigned 

near 

mate  h_s  tart; 

/* 

start  of 

ma  t c h i 

ng 

string 

*/ 

static 

i n t 

e o f i l e ; 

/* 

flag  set 

at  end 

o f 

input 

file  * / 

static 

unsigned 

lookahead; 

/ * 

numbe  r of 

valid 

bytes  ahead  in  window 

/ * Saved  copies 

o f 

l 

azy  match  vari 

a b l e s 

* / 

static 

i n t s_ma  t c h 

_a  v a i l a b l e ; 

static 

i n t s_ma  t c h 

_length; 

unsigned  near  ma x_c h a i n_l e n g t h ; 

/*  To  speed  up  deflation,  hash  chains  are  never  searched  beyond  this  length. 

* A higher  limit  improves  compression  ratio  but  degrades  the  speed. 

* / 

static  unsigned  int  ma x_l a z y_ma t c h ; 

/*  Attempt  to  find  a better  match  only  when  the  current  match  is  strictly 

* smaller  than  this  value.  This  mechanism  is  used  only  for  compression 

* levels  >=  4. 

* / 

#define  ma x_i n s e r t_l en g t h ma x_l a z y_ma t c h 

/*  Insert  new  strings  in  the  hash  table  only  if  the  match  length 

* is  not  greater  than  this  length.  This  saves  time  but  degrades  compression. 

* ma x_i n s e r t_l eng t h is  used  only  for  compression  levels  <=  3. 

*/ 

unsigned  near  good_match; 

/*  Use  a faster  search  when  the  previous  match  is  longer  than  this  */ 

# i f d e f F U L L_S  E A R C H 

# define  ni ce_match  MAX_MATCH 

# e l s e 

int  near  nice_match;  /*  Stop  searching  when  current  match  exceeds  this  */ 

# e n d i f 


/*  Values  for  ma x_l a z y_ma t c h , good_match  and  ma x_c h a i n_l e ng t h , depending  on 
* the  desired  pack  level  (0..9).  The  values  given  below  have  been  tuned  to 
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* exclude  worst  case  performance  for  pathological  files.  Better  values  may  be 

* found  for  specific  files. 

* / 

static  const  struct  { 

word16  good_length;  /*  reduce  lazy  search  above  this  match  length  */ 
word16  max_lazy;  /*  do  not  perform  lazy  search  above  this  match  length  */ 

word16  nice_ length;  /*  quit  search  above  this  match  length  */ 
w o r d 1 6 ma  x_c  h a i n ; 

> c on f i g u r a t i o n_t a b l e C 1 0 ] = { 


/* 

good 

lazy 

nice 

chain  * / 

/*  0 */ 

<0, 

o. 

o. 

o>. 

/* 

store  only  * / 

/ * 1 * / 

<4, 

4, 

8, 

4>, 

/* 

maximum  speed,  no  lazy  matches 

/*  2 */ 

<4, 

5, 

16, 

8>, 

/*  3 */ 

*4, 

6, 

32, 

3 2 > , 

/ * 4 * / 

# i f 0 

<4, 

4, 

16, 

1 6 > , 

/ * 

lazy  matches  * / 

/*  5 */ 

(8, 

16, 

32, 

32  > , 

/* 

Change  to  new?  * / 

//else 

(8, 

64, 

2 58, 

1 2 8 > , 

/* 

Match  old  PGP  params  */ 

//end  i f 
/ * 6 * / 

V 

00 

Sr-» 

16, 

128, 

1 28>, 

/*  7 */ 

(8, 

32, 

128, 

2 5 6 > , 

/ * 8 * / 

(32, 

128, 

258, 

1 024>, 

/ * 9 * / 

(32, 

2 58  , 

258, 

4 0 9 6 > > ; 

/* 

maximum  compression  * / 

/*  Note:  the  deflateC)  code  requires  max_lazy  >=  M I N_M  A T C H and  max_chain  >=  4 

* For  d e f l a t e_f a s t ( ) (levels  <=  3)  good  is  ignored  and  lazy  has  a different 

* meaning. 

*/ 

* Prototypes  for  local  functions. 

*/ 

static  void  s l i d e_w i nd o w ( vo i d ) ; 
static  int  d e f l a t e_s ub ( vo i d ) ; 

int  l o n g e s t_m a t c h ( I P o s cur_match) ; 

//ifdef  A S MV 

void  m a t c h_i n i t ( v o i d ) ; /*  asm  code  initialization  */ 

ft  e n d i f 

//ifdef  ZIPDEBUG 

static  void  c h e c k_ma t c h ( I Po s start,  IPos  match,  int  length); 

# e nd i f 

* Update  a hash  value  with  the  given  input  byte 

* IN  assertion:  all  calls  to  to  UPDATE_HASH  are  made  with  consecutive 

* input  characters,  so  that  a running  hash  key  can  be  computed  from  the 

* previous  key  instead  of  complete  recalculation  each  time. 

*/ 

//define  U P D AT E_H A S H ( h , c ) (h  = ( ( ( h ) < < H_S  H I F T ) A (c))  & HAS  H_M  ASK) 

* Insert  string  s in  the  dictionary  and  set  match_head  to  the  previous  head 

* of  the  hash  chain  (the  most  recent  string  with  same  hash  key).  Return 
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* the  previous  length  of  the  hash  chain. 

* IN  assertion:  all  calls  to  to  I N S E RT_S T R I NG  are  made  with  consecutive 

* input  characters  and  the  first  MIN_MATCH  bytes  of  s are  valid 

* (except  for  the  last  MIN_MATCH-1  bytes  of  the  input  file). 

* / 

#def i ne  I N S E R T_S T R I NG ( s , match_head)  \ 

(UPDATE_HASH(ins_h,  windowl(s)  + M I N_M A T C H - 1 1 ) , \ 
prevl(s)  & WMASK3  = ( P o s ) ( ( ma  t c h_h  e a d ) = h e a d C i n s_h  II ) , \ 
headCins  h]  = (PosMs)) 


/ * 

* Initialize  the  "longest  match"  routines  for  a new  file 


* 

* IN  assertion:  window_size  is  > 0 if  the  input  file  is  already  read  or 

* mmap'ed  in  the  windowl]  array,  0 otherwise.  In  the  first  case, 

* window_size  is  sufficient  to  contain  the  whole  input  file  plus 

* M I N_L00 KA H E A D bytes  (to  avoid  referencing  memory  beyond  the  end 

* of  windowCD  when  looking  for  matches  towards  the  end). 

* / 
i n t 

lm_init(int  pack_level)  /*  0:  store,  1:  best  speed,  9:  best  compression  */ 
C 

if  (pack_level  <1  | | pack_level  > 9) 

return  -1; 

/*  errorC'bad  pack  level");  */ 


/*  Do  not  slide  the  window  if  the  whole  input 

* ( w i ndow_s i z e > 0 ) 

* / 

if  (window_size  ==  0) 

window_size  = ( wo r d 32 ) 2 * W S I Z E ; 


is  already  in  memory 


/*  Use  dynamic  allocation  if  compiler  does  not  like  big  static  arrays:  */ 
/*  The  +8  is  for  MS-DOS,  so  the  pointers  can  be  s e gme n t -a l i g n e d */ 

# i f d e f D Y N_A  L L 0 C 

if  (o_wi ndow  ==  NULL)  { 

window  = o_w i ndow  = (byte  *)fcalloc(WSIZE+8,  2*sizeof(byte)); 
if  (o_wi ndow  ==  NULL) 
return  - 1 ; 

/*  err(ZE_MEM,  "window  allocation");  */ 

> 

if  (o_prev  ==  NULL)  { 

prev  = o_prev  = (Pos*)  fcalloc(WSIZE  + 8,  sizeof (Pos)  ); 

head  = o_head  = (Pos*)  f c a l l o c ( H A S H_S I Z E+8 , s i zeof ( Pos ) ) ; 
if  (o_prev  ==  NULL  | | o_head  = = NULL)  { 
i f ( o_p rev) 

f c f r e e ( o_p  rev); 
f cf ree( o_w i n d o w ) ; 
o_w i ndow  = 0; 
return  - 1 ; 

/*  err(Z E_M EM,  "hash  table  allocation");  */ 

> 

> 

tfendif  /*  D Y N_A  L L 0 C */ 


/*  Initialize  the 

* prevL]  will  be 

* / 

headCHASH_S IZE-1 1 


hash  table  (avoiding  64K  overflow  for  16  bit  systems), 
initialized  on  the  fly. 

= NIL; 
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memset ( ( char*) head,  NIL,  (unsigned) (HAS  H_S IZE-1 )*sizeof(*head)); 


/*  Set  the  default  configuration  parameters: 
* / 


ma  x_l a z y_ma  t c h 
g o od_ma  t c h 
# i f n d e f F U L L_S  E A R C H 
n i c e_ma  t c h 
# e n d i f 

max_chai n_ length 
/ * ???  reduce  max 


configuratio  n_t  ableHpack_ level] . ma x_l a z y ; 
configuration_table[pack_ level]. goo d_ length; 

configuration_tableHpack_ level]. nic  e_l e n g t h ; 

configuratio n_table[pack_ level]. max_chain; 
chain_length  for  binary  files  */ 


strstart  = 0 ; 
bloc  k_s  tart  = 0L; 

# i f d e f A S M V 

m a t c h_i n i t ( ) ; /*  initialize  the  asm  code  */ 

# e n d i f 


lookahead  = 0; 
e o f i l e = 0 ; 

s_match_avai lable  = 0;  /*  set  if  previous  match  exists  */ 
s_ma t c h_l e ng t h = MIN_MATCH-1;  /*  length  of  best  match  */ 


return  0 ; 

> 


/ * = = = = = = = = = =:  = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = 

* Free  the  window  and  hash  table 

★ / 

void 

l m_f  ree(void) 

# i f d e f PGP 

/*  Security  wipe  of  static  variables  */ 

bloc  k_s  tart  = 0 ; 

ins_h  = 0; 

prev_ length  = 0; 

strstart  = 0; 

mate  h_s  tart  = 0; 

s_match_avai lable  = 0; 

s_ma t c h_l eng t h = 0; 

/*  eofile  is  1 and  lookahead  is  0 - no  need  to  wipe  */ 

#end i f 

# i f d e f D Y N_A  L L 0 C 

if  (o_wi ndow  !=  NULL)  { 

# i f d e f PGP 

mem s e t ( o_w i nd o w , 0,  WSIZE); 

mems e t ( o_w i nd o w+W S I Z E , 0,  WSIZE+16); 

#end i f 

f c f r e e ( o_w i n d o w ) ; 
o_window  = window  = NULL; 

> 

if  (o_prev  i=  NULL)  { 
ft  i f def  PGP 

memset (o_prev,  0,  W S I Z E / 2 * s i z eo f ( P o s ) ) ; 

memset ( o_p r e v+W S I Z E / 2 , 0,  WSIZE/2*sizeof(Pos)+16); 

memset (o_head,  0,  H A S H_S I Z E / 2 * s i z e o f ( P o s ) ) ; 
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memset ( o_h e a d+H A S H_S I Z E / 2 , 0,  H A S H_S I Z E / 2 * s i z eo f ( Po s ) + 1 6 ) ; 

#end i f 

f c f r e e ( o_p  rev); 
f c f r e e ( o_h  e a d ) ; 

o_p  rev  = prev  = o_head  = head  = NULL; 

> 

Send  if  /*  D Y N_A  L L 0 C */ 

> 


* Set  match_start  to  the  Longest  match  starting  at  the  given  string  and 

* return  its  Length.  Matches  shorter  or  equaL  to  prev_Length  are  discarded, 

* in  which  case  the  resuLt  is  equaL  to  prev_Length  and  match_start  is 

* garbage. 

* IN  assertions:  cur_match  is  the  head  of  the  hash  chain  for  the  current 

* string  (strstart)  and  its  distance  is  <=  MAX_DIST,  and  prev_Length  >=  1 

* / 

Sifndef  ASMV 

/*  For  MSDOS,  OS/2  and  386  Unix,  an  optimized  version  is  in  match. asm  or 

* match. s.  The  code  is  functionaLLy  equivaLent,  so  you  can  use  the  C version 

* if  desired.  A 68000  version  is  in  ami ga /ma t ch_68 . a --  this  couLd  be  used 

* with  other  68000  based  systems  such  as  Macintosh  with  a LittLe  effort. 

* / 
i nt 

L ong e s t_ma t c h ( I Po s cur_match) 

{ 


unsigned  chain_ Length  = ma x_c h a i n_L e ng t h ; 

register  byte  *scan  = window  + strstart; 

register  byte  * m a t c h ; 

register  int  Len; 

int  best_Len  = prev_Length; 

I Pos  Limit  = strstart  > ( I Pos ) MAX_D I ST  ? 
/*  Stop  when  cur_match  becomes  <=  Limit. 

* we  prevent  matches  with  the  string  of 

* / 


/*  max  hash  chain  Length  ★/ 

/*  current  string  */ 

/*  matched  string  */ 

/*  Length  of  current  match  */ 
/*  best  match  Length  so  far  */ 
strstart  - ( I Pos ) MAX_D I ST  : NIL; 

To  simplify  the  code, 
window  index  0 . 


/*  The  code  is  optimized  for  HAS  H_B ITS  >=  8 and  M A X_M  A T C H - 2 multiple  of  16. 

* It  is  easy  to  get  rid  of  this  optimization  if  necessary. 

★ / 

#if  HAS  H_B ITS  < 8 ||  M A X_M  A T C H !=  258 

# error  Code  too  c Lever 

# e nd  i f 


# i f UNALIGNE  D_0  K 

/*  Compare  two  bytes  at  a time.  Note:  this  is  not  aLways  beneficiaL. 

* Try  with  and  without  - D U N A L I G N E D_0K  to  check. 

* / 


register 
register 
r e g i ster 
#e  Lse 

regi ster 
r e g i ster 
register 
# e n d i f 


byte  *strend  = window  + strstart  + M A X_M  A T C H - 1; 

word  16  scan_start  = *(word16  *)scan; 

word16  scan_end  = *(word16  * ) ( s c a n+b e s t_ L e n- 1 ) ; 

byte  *strend  = window  + strstart  + M AX_M AT  C H ; 
byte  scan_end1  = scanCbest_Len-1 ]; 
byte  scan_end  = s c a n L b e s t_L e n 3 ; 


/*  Do  not  waste  too  much  time  if  we  aLready  have  a good  match:  */ 
if  (prev_ Length  >=  good_match) 
chain_ Length  >>=  2; 


1175 


lib/ pgp/ pipe/text/zdeflate.c 


Z i p A s s e r 


<=  win  d o w_s i ze-MI N_L0  0 K A HEAD, 


"insufficient 


lookahead"  ); 


do  { 

Z i pA s s e r t ( c u r_ma t c h < strstart,  "no  future"); 
match  = window  + cur_match; 


/*  Skip  to  next  match  if  the  match  length  cannot  increase 

* or  if  the  match  length  is  less  than  2: 

* / 

ft  i f UNALIGNE  D_0  K 88  M A X_M  A T C H ==  258 

/ * This  code  assumes  sizeofCunsigned  short)  = = 2.  Do  not  use 
* UNALIGNED_OK  if  your  compiler  uses  a different  size. 

*/ 

if  (*(word16  * ) ( ma t c h +b e s t_ l e n - 1 ) !=  scan_end  || 

*(word16  *)match  !=  scan_start)  continue; 


/*  It  is  not  necessary  to  compare  scanC2]  and  matchC2]  since  they  are 

* always  equal  when  the  other  bytes  match,  given  that  the  hash  keys 

* are  equal  and  that  HAS  H_B ITS  >=  8.  Compare  2 bytes  at  a time  at 

* strstart+3,  +5,  ...  up  to  s t r s t a r t +2 5 7 . We  check  for  insufficient 

* lookahead  only  every  4th  comparison;  the  128th  check  will  be  made 

* at  s t r s t a r t + 2 5 7 . If  MAX_MATCH-2  is  not  a multiple  of  8,  it  is 

* necessary  to  put  more  guard  bytes  at  the  end  of  the  window,  or 

* to  check  more  often  for  insufficient  lookahead. 

*/ 


scan++,  match++; 
do  { 

> while  (*(word16  *)(scan+=2) 
*(word16  *)(scan+=2) 
*(word16  *)(scan+=2) 
*(word16  *)(scan+=2) 
scan  < strend); 


*(word16  *)(match+=2)  88 
*(word16  *)(match+=2)  88 
*(word16  *)(match+=2)  88 
*(word16  *)(match+=2)  88 

compi  lers 


/*  The  funny  "do  O"  generates  better  code  on  most 


*/ 


/*  Here,  scan  <=  w i n d o w + s t r s t a r t + 2 5 7 */ 

Z i pAssert ( scan  <=  wi ndow+(uns i gned ) ( wi ndow_si ze-1 ) , "wild  scan"); 
if  (*scan  ==  *match) 
s c a n + + ; 


len  - (MAX_MATCH  - 1)  - (int) (strend-scan); 
scan  = strend  - ( M A X_M A T C H - 1 ) ; 

Seise  /*  UNALIGNED  OK  */ 


if  ( ma t c h C be s t_l en ] !=  scan_end  || 

matchCbest_len-1 ] !=  scan_end1  || 

*match  !=*scan  || 

*++match  !=  scanCI])  continue; 

/*  The  check  at  best_len-1  can  be  removed  because  it  will  be  made 

* again  later.  (This  heuristic  is  not  always  a win.) 

* It  is  not  necessary  to  compare  scan[2]  and  matchC2D  since  they 

* are  always  equal  when  the  other  bytes  match,  given  that 

* the  hash  keys  are  equal  and  that  HAS  H_B ITS  >=  8. 

*/ 

scan  +=  2,  match++; 


/*  We  check  for  insufficient  lookahead  only  every  8th  comparison; 
* the  256th  check  will  be  made  at  s t r s t a r t + 2 5 8 . 
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* / 

do  { 


> while  (*++scan 

==  *++match 

&& 

* + + s c a n 

==  *++match 

&& 

* + + s c a n 

==  *++match 

&& 

* + + s c a n 

==  *++match 

&& 

* + + s can 

==  *++match 

&& 

* + + s c a n 

==  *++match 

&& 

* + + s c a n 

= = * + + match 

&& 

* + + s c a n 

==  *++match 

&& 

scan  < 

strend); 

len  = MAX_MATCH 

- ( i n t ) ( s t r end  - 

scan); 

scan  = strend  - MAX_MATCH; 

//  e nd  i f /*  UNALIGNE  D_0  K */ 

if  (Len  > best_Len)  ( 

match_start  = cur_match; 
best_Len  = len; 
if  (len  >=  nice_match) 
break; 

U i f UNALIGNE  D_0  K 

scan_end  = *(word16  *)(scan+best_len-1); 

#else 

scan_end1  = scan£best_len-1]; 
scan_end  = scanCbest_lenD; 

# e nd  i f 

> 

> while  ( ( c u r_ma t c h = p r e v [ c u r_ma t c h & WMASKD)  > limit 

&&  --chain_ length  !=  0); 

return  best_len; 

> 

//  e nd  i f / * ASMV  * / 

//  i f d e f ZIPDEBUG 

/ * ================================================================= 

* Check  that  the  match  at  match_start  is  indeed  a match. 

*/ 

static  void 

c h e c k_ma t c h ( I Po s start,  IPos  match,  int  length) 

{ 

/*  check  that  the  match  is  indeed  a match  */ 
if  ( mem c mp ( w i ndo w + match,  window  + start,  length)  !=  0)  { 
f p r i n t f ( s t d e r r , " start  %d,  match  %d,  length  %d\n", 
start,  match,  length); 
errorC  invalid  match"); 

} 

if  (verbose  > 1)  i 

fprintf(stderr,"\\[%d,%dD",  start-match,  length); 

do  ( putc(windowCstart++],  stderr);  > while  (--length  !=  0); 

> 

> 

//else 

# define  c h e c k_ma t c h ( s t a r t , match,  length) 

//end  i f 

static  void 

slid  e_w indow(void) 

register  unsigned  n,  m; 


1 177 


lib/ pgp/ pipe/text/ zdeflate.c 


memcpy(window,  window+WSIZE,  ( s i z e_t ) W S I Z E ) ; 
mate  h_s  tart  -=  WSIZE; 

strstart  -=  WSIZE;  /*  we  now  have  strstart  >=  MAX_DIST:  */ 

bloc  k_s  tart  -=  (Long)  WSIZE; 

for  (n  = 0;  n < HASH_SIZE;  n++)  { 
m = headCnH; 

h e a d C n H = ( P o s ) ( m > = WSIZE  ? m-WSIZE  : NIL); 

> 

for  (n  = 0;  n < WSIZE;  n++)  { 
m = prevCnd; 

prevCn]  = (Pos) (m  >=  WSIZE  ? m-WSIZE  : NIL); 

/*  If  n is  not  on  any  hash  chain,  prevLnl  is  garbage  but 
* its  value  will  never  be  used. 

*/ 

> 

> 

* Flush  the  current  block,  with  given  end-of-file  flag. 

* IN  assertion:  strstart  is  set  to  the  end  of  the  current  match. 

*/ 

#def i ne  F LU S H_B LO C K ( e o f ) \ 

f l u s h_b l o c k ( b l o c k_s t a r t >=  0L  ? ( c h a r * ) Sw i ndo w C ( u n s i g n ed ) b l o c k_s t a r t D : \ 

(charONULL,  ( w o r d 3 2 ) s t r s t a r t - block_start,  (eof)) 


* Same  as  above,  but  achieves  better  compression.  We  use  a lazy 

* evaluation  for  matches:  a match  is  finally  adopted  only  if  there  is 

* no  better  match  at  the  next  window  position. 

*/ 

static  i n t 
d e f l a t e_s  u b ( v o i d ) 

{ 

I Pos  hash_head;  /*  head  of  hash  chain  */ 

I P o s pre  v__m  atch;  / * previous  match  * / 

int  flush;  /*  set  if  current  block  must  be  flushed  */ 

int  ma t c h_a v a i l a b l e = 0;  /*  set  if  previous  match  exists  */ 

register  unsigned  match_length  = M I N_MAT C H — 1 ; /*  length  of  best  match  */ 

# i f 0 

if  (level  <=  3)  return  d e f l a t e_f a s t ( ) ; /*  optimized  for  speed  */ 

# e nd  i f 

m a t c h_a v a i l a b l e = s_match_avai lable; 
match_length  = s_ma t c h_l eng t h ; 

/*  Process  the  input  block.  */ 
while  (lookahead  !=  0)  { 

/*  Insert  the  string  windowlstrstart  ..  strstart+2]  in  the 

* dictionary,  and  set  hash_head  to  the  head  of  the  hash  chain: 

*/ 

INSERT_STRING(strstart,  hash_head) ; 

/*  Find  the  longest  match,  discarding  those  < = pre v_ length . 

* / 

prev_length  = ma t c h_l eng t h , prev_match  = match_start; 
mate h_ length  = M I N_M  A T C H - 1 ; 
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if  (hash_head  !-  NIL  &S  prev_length  < ma x_l a z y_ma t c h && 
strstart  - hash_head  <=  MAX_DIST)  { 

/*  To  simplify  the  code,  we  prevent  matches  with  the  string 

* of  window  index  0 (in  particular  we  have  to  avoid  a match 

* of  the  string  with  itself  at  the  start  of  the  input  file). 

*/ 

match_length  = l o n g e s t_ma t c h (hash_head); 

/*  l o ng e s t_ma t c h ( ) sets  match_start  */ 

if  ( ma t c h_l eng t h > lookahead)  mate h_ length  = lookahead; 

/ * Ignore  a length  3 match  if  it  is  too  distant:  * / 
if  ( ma t c h_l eng t h ==  M I N_M  A T C H SS  s t r s t a r t -m a t c h_s t a r t > T00_FAR){ 
/*  If  pre v_ma  t c h is  also  M I N_M  A T C H , match_start  is  garbage 

* but  we  will  ignore  the  current  match  anyway. 

*/ 

mate  h_ length--; 

> 

> 

/*  If  there  was  a match  at  the  previous  step  and  the  current 

* match  is  not  better,  output  the  previous  match: 

★ / 

if  (prev_length  >=  MIN_MATCH  &&  match_length  <=  prev_length)  { 
check_match(strstart-1 , prev_match,  pre v_ length); 

flush  = c t_t a l l y ( s t r s t a r t-1 -pr e v_ma t c h , prev_length  - M I N_M A T C H ) ; 

/ * Insert  in  hash  table  all  strings  up  to  the  end  of  the  match. 

* strstart-1  and  strstart  are  already  inserted. 

* / 

lookahead  - = pre v_ length-1 ; 
prev_length  -=  2; 
do  { 

strstart++; 

INSERT_STRING( st rstart,  hash_head); 

/*  strstart  never  exceeds  W S I Z E -M AX_M A T C H , so  there  are 

* always  MIN_MATCH  bytes  ahead.  If  lookahead  < MIN_MATCH 

* these  bytes  are  garbage,  but  it  does  not  matter  since  the 

* next  lookahead  bytes  will  always  be  emitted  as  literals. 

* / 

> while  (--pre v_ length  !=  0); 
ma t c h_a v a i l a b l e = 0; 
match_length  = M I N_M  A T C H - 1 ; 
strstart++; 

if  (flush)  F L U S H_B L0 C K ( 0 ) , block_start  = strstart; 

> else  if  ( ma t c h_a v a i l a b l e ) { 

/*  If  there  was  no  match  at  the  previous  position,  output  a 

* single  literal.  If  there  was  a match  but  the  current  match 

* is  longer,  truncate  the  previous  match  to  a single  literal. 

* / 

Tracevv((stderr,"%c",window[strstart-1])); 
if  (ct_tally  (0,  wi ndowlst rstart-1  ] ) ) { 

F LU S H_B L0 C K ( 0 ) , block_start  = strstart; 

> 

lookahead--; 

> else  ■( 
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> 


/*  There  is  no  previous  match  to  compare 
* the  next  step  to  decide. 

*/ 


match _avai table  = 1; 
lookahead-- ; 


with. 


wait 


for 


/*  Make  sure  that  we  always  have  enough  lookahead,  except 

* at  the  end  of  the  input  file.  We  need  MAX_MATCH  bytes 

* for  the  next  match,  plus  MIN_MATCH  bytes  to  insert  the 

* string  following  the  next  match. 

* / 

if  (lookahead  < M I N_L0 0 KA H E A D SS  leofile)  f 
s_match_avai lable  = ma t c h_a va i l a b l e ; 
s_ma t c h_l eng t h = ma t c h_ l e n g t h ; 
return  0; 

/*  f i l l_wi ndow ( ) ; * / 

> 

> 

if  ( ma t c h_a va i l a b l e ) ct_tally  (0,  w i ndo w C s t r s t a r t - 1 1 ) ; 


return  F L U S H_B L 0 C K ( 1 ) ; /*  eof  */ 

} 


/*  Zip  a buffer  of  input  */ 
void 

zi p_i nput ( char  const  *buf,  unsigned  len) 

{ 

unsigned  more; 
while  (len)  { 

more  = (unsigned)  ((word32)2*WSIZE  - lookahead  - strstart); 

if  (more  <=  1)  { 

s l i de_w  indowO; 
more  +=  WSIZE; 

> 

if  (more  > len) 
more  = len; 

memcpy(window+strstart+lookahead,  buf,  more); 
lookahead  +=  more; 

if  (lookahead  >=  M I N_L0 0 KA H E A D ) { 

if  ( ! strstart)  { /*  First  time  */ 

register  int  j; 
i n s_h  = 0 ; 

for  ( j = 0 ; j <MIN_MATCH-1 ; j++) 

U P D AT E_H A S H ( i n s_h , windowCj]); 

> 

deflat  e_sub(); 

} 

buf  + = more; 
len  -=  more; 

> 

return; 

> 
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/*  Zip  EOF  */ 
void 

z i p_f inish(void) 
e o f i L e = 1 ; 

if  (Istrstart)  f / * First 
register  int  j; 
ins_h  = 0; 

for  ( j = 0 ; j < M I N_M  A T C H - 1 ; 
UPDATE_HASH ( i ns_h,  wi 

> 

d e f l a t e_s  u b ( ) ; 
return; 

} 


time  * / 

j+  + ) 

ndowCj]); 
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zip.h 

/ * 

* Copyright  (C)  1990,1991  Mark  Adler,  Richard  B.  Wales,  and  Jean-loup 

* Gailly.  Permission  is  granted  to  any  individual  or  institution  to  use, 

* copy,  or  redistribute  this  software  so  long  as  all  of  the  original  files 

* are  included  unmodified,  that  it  is  not  sold  for  profit,  and  that  this 

* copyright  notice  is  retained. 

* 

* $Id:  zip.h,v  1.14.2.1  1996/11/14  02:36:56  mhw  Exp  $ 

*/ 

/ * 

* zip.h  by  Mark  Adler. 

* / 

/* 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  functions  in  an  application. 

* / 

/*  Set  up  portability  */ 

//include  " pg  p / u s ua  l s . h " 

//include  " p g p / p g pm  e m . h " 

//include  "ztailor.h" 

/ * PGP  defines  * / 

// d e f i ne  PGP  1 

//ifdef  MSDOS 
//define  S M A L L_M  E M 1 
ft end i f 

/*  D Y N_A  L L 0 C is  defined  in  ztailor.h  */ 

//define  M I N_MAT  C H 3 
//define  M A X_M  A T C H 258 

/*  The  minimum  and  maximum  match  lengths  */ 

//define  WSIZE  8192 

/*  The  Window  size  must  be  8k  to  be  compatible  with  PGP  2.6.2  */ 

//define  M I N_L00  KA  H E A D ( M A X_M  A T C H + M I N_M  A T C H + 1 ) 

/*  Minimum  amount  of  lookahead,  except  at  the  end  of  the  input  file. 

* See  deflate. c for  comments  about  the  MIN  MATCH  + 1. 

*/ 

//define  MAX_DIST  ( W S I Z E -M  I N_L0  0 K A H E A D ) 

/*  In  order  to  simplify  the  code,  particularly  on  16  bit  machines,  match 

* distances  are  limited  to  MAX_DIST  instead  of  WSIZE. 

* / 

//include  <string.h> 

/*  Diagnostic  functions  */ 
ft if  ZIPDEBUG 

extern  int  verbose;  /*  Verbose  reporting  flag  */ 

# ifdef  MSDOS 

# undef  stderr 

ft  define  stderr  stdout 
ft  end  i f 
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ft  define 
# define 
ft  define 
ft  define 
ft  define 
ft  define 
//else 
ft  define 
ft  define 
ft  define 
ft  define 
ft  define 
ft  define 
#end  i f 


Z i p A s s e r t ( c o nd , m s g ) {if(!(cond))  error(msg);} 
Trace(x)  fprintf  x 

Tracev(x)  {if  (verbose)  fprintf  x ;> 
Tracevv(x)  {if  (verbose>1)  fprintf  x ;> 
Tracec(c,x)  {if  (verbose  & & (c))  fprintf  x ; > 
Tracecv(c,x)  {if  (verbose>1  8S  (c))  fprintf  x 

ZipAssert(cond,msg) 

Trace(x) 

Tracev(x) 

Tracevv(x) 

Tracec(c,x) 

Tracecv(c,x) 


/*  Public  function  prototypes  */ 

/ * in  zdeflate.c  * / 
int  lm_init(int  pack_ level); 
void  l m_f r e e ( v o i d ) ; 

/ * in  ztrees.c  * / 
int  c t_i n i t ( vo i d ) ; 

int  c t_t a l l y ( u n s i g n ed  dist,  unsigned  Ic); 
void  ct_f ree(void) ; 

word32  f l u s h_b l o c k ( c h a r const  *buf,  word32  stored_len, 

/*  in  zbits.c  */ 
struct  PgpFifoContext; 

void  bi_init(struct  PgpFifoContext  *zipfifo); 
void  s e nd_b i t s ( i n t value,  int  length); 
void  bi_flush(void); 
void  bi windup(void); 

void  copy_block(char  const  far  *buf,  unsigned  len,  int 
/*  in  zdeflate.c  */ 

void  z i p_i nput ( c ha r const  *buf,  unsigned  len); 
void  z i p_f i n i s h ( v o i d ) ; 

/ * end  of  zip.h  */ 


int  eof); 


header); 
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zmatch.asm 


Copyright  (C)  1990-1992  Mark  Adler,  Richard  B.  Wales,  and 
Permission  is  granted  to  any  individual  or  institution  to 
redistribute  this  software  so  long  as  all  of  the  original 
unmodified,  that  it  is  not  sold  for  profit,  and  that  this 
is  retained. 


Jean-loup  Gailly. 
use,  copy,  or 
files  are  included 
copyright  notice 


; match. asm  by  Jean-loup  Gailly. 

r 

; $ I d : zmatch.asm,v  1.3  1 996/1  1 /1  2 02:1  8:1  8 mhw  Exp  $ 

; match. asm,  optimized  version  of  longest_match( ) in  deflate. c 
; Must  be  assembled  with  masm  -ml.  To  be  used  only  with  C large  model. 

; (For  compact  model,  follow  the  instructions  given  below.) 

; This  file  is  only  optional.  If  you  don't  have  masm  or  tasm,  use  the 
; C version  (add  -DN0_ASM  to  CFLAGS  in  makefile. msc  and  remove  match. obj 
; from  OBJI).  If  you  have  reduced  WSIZE  in  zip.h,  then  change  its  value 
; below. 


; Turbo  C 2.0  does  not  support  static  allocation  of  more  than  64K  bytes  per 
; file,  and  does  not  have  SS  ==  DS.  So  TC  and  BC++  users  must  use: 

; tasm  -ml  - D D Y N_A  L L0  C -DSS_NEQ_DS  match; 

r 

; To  simplify  the  code,  the  option  - D D Y N_A  L L 0 C is  supported  for  OS/2 
; only  if  the  arrays  are  guaranteed  to  have  zero  offset  (allocated  by 
; halloc).  We  also  require  S S = = D S . This  is  satisfied  for  MSC  but  not  Turbo  C. 

name  match 


; define  LCODE  as  follows: 

; model:  compact  large  (small  and  medium  not  supported  here) 

; LCODE  0 1 

LCODE  equ  1 

; Better  define  them  on  the  command  line 
D Y N_A  L L 0 C equ  1 
;SS_NEQ_DS  equ  1 

; For  Turbo  C,  define  SS NEQ_DS  as  1,  but  for  MSC  you  can  leave  it  undefined. 

; The  code  is  a little  better  when  SS_NEQ_DS  is  not  defined. 


i f nd e f 


e n d i f 


D Y N_A  L L 0 C 
extrn  _p  rev 
extrn  _window 
prev  equ  _p  rev 

window  equ  _window 


word 

byte 

offset  part 


DATA 


i f d e f 


segment 

word  public 

' DATA  ' 

extrn 

_ma  t c h_s  tart 

: word 

extrn 

_prev_length 

: word 

extrn 

_good_ma  t c h 

: word 

extrn 

_strstart 

: word 

extrn  __ma  x_c  h a i n_l  e ng  t h : word 

DYN  ALLOC 


extrn  _p  rev 
extrn  _window 
prev  equ  0 


word 

word 

offset  forced  to 


zero 
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window  equ  0 
window_seg  equ  _windowC2] 
w i ndow_of  f equ  0 

else 

wseg  dw  seg  _wi ndow 
window_seg  equ  wseg 
window_off  equ  offset  _window 

e nd  i f 


_D  A T A 

ends 

DGROUP 

group  _ 

DATA 

if  LCODE 

ext  rn 

_e  x i t : far 

else 

extrn 

_e  x i t : near 

end  i f 

_T  EXT 

segment 

word  public  'CODE' 

assume 

cs:  _T  EXT,  ds:  DGROUP 

public 

_ma  t c h_i n i t 

public  _longest_match 


M I N_M  A T C H equ 

M A X_M  A T C H equ 

WSIZE  equ 

WMASK  equ 

M I N_L0 0 K A H E A D equ 
M A X_D 1ST  equ 


3 

258 

8192  ; keep  in  sync  with  zip.h  ! 

(WSIZE-1  ) 

( M A X_M  A T C H + M I N_M  A T C H + 1 ) 

(WSIZE-MIN  LOOKAHEAD) 


prev_ptr  dw  seg  _prev  ; pointer  to  the  prev  array 

ifdef  SS_NEGt_DS 

match_start  dw  0 ; copy  of  _match_start  if  SS  ! 

e n d i f 


; initialize  or 


check  the  variables  used 


in  match. asm. 


if  LCODE 

_match_init  proc  far 
else 

_match_init  proc  near 
endi  f 

ifdef  S S_N  E Q_D  S 

ma_start  equ  c s : ma t c h_s t a r t 

else 


end  i f 
ifdef 


assume  ss:  DGROUP 

ma_start  equ  ss :_match_start 

mov  a x , d s 

mov  bx,ss 

cmp  ax,bx 

jne  error 


D Y N_A  L LO  C 
mov 
add 
mov 
s h r 
add 


a x ,_w i ndowCO] 
a x , 1 5 
c x , 4 
a x , c l 

_w  indowH2H,ax 


; does  not  work  on  OS/2 


; SS  = = DS? 


; force  zero  offset 


= DS 
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mov 

_windowC0D,0 

mov 

a x ,_p r e v C 0 D 

add 

a x , 1 5 

mov 

c x , 4 

sh  r 

a x , c l 

add 

_prevC2D,ax 

mov 

_p  revL0D,0 

i f d e f 

SS_NEQ_DS 

mov 

a x ,_p  r e v C 2 ] 

mov 

c s : p r e v_p  t r , a x 

p r e v_s  e g 

equ  cs:pre  v_p  t r 

else 

pre v_s  e g 

eq u s s : _p  r e v L 2 ] 

end  i f 

else 

pre v_s  e g 

equ  cs:pre  v_p  t r 

end  i f 

ret 

error: 

call 

exit 

; force  zero  offset 

; segment  value 

; ugly  write  to  code,  crash  on  OS/2 

; works  on  OS/2  if  SS  ==  DS 


match_init  endp 


; Set  match_start  to  the  longest  match  starting  at  the  given  string  and 
; return  its  length.  Matches  shorter  or  equal  to  p re v_ length  are  discarded, 
; in  which  case  the  result  is  equal  to  prev_ length  and  match_start  is 
; garbage. 

; IN  assertions:  cur_match  is  the  head  of  the  hash  chain  for  the  current 
; string  (strstart)  and  its  distance  is  <=  MAX_DIST,  and  prev_ length  >=  1 

; int  longest_match(cur_match) 


if  LCODE 

_l onge  s t_ma  t c h 

else 

_l on  g e s t_ma  t c h 
end  i f 

push 
m o v 
push 
push 
push 


p r o c far 
proc  near 
bp 

bp,  sp 
d i 
s i 
d s 


if  LCODE 

c u r_ma  t c h 

equ 

word  p t r 

C bp  + 6 ] 

else 

cu  r_ma  t c h 

equ 

word  p t r 

C bp  + 4 ] 

end  i f 

/ 

window 

equ 

e s : w i nd  o w 

( e s : 0 

r 

prev 

equ 

d s : p r e v 

r 

match 

equ 

e s : s i 

r 

scan 

equ 

e s : d i 

r 

c h a i n_l e ng  t h 

equ 

bp 

r 

bes  t_l en 

equ 

bx 

r 

limit 

equ 

d x 

for  DYN  ALLOC) 


mo v s i , c u r_ma  t c h 

mov  bp ,_ma x_c h a i n_ l eng t h 


use  bp  before  it  is  destroyed 
chain_length  = max_c ha i n_l eng t h 
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mo  u 

d i ,_s  trstart 

mo  v 

d x , d i 

sub 

d x , M A X_D 1ST 

/ 

limit  = s t r s t a r t -M AX_D I S T 

j a e 

l i m i t_o  k 

sub 

dx  , dx 

/ 

limit  = NIL 

L i m i t_o  k : 

add 

d i , 2 + w i ndow_of  f 

/ 

di  = o f f s e t ( w i nd ow  + strstart  + 2) 

mo  v 

bx ,_p  r e v_l e ng  t h 

/ 

best_len  = prev_length 

mo  v 

e s , w i ndo w_s  e g 

mo  v 

ax,es : Cbx+di-33 

/ 

ax  = s c a n [ b e s t_l e n- 1 . . b e s t_l e n ] 

m o v 

cx,es:Cdi-23 

/ 

cx  = scanC0..13 

c mp 

bx ,_good_ma  t c h 

r 

do  we  have  a good  match  already? 

mo  v 

ds ,prev_seg 

r 

(does  not  destroy  the  flags) 

assume 

ds:  nothing 

j b 

do  scan 

r 

good  match? 

shr 

bp  , 1 

r 

c ha i n_l ength  >>=  2 

shr 

bp,  1 

j mp 

short  do_s  can 

even 

r 

align  destination  of  branch 

l ong_l oop : 

; at  this  point. 

ds:di  ==  scan+2,  ds:si 

= : 

= c u r_ma  t c h 

mo  v 

a x , C bx  + d i -3  3 

/ 

ax  = s c a n C be s t_l e n-1 . . be s t_l e n 3 

m o v 

cx,Cdi-23 

r 

cx  = scanC0..13 

mo  v 

ds,pre v_s  e g 

r 

reset  ds  to  address  the  prev  array 

s h o r t_l o o p : 

dec 

bp 

r 

-- c h a i n_l ength 

j z 

t h e_end 

; at  this  point. 

di  ==  scan+2,  si  = cur_ 

.match. 

; ax  = scanCbest 

_l  en-1  . . be s t_l en 3 and  cx 

= scanC0..13 

it  (WSIZE-32768) 

and 

si  , W M A S K 

end  i f 

s h l 

s i , 1 

/■ 

cur_match  as  word  index 

mo  v 

si,prev[si3 

/ 

cur_match  = prevCcur_match3 

cmp 

s i , d x 

cur_match  <=  limit  ? 

j be 

t h e_e  nd 

d o_s  can: 

cmp 

ax, word  ptr  es:windowCbx+si-13  ; check  match  at  best_len-1 

j n e 

short_loop 

cmp 

cx,word  ptr  e s : w i ndow C s i 3 

; check  m i n_ma t c h_l e n g t h match 

j n e 

short_loop 

lea 

s i , w i ndow  C s i +2  3 

r 

si  = match 

mo  v 

a x , d i 

r 

ax  = scan+2 

mo  v 

c x , e s 

mo  v 

d s , c x 

r 

ds  = es  = window 

mo  v 

cx, (MA X_M  AT  C H - 2 ) / 2 

r 

scan  for  at  most  MAX_MATCH  bytes 

repe 

c mp  s w 

r 

loop  until  mismatch 

j e 

maxmatch 

r 

match  of  length  MAX_MATCH? 

mismatch: 

m o v 

cl,Cdi-23 

/ 

mismatch  on  first  or  second  byte? 

sub 

cl, [si -2 3 

f 

cl  = 0 if  first  bytes  equal 

x c h g 

a x , d i 

f 

di  = scan+2,  ax  = end  of  scan 

sub 

a x , d i 

r 

ax  = l e n 

sub 

s i , a x 

r 

si  = cur_match  + 2 + o f f s e t ( w i ndow  ) 

sub 

si , 2 + w i ndo w_o f f 

r 

si  = c u r_ma  t c h 

sub 

c l , 1 

r 

set  carry  if  cl  ==  0 (can't  use  DEC) 

a d c 

a x , 0 

r 

ax  = carry  ? len+1  : len 
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cmp 

a x , b x 

f 

len  > best_len  ? 

j L e 

l ong_l oop 

mo  v 

ma_s  t a r t , s i 

r 

match_start  = cur_match 

mo  v 

bx  , a x 

r 

bx  = bes  t_l en  = Len 

cmp 

a x , M A X_M  A T C H 

r 

Len  >=  M A X_M  A T C H ? 

j l 

L ong_L  oop 

t h e_e  nd : 

pop 

d s 

assume 

ds:  DGROUP 

ifdef  SS_NEQ_DS 

mo  v 

a x , ma_s  tart 

r 

garbage  if  no  match  found 

mo  v 

ds :_match_start,ax 

end  i f 

pop 

s i 

pop 

d i 

pop 

bp 

mo  v 

ax,bx 

/ 

resuLt  = ax  = best_Len 

ret 

maxma  t c h : 

r 

come  here  if  maximum  match 

cmpsb 

r 

increment  si  and  di 

j mp 

mi s ma  t c h 

r 

force  match_Length  = MAX_LENGTH 

_L  on g e s t_ma  t c h 

endp 

_T  EXT  ends 

end 
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ztailor.h 

/*  tailor. h --  Not  copyrighted  1991  Mark  Adler  */ 

/ * 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  functions  in  an  application. 

i k 

* $ I d : ztailor.h, v 1.5. 2.1  1996/1  1 /1  4 04:09:34  cbertsch  Exp  $ 

*/ 

# i f nd e f MSDOS 

tt  ifdef  MSDOS 

tt  define  MSDOS  1 
tt  e nd i f 
tt  e nd  i f 


/*  A couple  of  other  compilers  also  behave  like  Turbo  C */ 

#ifndef  TURBOC 

ft  ifdef  POWERC  /*  For  Power  C too  */ 

tt  define  TURBOC 

ft  e n d i f 

tt  ifdef  BORLANDC 

tt  define  TURBOC 

ft  endi  f 
//end  i f 

/* 

* We  use  MSDOS  to  signal  a need  for  16-bit  kludges  and  all  the  near/far  crap, 

* so  DJGPP  basically  isn't  MSDOS. 

* / 

tfifdef  GNUC 

tt  undef  MSDOS 
tt  e n d i f 

/ * 

* Allow  far  and  huge  allocation  for  small  model  (Microsoft  C or  Turbo  C) 

* unless  NOFAR  defined  (needed  for  ANSI  mode  compilations) 

* But  if  we're  using  DJGPP,  and  want  to  use  the  optimized  386  assembler 

* zmatch  routines,  we  can't  use  DYN_ALL0C.  But  gcc  has  virtual  memory... 

* / 

tfifdef  MSDOS 


tt  ifndef  D Y N_A  L LO  C 
tt  define  D Y N_A  L L 0 C 1 

tt  end  i f 

tt  ifdef  TURBOC 

tt  include  <alloc.h> 

tt  ifdef  STDC 

/*  Damn  Borland  C won't  declare  these  ifdef  STDC . */ 

void  far  * _Cdecl  f a r c a l l o c ( u n s i g n e d long  nunits,  unsigned  long  unitsz); 

void  _Cdecl  f arf ree(void  far  * block); 

tt  e n d i f 

tt  define  fcalloc  farcal  loc  /*  Assumes  that  all  arrays  are  < 64K  for  MSDOS*/ 
tt  define  fcfree  farfree 

tt  else  /*  ! TURBOC */ 

tt  include  <malloc.h> 

tt  define  f c a l l o c ( n i t em s , i t ems i z e ) h a l l o c ( ( l o ng  ) ( n i t e m s ) , ( i t em s i z e ) ) 

tt  define  fcfree  hfree 
tt  endif  /*  ? TURBOC */ 


1189 


lib/ pgp/ pipe/text/ztailor.h 


tt  define  far  fa  r 

tt  define  near  near 

//else  /*  ! M S D 0 S * / 


pgpMemAllocCClong)Cnitems)*Citems 
pgpMemFree 

//end  i f /*  IMSDOS  */ 

//include  <stdlib.h> 


tt  ifndef  D Y N_A  L L 0 C 
ft  define  D Y N_A  L L 0 C 0 
tt  e n d i f 
tt  define  far 
tt  define  near 

tt  define  f ca  L LocCni  terns,  i temsi  ze) 
tt  define  fcfree 


/*  Define  this  symbol  if  your  target  allows  access  to  unaligned  data. 

* This  is  not  mandatory,  just  a speed  optimization.  The  compressed 

* output  is  strictly  identical. 

* / 

//ifndef  UNALIGNE  D__0  K 

tt  i f def  i ned(MSDOS)  ||  d e f i n e d C M_X E N I X ) ||  d e f i n e d ( i 3 8 6 ) ||  definedC i 3 8 6 

tt  define  UNALIGNE  D__0  K 1 

tte  lif  d e f i n ed  ( m c 6 8 0 2 0 ) ||  definedC mc68020 ) 

tt  define  UNALIGNE  D_0  K 1 

#elif  def ined(vax)  j|  definedC vax ) 

tt  define  UNALIGNE  D_0  K 1 
//else 

tt  define  U N A L I G N E D__0K  0 
tt  e n d i f 
tt  e nd  i f 

/ * end  of  tailor. h */ 


i z e ) ) 


) 
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ztrees.c 

/ * 

* Copyright  (C)  1990-1993  Mark  Adler,  Richard  B.  Wales,  Jean-loup  Gailly, 

* Kai  Uwe  Rommel  and  Igor  Mandri chenko . 

* Permission  is  granted  to  any  individual  or  institution  to  use,  copy, 

* or  redistribute  this  software  so  long  as  all  of  the  original  files 

* are  included,  that  it  is  not  sold  for  profit,  and  that  this  copyright 

* notice  is  retained. 

* 

* $ I d : ztrees.c, v 1.8. 2. 2 1 996/1  1 /1  4 04:09:35  cbertsch  Exp  $ 

*/ 

/* 

* trees. c by  Jean-loup  Gailly 

* 

* This  is  a new  version  of  im_ctree.c  originally  written  by  Richard  B.  Wales 

* for  the  defunct  implosion  method. 

* 

* PURPOSE 

* 

* Encode  various  sets  of  source  values  using  va r i ab  l e- l engt h 

* binary  code  trees. 

* 

* DISCUSSION 

★ 

* The  PKZIP  "deflation"  process  uses  several  Huffman  trees.  The  more 

* common  source  values  are  represented  by  shorter  bit  sequences. 

* 

* Each  code  tree  is  stored  in  the  ZIP  file  in  a compressed  form 

* which  is  itself  a Huffman  encoding  of  the  lengths  of 

* all  the  code  strings  (in  ascending  order  by  source  values). 

* The  actual  code  strings  are  reconstructed  from  the  lengths  in 

* the  UNZIP  process,  as  described  in  the  "application  note" 

* (APPN0TE.TXT)  distributed  as  part  of  PKWARE's  PKZIP  program. 

* 

* REFERENCES 

* 

* Lynch,  Thomas  J. 

* Data  Compression:  Techniques  and  Applications,  pp.  53-55. 

* Lifetime  Learning  Publications,  1985.  ISBN  0-534-03418-7. 

* 

* Storer,  James  A. 

* Data  Compression:  Methods  and  Theory,  pp.  49-50. 

* Computer  Science  Press,  1988.  ISBN  0-7167-8156-5. 

* 

* Sedgewick,  R. 

* Algorithms,  p290. 

* Add i son-Wes  l ey , 1 983.  ISBN  0-201  -06672-6. 

* 

* INTERFACE 

* 

* void  ct_init  (void)) 

* Allocate  the  match  buffer  and  initialize  the  various  tables. 

* 

* void  ct_tally  (unsigned  dist,  unsigned  Ic); 

* Save  the  match  info  and  tally  the  frequency  counts. 

* 

* long  flush_block  (char  const  *buf,  word32  stored_len,  int  eof) 
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* Determine  the  best  encoding  for  the  current  block:  dynamic  trees, 

* static  trees  or  store,  and  output  the  encoded  block  to  the  zip 

* file.  Returns  the  total  compressed  length  for  the  file  so  far. 

* 

* / 

# i f d e f H A V E_C  0 N F I G_H 
//include  "config.h" 

U e nd  i f 

//include  <ctype.h> 

//include  "zip.h" 

/*  ========================================================================== 

* Constants 

* / 

//define  MAX_BITS  15 

/*  All  codes  must  not  exceed  MAX_BITS  bits  */ 

//define  M A X_B  L_B  ITS  7 

/*  Bit  length  codes  must  not  exceed  MAX_BL_BITS  bits  */ 

//define  L E N G T H_C  ODES  29 

/*  number  of  length  codes,  not  counting  the  special  END_BL0CK  code  */ 

//define  LITERALS  256 

/*  number  of  literal  bytes  0..255  */ 

//define  E N D_B  LOCK  256 

/*  end  of  block  literal  code  */ 

//define  L_C0DES  ( L I T E R A L S + 1 + L E N G T H_C  0 D E S ) 

/*  number  of  Literal  or  Length  codes,  including  the  END_BL0CK  code  */ 

//define  D_C0DES  30 

/*  number  of  distance  codes  */ 

//define  BL_C0DES  19 

/*  number  of  codes  used  to  transfer  the  bit  lengths  * / 


/*  extra  bits  for  each  length  code  */ 

static  int  const  near  e x t r a_l b i t s [ L E N GTH_C 0 D E S 0 

= TO, 0,0, 0,0, 0,0, 0,1, 1,1, 1,2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5,5,0}; 


/*  extra  bits  for  each  distance  code  */ 
static  int  const  near  e x t r a_db i t s L D CODES] 


= f0, 0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13}; 


/*  extra  bits  for  each  bit  length  code  */ 
static  int  const  near  e x t r a_b l b i t s C B L_C 0 D E S ] 

= CO,  0,0, 0,0, 0,0, 0,0, 0,0, 0,0, 0,0, 0,2, 3,7}; 


//define  STORE  D_B  L0  C K 0 
//define  S T A T I C_T  REES  1 
//define  D Y N_T  REES  2 

/*  The  three  kinds  of  block  type  */ 
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tfifndef  LIT_BUFSIZE 
tt  ifdef  S M A L L_M  E M 
tt  define  LIT_BUFSIZE  0x2000 

tt  else 

tt  ifdef  MEDIUM_MEM 

tt  define  LIT_BUFSIZE  0x4000 

tt  else 

tt  define  LIT_BUFSIZE  0x8000 

tt  end  i f 

tt  end  i f 
#end  i f 

^define  DIST_BUFSIZE  LIT_BUFSIZE 

/*  Sizes  of  match  buffers  for  L i t e r a t s / l e n g t h s and  distances.  There  are 
4 reasons  for  Limiting  LIT_BUFSIZE  to  < 64K: 

- frequencies  can  be  kept  in  16  bit  counters 

- if  compression  is  not  successful  for  the  first  block,  all  input  data  is 
still  in  the  window  so  we  can  still  emit  a stored  block  even  when  input 
comes  from  standard  input.  (This  can  also  be  done  for  all  blocks  if 
L I T_B  U F S I Z E is  not  greater  than  32K.) 

- if  compression  is  not  successful  for  a file  smaller  than  64K,  we  can 
even  emit  a stored  file  instead  of  a stored  block  (saving  5 bytes). 

- creating  new  Huffman  trees  less  frequently  may  not  provide  fast 
adaptation  to  changes  in  the  input  data  statistics.  (Take  for 
example  a binary  file  with  poorly  compressible  code  followed  by 
a highly  compressible  string  table.)  Smaller  buffer  sizes  give 
fast  adaptation  but  have  of  course  the  overhead  of  transmitting  trees 
more  frequently. 

- I can't  count  above  4 

The  current  code  is  general  and  allows  D I S T_BU F S I Z E < LIT_BUFSIZE  (to  save 
memory  at  the  expense  of  compression).  Some  optimizations  would  be  possible 
if  we  rely  on 


* 

* 

* 

* 

★ 

★ 

★ 

* 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ / 


DIST  BUFSIZE  ==  LIT  BUFSIZE. 


//define  REP_3_6  16 

/*  repeat  previous  bit  Length  3-6  times  (2  bits  of  repeat  count)  */ 
//define  REPZ_3_10  17 

/*  repeat  a zero  Length  3-10  times  (3  bits  of  repeat  count)  */ 
//define  REPZ_11_138  18 

/*  repeat  a zero  Length  11-138  times  (7  bits  of  repeat  count)  */ 

* LocaL  data 
*/ 


/ * Data  structure  describing  a singLe  vaLue  and  its  code  string.  * / 


struct 

c t_d  a t a 

{ 

union  { 

w o r d 1 6 

f r e q ; 

/ * 

frequency  count  */ 

wo  rd  1 6 

code; 

/ * 

bit  string  */ 

> 

f c; 

union  { 

wo  rd  1 6 

dad; 

/* 

father  node  in  Huffman  tree  */ 

wo  r d 1 6 

len; 

/ * 

length  of  bit  string  */ 

> 

dl; 

>; 

# d e f i n e Freq  fc 

.freq 
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^define  Code  fc.code 
#def i ne  Dad  dl.dad 
#def i ne  Len  dl.len 

^define  HEAP_SIZE  ( 2 * L_C 0 D E S + 1 ) 

/*  maximum  heap  size  */ 

static  struct  ct_data  near  d y n_l t r e e C H E A P_S I Z E ] ; /*  Literal  and  Length  tree*/ 

static  struct  ct_data  near  dy n_d t r e e C 2 * D_C 0 D E S + 1 ] ; /*  distance  tree  */ 

static  struct  ct_data  near  s t a t i c_ 1 1 r e e C L_C  0DES+2D; 

/*  The  static  Literal  tree.  Since  the  bit  Lengths  are  imposed,  there  is  no 

* need  for  the  L_C0DES  extra  codes  used  during  heap  construction.  However 

* The  codes  286  and  287  are  needed  to  build  a canonical  tree  (see  ct_init 

* below). 

* / 

static  struct  ct_data  near  s t a t i c_d t r e e C D_C 0 D E S ] ; 

/*  The  static  distance  tree.  (Actually  a trivial  tree  since  all  codes  use 
* 5 bits.) 

*/ 

static  struct  ct_data  near  b l_t r e e [ 2 * B L_C 0 D E S + 1 ] ; 


the  dynamic  tree  * / 

corresponding  static  tree  or  NULL  */ 
extra  bits  for  each  code  or  NULL  */ 
base  index  for  extra_bits  */ 
max  number  of  elements  in  the  tree  */ 
max  bit  length  for  the  codes  */ 
largest  code  with  non  zero  frequency*/ 


(dyn_ltree,  stati c_ltree/  extra_lbits,  LITERALS+1,  L_C0DES,  MAX_BITS,  0>; 
static  struct  tree_desc  near  d_desc  = 

(dyn_dtree,  stati c_dtree,  extra_dbits,  0,  D_C0DES,  MAX_BITS,  0>; 

static  struct  tree_desc  near  bl_desc  = 

{ b l_t  r e e , NULL,  e x t r a_b l b i t s , 0,  BL_C0DES,  M A X_B  L_B ITS,  0>; 

static  w o r d 1 6 near  b l_c ou n t [ M AX_B I T S + 1 ] ; 

/*  number  of  codes  at  each  bit  length  for  an  optimal  tree  */ 

static  byte  const  near  b l_o r d e r [ B L_C 0 D E S ] 

= (16, 17, 18, 0,8, 7, 9, 6, 10, 5, 11,  4, 12, 3, 13, 2, 14, 1 ,1 5>; 

/*  The  lengths  of  the  bit  length  codes  are  sent  in  order  of  decreasing 

* probability,  to  avoid  transmitting  the  lengths  for  unused  bit  length  codes. 

★ / 

static  int  near  h e a p C 2 * L_C 0 D E S + 1 ] ; /*  heap  used  to  build  the  Huffman  trees  */ 

static  int  heap_len;  /*  number  of  elements  in  the  heap  */ 

static  int  heap_max;  /*  element  of  largest  frequency  */ 

/*  The  sons  of  heapCn]  are  heapC2*n]  and  h e a p C 2 * n + 1 D . heapCOD  is  not  used. 

* The  same  heap  array  is  used  to  build  all  trees. 


/*  Huffman  tree  for  the  bit  lengths  */ 


struct  tree 

_desc  { 

struct 

c t_d  a t a 

near 

*dyn_tree; 

/* 

struct 

c t_d  a t a 

near 

* s t a t i c_t  ree; 

/* 

i n t 

const 

near 

* e x t r a_b i t s ; 

/* 

i n t 

e x t r a_ba  se; 

/ * 

i n t 

e Lems; 

/* 

i nt 

max_length; 

/* 

i n t 

ma  x_c  od  e ; 

/ * 

>; 


static  struct  tree_desc  near  l desc  = 
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*/ 

static  byte  near  d e p t h [ 2 * L_C 0 D E S + 1 ] ; 

/*  Depth  of  each  subtree  used  as  tie  breaker  for  trees  of  equal  frequency  */ 
static  byte  l e ng t h_c od e C M AX_M AT C H-M I N_M A T C H + 1 1 ; 

/*  length  code  for  each  normalized  match  length  (0  ==  MIN_MATCH)  */ 
static  byte  d i s t_c od e £ 5 1 2 3 ; 

/*  distance  codes.  The  first  256  values  correspond  to  the  distances 

* 3 ..  258,  the  last  256  values  correspond  to  the  top  8 bits  of 

* the  15  bit  distances. 

*/ 

static  int  near  ba s e_l e n g t h C L E NG T H_C 0 D E S 3 ; 

/*  First  normalized  length  for  each  code  (0  = MIN_MATCH)  */ 
static  int  near  ba s e_d i s t C D_C  0 D E S 3 ; 

/*  First  normalized  distance  for  each  code  (0  = distance  of  1)  */ 

# i f nd  e f D Y N_A  LL 0 C 

static  byte  far  l_bu f C L I T_BU F S I Z E 3 ; /*  buffer  for  literals/lengths  */ 

static  word16  far  d__bu f C D I S T_6U F S I Z E 3 ; /*  buffer  for  distances  */ 
tt  e l s e 

static  byte  far  *l_buf; 
static  word16  far  *d_buf; 

#endi f 

static  byte  near  f l a g_bu f C ( L I T_BU F S I Z E / 8 ) 3 ; 

/*  flag_buf  is  a bit  array  distinguishing  literals  from  lengths  in 

* l_buf,  and  thus  indicating  the  presence  or  absence  of  a distance. 

* / 


static 

unsigned 

last 

_lit; 

/* 

r u n n i ng 

index 

i n 

l_bu  f 

* / 

static 

unsigned 

last 

_dist; 

/ * 

runni ng 

index 

i n 

d_bu  f 

* / 

static 

unsigned 

last 

-flags; 

/* 

running 

index 

i n 

f l ag_ 

bu  f * / 

static  byte  flags;  /*  current  flags  not  yet  saved  in  flag_buf  */ 

static  byte  flag_bit;  /*  current  bit  used  in  flags  */ 

/*  bits  are  filled  in  flags  starting  at  bit  0 (least  significant). 

* Note:  these  flags  are  overkill  in  the  current  code  since  we  don't 

* take  advantage  of  DIST_BUFSIZE  ==  LIT_BUFSIZE. 

*/ 

static  word32  opt_len;  /*  bit  length  of  current  block  with  optimal  trees*/ 

static  word32  stati c_len;  /*  bit  length  of  current  block  with  static  trees  */ 

static  word32  compressed_len;  /*  total  bit  length  of  compressed  file  */ 

static  word32  input_len;  /*  total  byte  length  of  input  file  */ 

/*  input_len  is  for  debugging  only  since  we  can  get  it  by  other  means.  */ 


# i f d e f 

ZIPDEBUG 

extern 

word32  bi ts_sent; 

/ * 

b i t 

extern 

#end i f 

word32  isize; 

/* 

byte 

extern 

long  bloc  k_s  tart; 

/ * 

extern 

unsigned  near  strstart 

; /* 

length  of  the  compressed  data  */ 
length  of  input  file  */ 

window  offset  of  current  block  */ 
window  offset  of  current  string  */ 
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* Local  (static)  routines  in  this  file. 


* / 

s t a t i 

c 

vo  i 

s t a t i 

c 

v o i 

s t a t i 

c 

vo  i 

s t a t i 

c 

vo  i 

s t a t i 

c 

v o i 

s t a t i 

c 

v o i 

s t a t i 

c 

vo  i 

s t a t i 

c 

int 

s t a t i 

c 

vo  i 

s t a t i 

c 

v o i 

struct 

i n i t_b lock(void); 

pqdownheapCstruct  ct_data  near  *tree,  int  k); 
gen_bi t lenCstruct  tree_desc  near  *desc); 
gen_codes ( st ruct  ct_data  near  *tree,  int  max_code); 
bui ld_tree(struct  tree_desc  near  * d e s c ) ; 
scan_tree(struct  ct_data  near  *tree,  int  max_code); 
send_tree(struct  ct_data  near  *tree,  int  max_code); 
bui ld_bl_tree(void); 

send_all_trees(int  Icodes,  int  d codes,  int  bicodes)  ; 
comp r e s s_b l o c k ( s t ru c t ct_data  near  *ltree, 
t_data  near  *dtree) ; 


//ifndef  ZIPDEBUG 

# define  send_code(c,  tree)  send_bi tsltreelc] . Code,  treelcl.Len) 

/*  Send  a code  of  the  given  tree,  c and  tree  must  not  have  side  effects  */ 

//else  /*  ZIPDEBUG  */ 

# define  send_code(c,  tree)  \ 

{ if  (verbose  > 1)  fprintf(stderr,"\ncd  %3d  ",(c));  \ 
send bi ts(treelc] . Code,  treelcD.Len);  > 

U e n d i f 

//define  d_code(dist)  \ 

((dist)  < 256  ? di st_code[di stl  : d i s t_c od e C 2 5 6+ ( ( d i s t ) > > 7 ) ] ) 

/*  Mapping  from  a distance  to  a distance  code,  dist  is  the  distance  - 1 and 

* must  not  have  side  effects,  d i s t_c o d e C 2 5 6 1 and  d i s t_c od e C 2 5 7 ] are  never 

* used. 

*/ 

//define  MAX(a,b)  (a  > = b ? a : b) 

/*  the  arguments  must  not  have  side  effects  */ 

* Reverse  k low-order  bits  in  a word.  Not  s p e e d - c r i t i c a l 
*/ 

static  unsigned 

b i t_r e v e r s e ( u n s i g n e d value,  int  len) 

< 

unsigned  result  = 0; 
do  { 

result  <<=  1 ; 
result  |=  value  & 1; 
value  >>=  1; 

> while  (--len); 
return  result; 

} 

* Allocate  the  match  buffer  and  initialize  the  various  tables. 

* / 
i n t 

c t_i n i t ( vo i d ) 

{ 
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i n t 

n; 

/* 

i n t 

bits; 

/* 

i n t 

length; 

/* 

i n t 

code; 

/* 

i n t 

dist; 

/ * 

iterates  over  tree  elements  */ 

bit  counter  * / 

length  value  * / 

code  value  */ 

distance  index  * / 


compressed_len  = input_len  = OL; 

#ifdef  DYN_ALL0C 

/*  Allocate  the  buffers  */ 

d_bu  f = ( w o r d 1 6 far  * ) f c a l l o c ( D I S T_BU F S I Z E , s i zeof ( wordl 6 ) ) ; 
i f ( d_bu  f ==  NULL) 
return  -1; 

l_buf  = (byte  far  * ) f c a l l o c ( L I T_BU F S I Z E / 2 , 2); 

/*  Avoid  using  the  value  6 4 K on  16  bit  machines  * / 
if  ( l_buf  ==  NULL ) { 

f cf reel d_b  u f ) ; 
return  -1; 

> 

/*  if  (l_buf  ==  NULL  | | d_buf  ==  NULL)  er ror ( "ct_i ni t : out  of  memory");  */ 
# e nd i f 

/*  Initialize  the  counts  for  the  first  block  */ 
ini t_b l o c k ( ) ; 


/*  The  following  initializes  constant  data  - it  may  be  skipped  */ 
if  ( s t a t i c_d t r e e L 0 J . L e n !=  0)  return  0;  /*  ct_init  already  called  */ 

/*  Initialize  the  mapping  length  (0..255)  ->  length  code  (0..28)  */ 
length  = 0; 

for  (code  = 0;  code  < LE NGT H_C 0 D E S - 1 ; code++)  { 
base_lengthCcode]  = length; 

for  (n  = 0;  n < (1<<extra_lbitsCcodeIl);  n++)  { 
l e n g t h_c od e C l e n g t h ++ ] = (byte)code; 

> 

> 

ZipAssert  (length  ==  256,  "ct_init:  length  \ - 256"); 

/*  Note  that  the  length  255  (match  length  258)  can  be  represented 

* in  two  different  ways:  code  284  + 5 bits  or  code  285,  so  we 

* overwrite  l e n g t h_c od e C 2 5 5 ] to  use  the  best  encoding: 

* / 

l e ng t h_c od e C l e n g t h - 1 ] = (byte)code; 

/*  Initialize  the  mapping  dist  (0..32K)  ->  dist  code  (0..29)  */ 
d i s t = 0 ; 

for  (code  = 0 ; code  < 16;  code++)  { 
ba s e_d i s t C c od e H = dist; 

for  (n  = 0;  n < ( 1 < < e x t r a_d b i t s C c od e ] ) ; n++)  { 
d i s t_c od e C d i s t ++ D = (byte)code; 

> 

> 

ZipAssert  (dist  ==  256,  "ct_init:  dist  !=  256"); 

dist  >>=  7;  /*  from  now  on,  all  distances  are  divided  by  128  */ 
for  ( ; code  < D_C0DES;  code++)  { 
ba s e_d i s t C c o d e ] = dist  <<  7; 

for  (n  = 0;  n < ( 1 < < ( e x t r a_d b i t s l c od e T -7 ) ) ; n++)  { 
d i s t_c od e C 2 5 6 + dist++T  = (byte)code; 

> 

> 

ZipAssert  (dist  ==  256,  "ct_init:  256+dist  !=  512"); 
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/*  Construct  the  codes  of  the  static  Literal  tree  */ 
for  (bits  = 0;  bits  <=  MAX_BITS;  bits++) 
bl_countCbits]  = 0 ; 
n = 0 ; 


while 

( n 

< = 

143) 

s t a t i c_ 

ltreeCn  + + H . Len 

= 8, 

bl. 

_countL8]++; 

while 

( n 

< = 

2 5 5 ) 

stati c_ 

ltreeln++] . Len 

- 9, 

bl. 

_countC9]++; 

while 

( n 

< = 

279) 

stati c_ 

ltreeCn  + +]  . Len 

= 7, 

bl 

_countC7II  + + ; 

while 

( n 

< = 

287) 

stati c_ 

ltreeCn  + + ] . Len 

= 8, 

bl 

_countC8]++; 

/*  Codes 

286 

and 

287  do 

not  exist,  but 

we  must 

include  them 

* tree  construction  to  get  a canonical  Huffman  tree  (longest  code 

* all  ones ) 

* / 

gen_codes( (struct  ct_data  near  * ) s t a t i c_l t r ee , L_C0DES+1); 

/*  The  static  distance  tree  is  trivial:  */ 
for  (n  = 0;  n < D_C0DES;  n++)  C 
stati c_dtreeln] . Len  = 5; 

s t a t i c_d  t r e e C n II  . C od  e = bi  t_reverse(n,  5); 

> 

return  0; 


void  c t_f  reel) 

C 

# i f d e f PGP 

/*  Wipe  static  arrays  */ 

mem s e t ( dy n_l t r e e , 0,  sizeof(dyn_ltree)); 

memset (dyn_dtree,  0,  s i z e o f ( d y n_d  t r e e ) ) ; 

mem s e t ( b l_t r e e , 0,  si zeof (bl_t ree ) ) ; 

mem s e t ( b l_c ou n t , 0,  sizeof (bl_count)); 

memsetlheap,  0,  sizeof(heap)); 

mem s e t ( d e p t h , 0,  s i z e o f ( d e p t h ) ) ; 

mem s e t ( f l a g_bu f , 0,  s i zeof ( f l ag_buf ) ) ; 

/*  Wipe  static  variables  */ 

heap_len  = 0 ; 

h e a p_m ax  = 0 ; 

last_lit  = 0 ; 

las  t_d i s t = 0 ; 

l a s t_f lags  = 0 ; 

flags  = 0 ; 

f l a g_b it  = 0 ; 

o p t _ l e n = 0 ; 

stati c_ len  = 0; 

c omp r e s s ed_l e n = 0; 

input_len  = 0 ; 

/*  Wipe  buffers  - d_buf  in  two  halves  to  avoid  64K  limits  */ 
memset ( d_buf , 0,  D I S T_BU F S I Z E / 2 * sizeof(word16)); 

m e m s e t ( d_b  u f + D I S T_B  UFSIZE/2,  0,  ( D I S T_B U F S I Z E + 1 ) / 2 * sizeof (word16)); 
memset ( l_buf,  0,  L I T_BU F S I Z E ) ; 

# e nd i f 

#ifdef  D Y N_A  L L0  C 

f cf ree( d_bu  f ) ; 
f cf ree( l_bu  f ) ; 
d_buf  = NULL; 
l_buf  = NULL; 
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# e nd i f 

> 

/ * = = = = = = = = = = = ==  = = = = = :i;S:  = = = = = = = = = = = = = = = = = = = = = = 

* Initialize  a new  block. 

*/ 

static  void 
i n i t_b lock(void) 

{ 

int  n;  / * iterates  over  tree  elements  * / 


/* 

Initial! 

z e 

the 

trees. 

* / 

for 

( n = 0 ; 

n 

< 

L_ 

CODES; 

n + + ) 

dyn_ltreeHn!]  . Freq 

for 

( n = 0 ; 

n 

< 

D_ 

CODES; 

n + + ) 

dyn_dtreeCn] . Freq 

for 

( n = 0 ; 

n 

< 

BL 

_C  ODES; 

n + + ) 

b l_t  reeln] . Freq  = 

d y n_l t r e e L E N D_B  LOCK] . Freq  = 1; 
opt_len  = static_len  = OL; 
last_lit  = last_dist  = last_flags  = 0; 
flags  = 0;  flag_bit  = 1; 

> 

^define  SMALLEST  1 

/*  Index  within  the  heap  array  of  least  frequent  node  in  the  Huffman  tree  */ 


/ * — = ==  = = = = = = = = = = = 4fe§i|=  = = = = = = = = = = = = =®  = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = 

* Remove  the  smallest  element  from  the  heap  and  recreate  the  heap  with 

* one  less  element.  Updates  heap  and  heap_len. 

* / 

#define  pqremovettree,  top)  \ 

t\ 

top  = heapCSMALLESTl ; \ 
heapCSMALLEST]  = heap£heap_len--D;  \ 
pqdownheap(tree,  SMALLEST);  \ 

} 

/*  = = = = = = = = = = = = = = = = = = = = ==================================================== 

* Compares  to  subtrees,  using  the  tree  depth  as  tie  breaker  when 

* the  subtrees  have  equal  frequency.  This  minimizes  the  worst  case  length. 

* / 

#define  smaller(tree,  n,  m)  \ 

(treeln] . Freq  < treelm]  . Freq  ||  \ 

( t r e e C n D . F r e q ==  treelm] . Freq  SS  depthCnD  <=  depthCm])) 


/ * = = = = = = = = = = = = = = = = = = _ = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = 

* Restore  the  heap  property  by  moving  down  the  tree  starting  at  node  k, 

* exchanging  a node  with  the  smallest  of  its  two  sons  if  necessary,  stopping 

* when  the  heap  property  is  re-established  (each  father  smaller  than  its 

* two  sons). 

*/ 

static  void 

pqd o w n h e a p ( s t r u c t ct_data  near  *tree,  int  k) 

{ 

int  v = heapllk]; 

int  j = k <<  1;  /*  left  son  of  k */ 

int  htemp;  /*  required  because  of  bug  in  SASC  compiler  */ 

while  (j  <=  heap_len)  i 
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/*  Set  j to  the  smallest  of  the  two  sons:  */ 

if  (j  < heap_len  &&  smallerCtree,  heapCj+1],  heapCj]))  j+  + ; 

/★  Exit  if  v is  smaller  than  both  sons  ★ / 
htemp  = heapCj]; 

if  (smallerCtree,  v , htemp))  break; 

/*  Exchange  v with  the  smallest  son  ★ / 
heapCk]  = htemp; 
k = j ; 

/*  And  continue  down  the  tree,  setting  j to  the  left  son  of  k ★ / 
j <<=  1; 

> 

heapCk]  = v ; 


* Compute  the  optimal  bit  lengths  for  a tree  and  update  the  total  bit  length 

* for  the  current  block. 

* IN  assertion:  the  fields  freq  and  dad  are  set,  h e a p C h e a p_ma x D and 

* above  are  the  tree  nodes  sorted  by  increasing  frequency. 

* OUT  assertions:  the  field  len  is  set  to  the  optimal  bit  length,  the 

* array  bl_count  contains  the  frequencies  for  each  bit  length. 

* The  length  opt_len  is  updated;  static_len  is  also  updated  if  stree  is 

* not  null. 


* / 

static  void 

gen_bitlen(struct  tree_desc  near  *desc) 

{ 

struct  ct_data  near  *tree  = desc->dyn_tree; 


i n t 

const  near 

★extra 

= d e s c -> e x t r a_b i t s ; 

i n t 

base 

= d e s c -> ex t r a_ba s e ; 

i n t 

max_code 

= d e s c ->ma x_c od e ; 

i n t 

max_length 

= d e s c -> ma x_l e ng t h ; 

struct  c t_da  t a 

near 

★stree  = d e s c-> s t a t i c_t r e e ; 

i n t 

h; 

/ * 

heap  index  ★/ 

i n t 

n,  m; 

/* 

iterate  over  the  tree  elements  */ 

i n t 

bits; 

/ * 

bit  length  */ 

i n t 

x b i t s ; 

/* 

extra  bits  */ 

word16  f; 

/ * 

frequency  */ 

i n t 

overflow  = 

0; 

/ * 

number  of  elements  with  bit  length 

for 

(bits  = 0 ; 

bits 

< = 

M A X_B ITS;  bits  + + ) 

bl_countCbits]  = 0; 


large  ★ / 


/*  In  a first  pass,  compute  the  optimal  bit  lengths  (which  may 

* overflow  in  the  case  of  the  bit  length  tree). 

* / 

t r e e C h e a p C h e a p_ma x ] 1 . Le n = 0;  /*  root  of  the  heap  ★ / 


for  (h  = heap_max+1;  h < HEAP_SIZE;  h++)  C 
n = heapCh]; 

bits  = t r e e C t r e e C n ] . D a d ] . Le n + 1; 
if  (bits  > max_length)  C 
bits  = max_length; 
overt  low  + + ; 

> 

treetnl.Len  - ( wo rdl 6 ) b i t s ; 
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/*  We  overwrite  treeCnU.Dad  which  is  no  longer  needed  */ 

if  ( n > max_code ) 

continue;  /*  not  a leaf  node  */ 

bl_countCbi ts3++; 
x b i t s = 0 ; 
if  (n  >=  base) 

xbits  = extraln-basel; 
f = treeln]  . Freq; 

opt_len  +=  (word32)f  * (bits  + xbits); 
if  (stree) 

stati c_len  +=  (word32)f  * (streeCnD.Len  + xbits); 

> 

if  (overflow  ==  0)  return; 

Trace((stderr,"\nbit  length  overflowin'1)  ) ; 

/*  This  happens  for  example  on  obj2  and  pic  of  the  Calgary  corpus  */ 

/*  Find  the  first  bit  length  which  could  increase:  */ 
do  ( 

bits  = ma x_l e ng t h - 1 ; 
while  ( b l_c o u n t C b i t s ] ==  0) 
b i t s — ; 

b l_c o un t [ b i t s 1 /*  move  one  leaf  down  the  tree  */ 
bl_countCbits+1T  +=  2;  /*  move  one  overflow  item  as  its  brother  */ 
b l_c  o u n t C ma  x_l engthU--; 

/*  The  brother  of  the  overflow  item  also  moves  one  step  up, 

* but  this  does  not  affect  b l_c o u n t C ma x_l e n g t h D 
*/ 

overflow  -=  2; 

> while  (overflow  > 0); 

/*  Now  recompute  all  bit  lengths,  scanning  in  increasing  frequency. 

* h is  still  equal  to  HEAP_SIZE.  (It  is  simpler  to  reconstruct  all 

* lengths  instead  of  fixing  only  the  wrong  ones.  This  idea  is  taken 

* from  'ar'  written  by  Haruhiko  Okumura . ) 

* / 

for  (bits  = max_length;  bits  !=  0;  bits--)  i 
n = bl_countCbits]; 
while  (n  !=  0)  { 

m = heap[--h]; 
if  ( m > max_code ) 
continue; 

if  ( t r e e C m II  . L e n !=  (unsigned)  bits)  { 

Trace( (stderr/'code  %d  bits  %d->%d\n",  m,  treelml . Len,  bits)); 
opt_len  +=  ((long)bits  - treelmD.Len)  * treeCmll.Freq; 
treelm] . Len  = (word16)bits; 

> 

n — ; 

> 

> 

> 

* Generate  the  codes  for  a given  tree  and  bit  counts  (which  need  not  be 

* optimal). 

* IN  assertion:  the  array  bl_count  contains  the  bit  length  statistics  for 

* the  given  tree  and  the  field  len  is  set  for  all  tree  elements. 
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* OUT  assertion:  the  field  code  is  set  for  all  tree  elements  of  non 

* zero  code  length. 

* / 

static  void 

gen_codes(struct  ct_data  near  *tree,  int  max_code) 

{ 

word16  n e x t_c od e C M AX_B I TS+ 1 ] ; /*  next  code  value  for  each  bit  length  */ 
word16  code  = 0;  / * running  code  value  * / 

intbits;  /*  bit  index  */ 

int  n;  /*  code  index  */ 

/*  The  distribution  counts  are  first  used  to  generate  the  code  values 

* without  bit  reversal. 

*/ 

for  (bits  = 1;  bits  <=  MAX_BITS;  bits++) 

n e x t_c od e C b i t s ] = code  = (code  + b l_c ou n t C b i t s - 1 D ) <<  1; 

/*  Check  that  the  bit  counts  in  bl_count  are  consistent.  The  last  code 

* must  be  all  ones. 

* / 

ZipAssert  (code  + b l_c o un t C M AX_B I T S ]- 1 ==  ( 1 < < M A X_B I T S ) - 1 , 

"inconsistent  bit  counts"); 

Tracev( (stderr/"\ngen_codes : max_code  %d  ",  max_code) ) ; 


( n 

= 0; 

n <=  max_ 

code; 

n + + ) C 

i n t 

l e n 

= treeln]  . 

Len; 

i f 

(len 

= = 0) 

continue; 

/ * 

Now 

reverse  the 

bits 

*/ 

treeCnT.Code  = bit_reverse(next_codellen]++,  len); 


> 


} 


Tracec(tree  !=  s t a t i c_l t r e e , (stderr,"\nn  %3d  %c  l 
n,  (isgraph(n)  ? n : ' '),  len,  treeln] . Code, 


% 2 d c % 4 x (%x)  ", 
next_codellen]-1 )); 


* Construct  one  Huffman  tree  and  assigns  the  code  bit  strings  and  lengths. 

* Update  the  total  bit  length  for  the  current  block. 

* IN  assertion:  the  field  freq  is  set  for  all  tree  elements. 

* OUT  assertions:  the  fields  len  and  code  are  set  to  the  optimal  bit  length 

* and  corresponding  code.  The  length  opt_len  is  updated;  static_len  is 

* also  updated  if  stree  is  not  null.  The  field  max_code  is  set. 

* / 

static  void 

bu i l d_t r e e ( s t r u c t tree_desc  near  *desc) 

{ 

struct  ct_data  near  *tree  = d e s c ->dy n_t r e e ; 

struct  ct_data  near  *stree  = d e s c-> s t a t i c_t r e e ; 
intelems  =desc->elems; 


i n t 

n , m ; 

/* 

iterate 

over 

heap 

elements  * / 

i n t 

max_code  = -1 ; 

/* 

largest 

code 

with 

non 

zero  frequency  */ 

i n t 

node  = elems; 

/ * 

next  internal 

node 

o f 

the  tree  * / 

/*  Construct  the  initial  heap,  with  least  frequent  element  in 

* h e a p C S M A L L E S T ] . The  sons  of  heapCnD  are  heapC2*n]  and  heapC2*n+1D. 

* heapCO]  is  not  used. 

* / 

heap_len  = 0,  heap_max  = HEAP_SIZE; 
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for  (n  = 0;  n < elems;  n++)  { 
if  ( treetn]  . Freq  ! = 0)  { 

h e a p C ++ h ea p_L e n 3 = max_code  = n; 
depthCn]  = 0; 

> else  { 

treeCnH.Len  = 0; 

> 

> 

/*  The  pkzip  format  requires  that  at  Least  one  distance  code  exists, 

* and  that  at  Least  one  bit  shouLd  be  sent  even  if  there  is  onLy  one 

* possibLe  code.  So  to  avoid  speciaL  checks  Later  on  we  force  at  Least 

* two  codes  of  non  zero  frequency. 

* / 

white  (heap_Len  < 2 ) { 

n = h e a p C ++ h e a p_L en]  = (max_code  < 2 ? ++max_code  : 0); 

treeCn] . Freq  = 1 ; 

depthUnll  = 0; 

opt_len — ; 

if  (stree) 

stati  c_Len  -=  s t r e e [ n 3 . Le n ; 

/ * n is  0 or  1 so  it  does  not  have  extra  bits  * / 

> 

d e s c ->ma x_c od e = max_code; 

/*  The  e Lements  h e a p C h e a p_ L e n / 2 + 1 ..  heap_Len3  are  Leaves  of  the  tree, 

* estabLish  sub-heaps  of  increasing  Lengths: 

* / 

for  (n  = heap_Len/2;  n >=  1;  n - - ) 
pqdownheap(tree,  n ) ; 

/*  Construct  the  Huffman  tree  by  repeatedLy  combining  the  Least  two 

* frequent  nodes. 

* / 

do  C 

pqremoveCtree,  n);  /*  n = node  of  Least  frequency  */ 

m = h e a p II  S M A L L E S T 3 ; /*  m = node  of  next  Least  frequency  */ 

h e a p C -- h e a p_ma x 3 = n;  /*  keep  the  nodes  sorted  by  frequency  */ 
heapC--heap_max!l  = m; 

/*  Create  a new  node  father  of  n and  m */ 
treeLnode] . Freq  = treeCn] . Freq  + treeCmH.Freq; 
depthCnode]  = (byte)CMAX(depthCn],  depthtmH)  + 1 ) ; 
treeCnU.Dad  = treeCmD.Dad  = (word16)node; 
flifdef  D U M P_B  L_T  REE 

if  (tree  ==  b L_t  r ee ) 

f p r i n t f ( s t d e r r , " \ n n od e %d(%d),  sons  %d(%d)  %d(%d)", 

node,  treeCnodell.Freq,  n,  treeCnD.Freq,  m,  treeCmD.Freq); 

#end  i f 

/*  and  insert  the  new  node  in  the  heap  */ 
h e a p C S M A L L E S T D = node++; 
pqdownheapCtree,  SMALLEST); 

> white  (heap_Len  >=  2); 

h e a p C -- h e a p_ma x ] = heapCSMALLESTU; 

/*  At  this  point,  the  fieLds  freq  and  dad  are  set.  We  can  now 
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* generate  the  bit  lengths. 

* / 

g e n_b itlen(desc); 

/*  The  field  len  is  now  set,  we  can  generate  the  bit  codes  */ 
gen_codes  (tree,  max_code); 

> 

/*  ======= ============================ ============ ========================== 

* Scan  a literal  or  distance  tree  to  determine  the  frequencies  of  the  codes 

* in  the  bit  length  tree.  Updates  opt_len  to  take  into  account  the  repeat 

* counts.  (The  contribution  of  the  bit  length  codes  will  be  added  later 

* during  the  construction  of  bl_tree.) 

*/ 

static  void 

scan_tree(struct  ct_data  near  *tree,  int  max_code) 

{ 

int  n;  /*  iterates  over  all  tree  elements  */ 

int  prevlen  = -1;  / * last  emitted  length  * / 

int  curlen;  /*  length  of  current  code  */ 

int  nextlen  = treeCOl.Len;  /*  length  of  next  code  */ 

int  count  = 0;  / * repeat  count  of  the  current  code  * / 

int  max_count  = 7;  /*  max  repeat  count  */ 

int  min_count  = 4;  /*  min  repeat  count  */ 

if  (nextlen  ==  0) 

max_count  = 138,  min_count  = 3; 
treelmax_code+1].Len  = (word16)-1;  /*  guard  */ 

for  (n  = 0;  n < = max_code;  n + +)  { 

curlen  = nextlen;  nextlen  = treelln  + IT.Len; 
if  (++count  < max_count  &&  curlen  ==  nextlen)  { 
continue; 

> else  if  (count  < min_count)  { 

bl_treelcurlen] . Freq  +=  count; 

> else  if  (curlen  !=  0)  f 

if  (curlen  !=  prevlen) 

bl_treelcurlen] . Freq++; 
bl_treeCRE  P_3_6 1 . Freq  + + ; 

> else  if  (count  <=  10)  { 

bl_treeCREP  Z 3 1 03 . Freq  + + ; 

> else  { 

b l_t reeCREPZ_1 1_138].Freq++; 

} 

count  = 0;  prevlen  = curlen; 
if  (nextlen  ==  0)  f 

max_count  = 138,  min_count  = 3; 


> 

else 

if  (curlen 

==  nextlen) 

{ 

max 

_count  = 6, 

mi n_count 

= 3; 

> 

else 

max 

_count  = 7, 

m i n_c  o un  t 

= 4; 

> 

> 

} 

/ * = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = 

* Send  a literal  or  distance  tree  in  compressed  form,  using  the  codes  in 

* b l_t  r e e . 

*/ 
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static  void 

send_tree(struct  ct_data  near  *t  ree,  int  max_code) 


i nt 

n; 

/ * 

iterates  over  all  tree  elements  */ 

int 

prevlen  = 

-i; 

/ * 

last  emitted  length  */ 

int 

curlen; 

/ * 

length  of  current  code  */ 

i n t 

nextlen  = 

treelOJ . Len; 

/ * 

length  of  next  code  */ 

i n t 

count  = 0; 

/ * 

repeat  count  of  the  current  code  */ 

i n t 

max_count 

= 7; 

/* 

max  repeat  count  */ 

i n t 

mi n_count 

= 4; 

/* 

min  repeat  count  */ 

/* 

t r e e C ma x_c od e+ 1 ] . L e n = 

*/  /*  guard  already  set  */ 

i f 

(nextlen  == 

0) 

max_count  = 138,  min_count  = 3; 


for  (n  = 0;  n <=  max_code;  n++)  { 
curlen  = nextlen; 
nextlen  = treeCn+IH.Len; 

if  (++count  < max_count  &&  curlen  ==  nextlen)  { 
continue; 

> else  if  (count  < min_count)  { 

do  { 

send_code(curlen,  bl_tree); 

> while  (--count  !=  0 ) ; 

> else  if  (curlen  !=  0)  ( 

if  (curlen  !=  prevlen)  ( 

s e nd_c od e ( c u r l e n , bl_tree); 
count  — ; 

> 

ZipAssert(count  >=  3 &&  count  <=  6,  " 3_6 ? " ) ; 
send_code ( REP_3_6,  bl_tree); 
send_bi ts ( count-3,  2); 

> else  if  (count  <=  10)  { 

s e nd_c o d e ( R E P Z 3 1 0 , bl_tree); 

s e n d_b i t s ( c ou n t -3 , 3); 

> else  ( 

sen  d_c  od  e ( REPZ 1 1 1 38,  bl_tree); 

s e nd_b i t s ( c o u n t - 1 1 , 7); 

> 

count  = 0;  prevlen  = curlen; 
if  (nextlen  ==  0)  ( 


ma  x_c  o u n t 

= 138 

/ 

m i n_c  o u n t 

~ 

> 

else  if  (curlen  = 

- 

nextlen) 

{ 

ma  x_c  o u n t 

= 6, 

m i 

n_count  = 

3; 

> 

else  ( 

ma  x_c o u n t 

= 7, 

m i 

n_c  o u n t = 

4; 

> 


/ * = 

* Construct  the  Huffman  tree  for  the  bit  lengths  and  return  the  index  in 

* bl_order  of  the  last  bit  length  code  to  send. 

* / 

static  int 

bu i l d_b l_t  r e e ( vo  i d ) 

int  max_blindex;  /*  index  of  last  bit  length  code  of  non  zero  freq  */ 
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/*  Determine  the  bit  Length  frequencies  for  Literal  and  distance  trees  */ 
scan_tree(dyn_ltree,  L _d esc. max_ code); 
scan_tree( dy n_d  tree,  d_d  esc .max_code); 

/*  Build  the  bit  Length  tree:  */ 
bu i L d_t  ree(&bl_desc); 

/ * opt_len  now  includes  the  Length  of  the  tree  representations,  except 

* the  Lengths  of  the  bit  Lengths  codes  and  the  5+5+4  bits  for  the  counts. 
*/ 

/*  Determine  the  number  of  bit  Length  codes  to  send.  The  pkzip  format 

* requires  that  at  Least  4 bit  Length  codes  be  sent,  (appnote.txt  says 

* 3 but  the  actual  value  used  is  4.) 

* / 

for  (max_blindex  = BL_C0DES-1;  max_blindex  >=  3;  ma x_b L i n d e x -- ) { 
if  ( b L_t r e e C b L_o r d e r [ ma x_b L i nd e x D ] . Le n !=  0) 
break; 

} 

/*  Update  opt_len  to  include  the  bit  Length  tree  and  counts  */ 
opt_len  +=  3* ( max_b L i ndex+1 ) + 5+5+4; 

Tracev((stderr,  "\ndyn  trees:  dyn  %ld,  stat  %ld",  opt_len,  s t a t i c_L e n ) ) ; 
return  ma x_b l index ; 

} 

/ * " . - - 

* Send  the  header  for  a block  using  dynamic  Huffman  trees:  the  counts,  the 

* Lengths  of  the  bit  Length  codes,  the  Literal  tree  and  the  distance  tree. 

* IN  assertion:  Lcodes  >=  257,  dcodes  >=  1,  bicodes  >=  4. 

*/ 

static  void 

send_a  L L_t  rees ( i nt  Lcodes,  int  dcodes,  int  bicodes) 

{ 

int  rank;  /*  index  in  bl_order  */ 

ZipAssert  (Lcodes  >=  257  &&  dcodes  >=  1 &&  bicodes  >=  4, 

"not  enough  codes"); 

ZipAssert  (Lcodes  <=  L__C0DES  &&  dcodes  <=  D_C0DES  &&  bicodes  <=  BL_C0DES, 
"too  many  codes"  ) ; 

Tracevt (stderr,  "\nbl  counts:  ")); 
s e nd_b i t s ( L c od e s -2 5 7 , 5); 

/*  not  +255  as  stated  in  appnote.txt  1.93a  or  -256  in  2.04c  */ 
s e nd_b i t s ( d c od e s - 1 , 5); 

s e nd_b i t s ( b L c od e s -4 , 4);  /*  not  -3  as  stated  in  appnote.txt  */ 

for  (rank  = 0;  rank  < bicodes;  rank++)  { 

Tracev( ( stderr  , "\nbl  code  %2d  ",  b l_o r d e r C r a n k 1 ) ) ; 
s e nd_b its(bL_treeCb l_o  rderCrankOD.Len,  3); 

> 

Tracev((stderr,  "\nbl  tree:  sent  %ld",  bits_sent)); 

/*  send  the  Literal  tree  */ 

send_tree((struct  ct_data  near  *)dyn_ltree,  Lcodes-1); 

Tracev( (stderr,  "\nlit  tree:  sent  %ld",  bits_sent)); 

/*  send  the  distance  tree  */ 

s e nd_t r e e ( ( s t r u c t ct_data  near  *)dyn_dtree,  dcodes-1); 

Tracev((stderr,  "\ndist  tree:  sent  %ld",  bits_sent)); 

> 
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* Determine  the  best  encoding  for  the  current  block:  dynamic  trees,  static 

* trees  or  store,  and  output  the  encoded  block  to  the  zip  file.  This  function 

* returns  the  total  compressed  length  for  the  file  so  far. 

* 

* buf:  the  input  block,  or  NULL  if  too  old 

* stored_len:  the  length  of  the  input  block 

* eof:  true  if  this  is  the  last  block  for  the  file 

* / 

w o r d 3 2 

f l u s h_b l o c k ( c h a r const  *buf,  word32  stored_len,  int  eof) 

{ 

word32  opt_lenb,  static_lenb;  /*  opt_len  and  static_len  in  bytes  */ 
int  m a x__b  l i n d e x ; /*  index  of  last  bit  length  code  of  non  zero  freq  */ 

f l a g_bu f l l a s t_f l a g s 1 = flags;  /*  Save  the  flags  for  the  last  8 items  */ 

/ * Construct  the  literal  and  distance  trees  * / 
bu i l d_t r e e ( ( s t r u c t tree_desc  near  * ) ( & l_d e s c ) ) ; 

TracevC ( stderr,  "\nlit  data:  dyn  %ld,  stat  %ld",  opt_len,  s t a t i c_l en ) ) ; 
bu i l d_t r e e ( ( s t r u c t tree_desc  near  * ) ( &d_d e s c ) ) ; 

T r a c e v ( ( s t d e r r , "\ndist  data:  dyn  %ld,  stat  %ld",  opt_len,  s t a t i c_l en ) ) ; 

/*  At  this  point,  opt_len  and  static_len  are  the  total  bit  lengths  of 

* the  compressed  block  data,  excluding  the  tree  representations. 

* / 

/*  Build  the  bit  length  tree  for  the  above  two  trees,  and  get  the  index 

* in  bl_order  of  the  last  bit  length  code  to  send. 

* / 

max_blindex  = bu i l d_b l_t r e e ( ) ; 

/*  Determine  the  best  encoding.  Compute  first  the  block  length  in  bytes  */ 
opt_lenb  = (opt_len+3+7)>>3; 
static_lenb  = (static_len+3+7)>>3; 

input_len  +=  stored_len;  /*  for  debugging  only  */ 

Tracedstderr,  "\nopt  %lu(%lu)  stat  %lu(%lu)  stored  %lu  lit  %u  dist  %u  ", 
opt_lenb,  opt_len,  static_lenb,  static_len,  stored_len, 
las t_ lit,  l a s t_d i s t ) ) ; 

if  (static_lenb  <=  opt_lenb)  opt_lenb  = static_lenb; 

#ifndef  PGP  /*  PGP  can't  handle  stored  files  - disable  this  test  */ 

/ * 

* If  compression  failed  and  this  is  the  first  and  last  block, 

* and  if  the  zip  file  can  be  seeked  (to  rewrite  the  local  header), 

* the  whole  file  is  transformed  into  a stored  file: 

* / 

tfifdef  F 0 R C E_M  E T H 0 D 

if  (level  ==  1 &&  eof  &&  compressed_len  ==  OL)  C /*  force  stored  file  */ 

# e l s e 

if  (stored_len  <=  opt_lenb  &&  eof  &&  c omp r e s s e d_l e n ==  OL  &&  seekableO)  C 

# e n d i f 

/*  Since  LIT_BUFSIZE  <=  2*WSIZE,  the  input  data  must  be  there:  */ 
if  (buf  ==  NULL)  error  ("block  vanished"); 


c opy_b l o c k ( bu f , (unsigned)stored_len,  0);  /*  without  header  */ 
c omp r e s s ed_l e n = stored_len  <<  3; 
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> else 

# e n d i f / * PGP  * / 


#i f def 
i f 

ft  else 
i f 

ft  e n d i f 


F 0 R C E_M  E T H 0 D 

(level  ==  2 &&  buf  !=  ( c h a r* ) N U L L ) { /*  force  stored  block  */ 

( s t o r ed_l e n+4  <=  opt_lenb  SS  buf  !=  (char*)NULL)  { 

/*  4:  two  words  for  the  lengths  */ 

/*  The  test  buf  !=  NULL  is  only  necessary  if  LIT_BUFSIZE  > WSIZE. 

* Otherwise  we  can't  have  processed  more  than  WSIZE  input  bytes  since 

* the  last  block  flush,  because  compression  would  have  been 

* successful.  If  L I T_B  U F S I Z E <=  WSIZE,  it  is  never  too  late  to 

* transform  a block  into  a stored  block. 

* / 

s e nd_b i t s ( ( S TO R E D_B LO C K< < 1 ) +e o f , 3);  /*  send  block  type  */ 

c omp r e s s ed_l e n = ( c omp r e s s ed_l e n + 3 + 7)  & ~7L; 
compressed_len  +=  (store d_len  + 4)  <<  3; 


c o py_b l o c k ( bu f , (unsigned)stored_len,  1);  /*  with  header  */ 


#ifdef  F 0 R C E_M  E T H 0 D 

> else  if  (level  ==  3)  { /*  force  static  trees  */ 

ft  else 

> else  if  (static_lenb  ==  opt_lenb)  { 

#endi  f 

sen  d_b i t s ( ( S T A T I C_T  REES<<1)  + eof,  3 ) ; 

c omp r e s s_b l o c k ( ( s t r u c t ct_data  near  * ) s t a t i c_ l t r e e , 

(struct  ct_data  near  *)static_dtree); 
c omp r e s s ed_l e n +=  3 + stati c_len; 

> else  { 

sen d_b i ts ( ( D Y N_T R E E S < < 1 ) + eof , 3 ) ; 

s e nd_a l l_trees( l_desc .max_code  + 1 , d_d  esc.max_code  + 1,  max_blindex+1); 
c omp r e s s_b l o c k ( ( s t r u c t ct_data  near  *)dyn_ltree, 

(struct  ct_data  near  *)dyn_dtree); 
c omp r e s s e d_l e n +=  3 + opt_len; 

> 

ZipAssert  ( compr essed_l en  ==  bits_sent,  "bad  compressed  size"); 
i n i t_b l o c k ( ) ; 

if  ( e o f ) { 

#if  defined(PGP)  &&  ! d e f i n e d ( M M A P ) 

/*  Wipe  out  sensitive  data  for  pgp  */ 
ft  ifdef  D Y N_A  L LO  C 

extern  byte  *wi ndow; 

ft  else 

extern  byte  windowC]; 

ft  end  i f 

memset(window,  0,  (unsigned)(2*WSIZE-1));  /*  -1  needed  if  WSIZE=32K  */ 
ft  else  /*  ! PGP  */ 

ZipAssert  (input_len  ==  isize,  "bad  input  size"); 

#end i f 

bi_windup(); 

c omp r e s s ed_l e n +=  7;  /*  align  on  byte  boundary  */ 

> 

Tracev((stderr,"\ncomprlen  %lu(%lu)  ",  c omp r e s s ed_l e n> > 3 , 
compressed_len-7*eof ) ); 


return  c omp r e s s e d_l e n >>  3; 
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/ * = = = = = = = = = = = = = = = =:£  = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = & = = = = = = = = = =:  = = = = =:  = = = = = = =:  = = = 

* Save  the  match  info  and  tally  the  frequency  counts.  Return  true  if 

* the  current  block  must  be  flushed. 

"k 

* dist  is  the  distance  to  the  matched  string,  or  0 if  none. 

* Ic  is  the  length  of  the  match,  or  the  character  if  dist  ==  0. 

*/ 

i n t 

c t_t a l l y ( u n s i g n ed  dist,  unsigned  Ic) 

l_bufClast_lit++3  = (byte)lc; 
if  (dist  ==  0)  { 

/*  Ic  is  the  unmatched  char  */ 
d y n_ ItreeClcD . F r e q + + ; 

} else  { 

/*  Here,  Ic  is  the  match  length  - MIN_MATCH  */ 
dist--;  / * dist  = match  distance  - 1 * / 

Z i p A s s e r t ( ( w o r d 1 6 ) d i s t < ( w o r d 1 6 ) M AX_D I S T && 

(word16)  Ic  <=  (word16) ( M A X_M AT C H -M I N_M AT C H ) SS 

( wo rd 1 6 ) d_code ( d i s t ) < ( w o rd 1 6 ) D_C 0 D E S , "ct_tally:  bad  match"); 

dyn_l treeC length_codeC  LcD  + LITERALS  + 1 ] . Freq  + + ; 
dy n_d  treeC  d_c  od  e (dist)].Freq  + + ; 

d_bu f C l a s t_d i s t ++ 3 = ( wo r dl 6 ) d i s t ; 
flags  |=  fla  g_b i t ; 

> 

fla g__b it  < <=  1 ; 

/*  Output  the  flags  if  they  fill  a byte:  */ 
if  ((las t_l i t & 7)  ==  0)  { 

f l a g_b u f C l a s t_f l a g s ++ ] = flags; 
flags  = 0,  fla  g_b it  = 1 ; 

> 

/*  Try  to  guess  if  it  is  profitable  to  stop  the  current  block  here  * / 
if  (/*  level  > 2 &&  */  (las  t_ l i t & Oxfff)  ==  0)  f 

/*  Compute  an  upper  bound  for  the  compressed  length  */ 

word32  out_length  = ( w o r d 32 ) l a s t_l i t *8 L; 

word  3 2 in_length  = ( w o r d 3 2 ) s t r s t a r t - b l o c k_s t a r t ; 

int  dcode; 

for  (dcode  = 0;  dcode  < D_C0DES;  dcode++) 
out_length  +=  (word32) 

dy n_d  treeCdcodeD. Freq*(5L  + extr  a_d  bi tsCdcodeD) ; 

out_ length  >>=  3; 

Trace((stderr,"\nlast_lit  %u,  last_dist  % u,  in  %ld,  out  ~%ld(%ld%%)  ", 
last_lit,  last_dist,  in_length,  out_length, 

100L  - ou t_l e n g t h * 1 0 0 L / i n_l e n g t h ) ) ; 
if  (last_dist  < last_lit/2  SS  out_length  < in_length/2)  return  1; 

> 

return  (last_lit  ==  L I T_BU  FS I ZE-1  ||  last_dist  ==  D I ST_BU F S I Z E ) ; 

/*  We  avoid  equality  with  LIT_BUFSIZE  because  of  wraparound  at  64K 

* on  16  bit  machines  and  because  stored  blocks  are  restricted  to 

* 64K-1  bytes. 

*/ 
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* Send  the  block  data  compressed  using  the  given  Huffman  trees 
*/ 


static  void 

compress_block(struct  ct_data  near  * l tree,  struct  ct_data  near  *dtree) 


unsigned 

d i s t ; 

/ * 

distance  of  matched  string 

*/ 

i n t l c ; 

/* 

match  length  or  unmatched 

char  (if 

unsigned 

lx  = 

0; 

/* 

running  index  in  l_buf  */ 

unsigned 

d x = 

0; 

/* 

running  index  in  d_buf  */ 

unsi gned 

fx  = 

0; 

/ * 

running  index  in  flag_buf 

*/ 

byte  flag 

= 0; 

/* 

current  flags  */ 

unsi gned 

code; 

/* 

the  code  to  send  * / 

i n t extra 

f 

/* 

number  of  extra  bits  to  send  */ 

0)  */ 


if  (Last Lit  !=  0)  do  { 

if  ((lx  & 7)  = = 0) 

flag  = f l a g_bu f C f x++ ] ; 
l c = l_buf  C l x + + D ; 
if  ((flag  & 1 ) ==  0)  { 

send_code ( l c , l tree);  /*  send  a literal  byte  */ 
Tracecv(isgraph(lc),  (stderr,"  ' % c ' ",  lc)); 

> else  { 

/*  Here,  lc  is  the  match  length  - MIN_MATCH  */ 
code  = l e ng t h_c od e C l c 2 ; 

s e nd_c od e ( c od e+ L I T E R A L S + 1 , Itree);  /*  send  the  length  code  */ 
extra  = extra_lbitsCcode]; 
if  (extra  !=  0)  ( 

lc  -=  ba s e_l e n g t h C c od e ] ; 

s e nd_b i t s ( l c , extra);  /*  send  the  extra  length  bits  */ 

> 

dist  = d_buf Cdx++H ; 

/*  Here,  dist  is  the  match  distance  - 1 */ 
code  = d_c od e ( d i s t ) ; 

ZipAssert  (code  < D_C0DES,  "bad  d_code"); 

send_code ( code,  dtree);  /*  send  the  distance  code  */ 

extra  = e x t r a_d b i t s C c ode ] ; 
if  (extra  !=  0)  ( 

dist  -=  base_distCcode]; 

s e n d_b i t s ( d i s t , extra);  /*  send  the  extra  distance  bits  */ 

> 

> /*  literal  or  match  pair  ? */ 
flag  >>=  1; 

> while  (lx  < last_lit); 
send_code ( END_BL0CK,  Itree); 

> 
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utils/ 
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.cvsignore 

Makefile  DONE 


■ 
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Makefile.in 

# 

# Lib/pipe/utils 

# 

# $ I d : Makef i le . i n,v  1.1  0 1996/1  1 /1  2 02:1  8:1  9 mhw  Exp  $ 

# 

LOCALINCLUDES=  - I ../../ i n c L u d e 

0BJS=  addhdr.o  but  mod . o copymod.o  devnull.o  join.o  split. o 
PUBHDRS=  bufmod.h  devnull.h  join.h  pipeline. h split.h 
PRIVHDRS=  addhdr.h  copymod.h 

all::  DONE 
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makefile.msc 


C FLAGS  = 

P G P L I B = , 

-I  . . \ \ \ \ include  -I..\..\..\include  \ 

-I  . . \ . . \ . . \ . . -DHAVE  CONFIG  H $(DEBUG) 

. .\.  .\.  . \pgplib. lib 

all:: 

lib 

headers: 

: i n c l 

include  "makefile. in 


i n c l : 

if  not  "$(PUBHDRS ) \ 

for  %f  in  ( $(PUBHDRS)  ) do  copy  %f  . . \ \ \ \ i n c l u d e \ p g p 
if  not  "$(PRIVHDRS)"==""  \ 

for  / f in  ( $(PRIVHDRS)  ) do  copy  %f  . . \ \ . . \include 

DOBJ  S = 
lib: 

$(0BJS:  . o=  . ob  j ) 

$ ( DOB J S ) 

. c . o b j : 

$ ( C C ) $(CFLAGS)  -Z  7 -c  $< 

lib  /out  :$(PGPLIB)  $(PGPLIB)  $*.obj 

clean: 

del  * . o b j 

DONE  : 

if  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(PGPLIB)  $(DOSOBJS) 
if  not  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(DOSOBJS) 
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addhdr.c 


/ * 

* addhdr.c  --  Add  a PGP  Packet  Header  to  a data  stream. 

★ 

* Written  by:  Derek  Atkins  < wa r L o r d 3M I T . E D U> 

"k 

* $ I d : addhdr.c, v 1.46  1 996/1  1 /1  2 02:1  8:20  mhw  Exp  $ 

* / 

//  i f d e f H A V E_C  0 N F I G_H 
^include  "config.h" 
ttendi  f 


ft  include 
//include 


<assert . h> 
< s t d i o . h > 


# i nc  l ude 
//include 
ft  i nc  L ude 
//include 
//include 
ft  include 
ft  i nc  l ude 


"addhdr.h" 

"pktbyte . h" 

"pgp/annotate 

"pgp/fifo.h" 

''pgp/pgpmem.h' 

"pgp/pipeline 

"pgp/pgperr . h' 


#d  e f i n e 
//define 
//define 


ADDHEADERMAGIC 
BLOC  K_S I Z E 12 
BUFFER  SIZE  (1 


OxaddObl 1 e 
<<  BLOCK  SIZE) 


/*  2 A 1 0 ==  4k  */ 


struct  Context  C 

struct  PgpFifoDesc  const  * f i f o d ; 
struct  PgpFifoContext  * f i f o ; 
struct  PgpPipeline  * t a i l ; 


byte  headerL50; 

/ * 

pktbyte  + 4byte  length  */ 

byte  *pt  r; 

int  hdrlen; 

/* 

actual  header  length 

*/ 

int  dowrite; 

int  si zeknown; 

/ * 

bytes  is  valid  */ 

unsigned  long  bytes; 

/* 

sizeAdviseO  promise 

*/ 

PgpVersion  version; 
byte  *buffer; 
byte  *bufwri te; 
byte  *bufptr; 
i nt  but l en; 
int  midflush; 
i n t scop  e_d  e p t h ; 


/ * 

* Return  the  largest  x such  that  2Ax  <=  n,  n>0 

* Return  -1  if  n==0 

* / 

static  int 

NumToBi t s ( uns i gned  int  n) 
i 

int  i ; 
if  ( ! n) 

return  -1; 
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} 


for  ( i = 0 ; n > 1; 

n >>=  1 ; 


i ++  ) 


return  i; 


static  int 

FtushHeaderCstruct  Context  *context) 
{ 

int  error; 
s i z e_t  r e t L e n ; 


> 


while 


> 


(context->hdrlen)  { 

retlen  = c o n t e x t -> t a i l - > w r i t e ( c o n t e x t - > t a i l , 

context ->ptr, 

context->hdrlen, 

Serror); 

context->ptr  +=  retlen; 
context->hdrlen  -=  retlen; 
if  (error) 

return  error; 


return  0 ; 


static  int 

FlushBuf f er(struct  Context  *context) 
{ 

int  error; 
size_t  retlen; 


> 


while 


> 


( c o n t e x t -> bu f l e n ) { 

retlen  = c o n t e x t -> t a i l -> w r i t e ( c o n t e x t -> t a i l , 

context->bufptr, 
context->buf  len, 
Serror); 

context->buf ptr  +=  retlen; 
context->buf  len  -=  retlen; 
if  (error) 

return  error; 


return  0 ; 


static  int 

F o r c e F l u s h ( s t r u c t Context  *context) 

{ 

int  error; 

int  bufl,  flushed; 

while  (context->buf  len)  { 

/*  First,  flush  out  any  mid-flush  we  might  have  */ 

bufl  = c on t ex t -> bu f l e n ; 
flushed  = context->midflush; 
context->buf  len  = context->midflush; 

error  = FlushBuffer(context)  ; 
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flushed  - = context->buflen; 
context->midf lush  = context->buflen; 
context->buflen  = bufl  - flushed; 


i f 

(error) 

return 

error; 

/ * 

★ 

Now  , 

figure 

out  how  much  should  be  sent  in  the 

★ 

next 

sub-pa  c ket 

* / 

bufl  = NumToBits(context->buflen); 
if  (bufl  < 0) 
break; 

context->buf ptr--; 
context --  > b u f len  + + ; 

*(context->bufptr)  = OxEO  + bufl; 
context->midflush  = (2Abufl)  + 1; 


return  0; 

> 

static  i n t 

Do F l u s h ( s t r u c t Context  *context) 

int  error  = 0; 
s i z e_t  ret  len; 
byte  const  * p ; 
unsigned  len; 

error  = FlushHeader(context); 
if  (error) 

return  error; 

/*  Next,  try  to  flush  anything  that  we  have  buffered  in  the  fifo  */ 
p = pgpFifoPeek  ( c o n t e x t -> f i f od , c o n t e x t -> f i f o , Slen); 
while  (len)  { 

retlen  = c on t e x t -> t a i l -> w r i t e ( c o n t e x t -> t a i l , 

p,  len,  Serror); 

pgpFifoSeek  (context->fifod,  context->f ifo,  retlen); 
if  (error) 

return  error; 

p = pgpFifoPeek  (context->fifod,  context->fifo,  8 l e n ) ; 

} 

return  error; 

> 

static  int 

Flush(struct  PgpPipeline  *myself) 

C 

struct  Context  *context; 
int  error; 

assert(myself); 

asse  r t ( myse l f->magi c = = ADDHEADERMAGIC); 
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context  = (struct  Context  *)myself->priv; 

assert(context); 

assert(context->tai  l ) ; 


if  ( con t ex t->bu f f e r ) C 

error  = FlushHeader(context); 
if  (error) 

return  error; 


/*  Using  the  new  packets  --  force  a flush 
if  ( c o n t e x t ->d o w r i t e ) { 

error  = FlushBuffer(context); 
if  (error) 

return  error; 

> else  { 


> 


error  = ForceFlush(context); 
if  (error) 

return  error; 


o f 


the  buffer  * / 


> else  { 

/ * Using  the  fifo  * / 


if  (!context->dowrite) 

return  PG P E R R_A D D H D R_F L U S H ; 


> 


error  = DoFlush(context); 
if  (error) 

return  error; 


> 


return  context->tai  l->flush(context->tai  l ) ; 


/*  Only  called  after  args  are  checked,  so  I don't  have  to  check 
static  s i z e_t 

BufferWrite(struct  PgpPipeline  *myself,  byte  const  *buf,  size_t 
int  *error) 


{ 


struct  Context  *context; 
si ze_t  sizeO  = size; 
int  t ; 


them  * / 
size. 


assert(myself); 

assert(myself->magic  = = ADDHEADERMAGIC); 
assert(error)  ; 


context  = (struct  Context  * ) my s e l f -> p r i v ; 
assert(context); 
assert(context->tai  l ) ; 
assert(context->buf fer); 


★error  = FlushHeader(context); 
if  (*error) 

return  0; 

do  { 

/*  If  we  are  in  the  middle  of  a block,  flush  it  out  */ 
if  ( c o n t e x t ->d o w r i t e ) { 
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> 


★ error  = FlushBuffer(context); 
if  (*error) 

break; 


context->dowrite  = 0 ; 

context->bufptr  = context->buf f er  + 2 ; 
context->bufwri te  = context->bufptr; 


/*  Try  to  fill  up  the  buffer  */ 

t = m i n ( ( ( s i z e_t ) ( BU F F E R_S I Z E - c o n t e x t - > b u f L e n ) ) , size); 
if  (t)  f 

memcpy(context->bufwrite,  b u f , t ) ; 
b u f + = t ; 
size  - = t ; 

context->bufwri te  +=  t; 
context->buf  ten  +=  t ; 

> 


/ * 

* If  we  have  a full  block,  write  out  the  length 

* and  then  write  out  the  block 

* / 

if  ( c o n t e x t -> b u f l e n ==  BUFFER_SIZE)  { 
context->dowri te  = 1; 
context->buf ptr--; 
context->buf len++; 

*(context->bufptr)  = OxEO  + BL0CK_SIZE; 


> 


continue; 


> while  (size); 
return  sizeO  - size; 


static  s i z e_t 

WriteCstruct  PgpPipeline  *myself,  byte  const  *buf,  si ze_t  size,  int  *error) 

{ 

struct  Context  *context; 
assert(myself); 

assert(myself->magic  = = ADDHEADERMAGIC); 
assert(error); 

context  = (struct  Context  * ) my s e l f -> p r i v ; 
assert(context); 
assert(context->tai  l ) ; 
assert(context->f ifo); 

if  ( ! c o n t e x t -> do w r i t e ) C 

/*  Buffer  into  the  fifo  until  we  get  a sizeadvise  */ 

return  pgpFifoWrite  (context->fifod,  context->fifo,  buf,  size); 

} 

/ * 

* Ok,  we've  been  given  our  size.  Flush  the  fifo  and  then  be 
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* a write-through 

* / 

★error  = DoFlush(context); 
if  (*error) 

return  0 ; 

if  ( c o n t e x t -> s i z e k n o wn  S&  size  > c o n t e x t -> by t e s ) f 
assert(O); 

★ error  = P G P E R R_S I Z E A D V I S E ; 

return  0 ; 

> 

size  = c o n t e x t -> t a i 1 -> w r i t e ( c o n t e x t -> t a i l , buf,  size,  error) 
c o n t ex t -> by t e s -=  size; 
return  size; 


static  int 

An n o t a t e ( s t r u c t PgpPipeline  ★myself, 
byte  const  *string,  si ze_t 


{ 


struct  Context  *context; 
int  error; 


struct 

size) 


PgpPipeline  *origin. 


i n t 


assert(myself); 

assert(myself->magic  = = ADDHEADERMAGIC)  ; 

context  = (struct  Context  *)myself->priv; 

assert(context); 

assert(context->tai l ) ; 


> 


error  = context->ta 
if  (lerror) 


i l->annotate(context->tai  l 
string,  size) 


origin. 


type. 


P G P_S COPE_DEPTH_UPDATE(context->scop  e_d  epth,  type); 
a s s e r t ( c on t e x t -> s c o pe_d e p t h !=  -1); 
return  error; 


static  int 

BufferSizeAdviseCstruct  PgpPipeline  *myself,  unsigned  long  size) 

{ 

struct  Context  *context; 
int  error; 
int  i ; 

assert(myself); 

assert(myself->magic  = = ADDHEADERMAGIC)  ; 

context  = (struct  Context  ★ ) my s e l f -> p r i v ; 
assert(context)  ; 
assert(context->tai  l ) ; 
assert(context->buffer); 

/*  Do  not  pass  non-zero  sizeAdvise  --  I can't  do  that!  ★/ 
if  (size  ||  context->scope_depth ) 
return  0; 

/*  Okay,  we're  at  end  of  input.  */ 
if  ( con t ex t-> bu f l en  ) { 


type. 
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> 


> 


if  ( c o n t e x t -> d o w r i t e ) { 

error  = FLushBuffer(context); 
> else  if  ( c o n t e x t ->m i d f l u s h ) { 

error  = ForceFLush(context); 

} else  { 


} 

i f 


i = context->buflen; 
if  (PKTLEN  ONE  BYTE ( i ) ) { 


context->bufptr--; 
context->buf Len++; 

context->buf ptrEO]  = PKTLEN_1 BYTE ( i ) ; 

} else  { 


> 


c o n t e x t -> bu f p t r -= 
c o n t e x t -> b u f L e n += 
context->bufptrC03 
context->bufptrC1 T 


2; 

2; 

= P KT  L E N_B  YTEO(i); 
= P KT  L E N_B  YTE1(i); 


context->midflush  = context->buflen; 
error  = ForceFlush(context); 


(error) 

return  error; 


return  context->tail->sizeAdvise(context->tail,  0 ) ; 


static  i n t 

S i z e Ad v i s e ( s t r u c t PgpPipeline  *myself,  unsigned  Long  len) 

{ 

struct  Context  *context; 
unsigned  Long  size; 
int  error; 
i n t i ; 

assert(myseLf); 

a s s e r t ( my s e L f ->ma g i c ==  A D D H E A D E R M AG  I C ) ; 

context  = (struct  Context  *)myseLf->priv; 
assert(context)  ; 
assert(context->tai L ) ; 
assert(context->fifo); 

/ * 

* The  actuaL  size  myseLf  moduLe  wiLL 

* passed  in  (size),  pLus  the  size  of 

* pLus  the  size  of  the  data  in  the  fi 

* size  does  not  incLude  the  header  si 

* size  after  we  compute  the  header. 

* / 

if  ( c on t e x t -> s c ope_d e p t h ) 

return  0;  /*  Can't  pass 

/ * 

* Set  the  header  packet  up  properLy,  if  we  haven't  a L ready 

* done  so.  We  know  how  Long  the  L e ng t h -o f - L eng t h shouLd  be, 

* so  fiLL  that  many  bytes  of  the  header  in  MSB-first  order. 

* / 

if  ( ! c o n t e x t -> do w r i t e ) { 

size  = Len  + pgpFifoSize  (context->fifod,  context->fifo); 


output  is  the  byte  size 
the  buffered  header, 
fo.  However  the  packet 
ze,  so  add  in  the  header 


it  through  * / 
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i = PKTBYTE_LLEN(context->headerCO]); 
if  (size  >=  0x10000  &&  i <=  2) 
i = 2; 

else  if  (size  >=  0x100  SS  i <=  1) 

i = i; 

context->headerCO]  = (context->headerCOH  & ~ 3 ) | i ; 

i = LLEN_T0_BYTES ( i ) ; 
context->hdrlen  = i + 1 ; 
while  ( i -- ) { 

context->headerCi+13  = (byte)(size  S Oxff); 
size  >>=  8 ; 

> 

> 

if  ( ! c o n t e x t -> s i z e kno w n ) { 

c o n t e x t -> by t e s = len; 
context->si zeknown  - 1 ; 

> else  if  ( c o n t e x t -> by t e s !=  len)  ( 

return  P G P E R R_S I Z E A D V I S E ; 

> 

/* 

* Now  add  in  the  header  size,  sizeAdvise  the  next  module,  and 

* if  everything  is  ok,  set  the  state  to  dowrite  and  flush. 

*/ 

size  = len  + pgpFifoSize  ( c o n t e x t -> f i f o d , c o n t e x t -> f i f o ) 

+ context->hdrlen; 

error  = context->tail->sizeAdvise(context->tail,  size); 
if  (error) 

return  error; 

c o n t e x t ->d o w r i t e = 1; 

error  = DoFlush(context); 

/* 

* Just  in  case  we  got  a s i z e Ad v i s e ( 0 ) without  anything  else. 

* calling  s i z e A d v i s e ( 0 ) twice  is  ok! 

*/ 

if  ( lerror  &&  lien) 

error  = context->tail->sizeAdvise(context->tail,  0); 
return  error; 

> 

static  void 

Teardownfstruct  PgpPipeline  *myself) 

( 

struct  Context  *context; 
assert(myself); 

assert (myse  l f->magi c ==  A D D H E A D E RM AG  I C ) ; 

context  = (struct  Context  *)myself  — >priv; 
assert(context); 

if  (context->tail) 

context->tai  l->teardown(context->tai  l ) ; 
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if  (context ->fifo) 

pgpFifoDestroy  (context->fifod,  context->fifo); 

if  ( c o n t e x t -> bu f f e r ) { 

memset(context->buffer,  0,  BU F F E R_S I Z E +2 ) ; 
pgpMemFree(context->buffer); 

> 

memsetCcontext,  0,  sizeof (*context)); 
pgpMemFree(context); 

memset(myself , 0,  sizeof(*myself)); 
pgpMemFree(myself); 


struct  PgpPipeline  ** 

pg  p Add  FI  e a d e r C r e a t e ( s t r u c t PgpPipeline  **head,  PgpVersion  vers, 

struct  PgpFifoDesc  const  *fd,  byte  pkttype,  byte  lien, 
byte  *hdr,  si ze_t  header  len) 

{ 

struct  PgpPipeline  * m o d ; 

struct  PgpFifoContext  * f i f o p = NULL; 

struct  Context  *context; 

byte  *buf  = NULL; 

byte  pktbite; 

if  ('.head) 

return  NULL; 

assert(fd); 

/*  XXX  If  we  have  versions  > 2.6,  ignore  lien  */ 
if  (vers  > PG P V E R S I 0 N_2_6 ) 

pktbite  = P KT  B Y T E_B  U I L D_N  EW(pkttype); 

else 

pktbite  = P KT  B Y T E_B  UILDCpkttype,  lien); 

context  = (struct  Context  *)pgpMemAlloc(sizeof(*context)); 
if  (Icontext) 

return  NULL; 

mod  = (struct  PgpPipeline  *)pgpMemAlloc(sizeof(*mod)); 
if  ( ! mod  ) { 

pgpMemFree(context); 
return  NULL; 

> 

if  (vers  > P G P V E R S I 0 N_2_6 ) ( 

buf  = (byte  *)pgpMemAlloc(BUFFER_SIZE  + 2); 
if  ( ! buf  ) { 

pgpMemFree(context); 
pgpMemFree(mod); 
return  NULL; 

> 

memcpy(buf+2,  hdr,  headerlen); 

} else  ( 

fifop  = pgpFifoCreate  (fd); 
if  (ififop)  f 

pgpMemFree(context); 

pgpMemFree(mod); 
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> 


return  NULL; 

> 

if  ( pg p F i f oW r i t e (fd,  fifop,  hdr,  headerlen)  !=  header  Len)  { 
pgpMemFree(context); 
pgpMemFree(mod) ; 
pgpFifoDestroy  (fd,  fifop); 
return  NULL; 

> 

> 


mod->magi c = A D D H E A D E R M A G I C ; 
mod->flush  = Flush; 
mod->write  = Write; 
mod->si zeAdvi se  = SizeAdvise; 
mod->annotate  = Annotate; 
mod->teardown  = Teardown; 
mod->name  = "Add  Header  Module"; 
mod->priv  = context; 

if  ( bu  f ) { 

mod->write  = BufferWrite; 

mod->si zeAdvi se  = BufferSizeAdvise; 

> 


memsetCcontext,  0,  sizeof (*context)); 
context->fifod  = fd; 
context->fifo  = fifop; 
context->ptr  = context->header; 
context->headerCO]  = pktbite; 
context->hdrlen  = 1; 
context->version  = vers; 
context->buffer  = buf; 
context->buf ptr  - buf  + 2; 

context->bufwrite  = context->buf ptr  + headerlen; 

if  (vers  > P G P V E R S I 0 N_2_6 ) 

c o n t e x t -> b u f l e n = headerlen; 
else  if  (lien  ==  3) 

context->dowrite  = 1; 

context->tail  = *head; 

*head  = mod; 

return  &context->tail; 
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addhdr.h 


/ * 

* addhdr  .h  — header  file  for  a module  to  add  a packet  header. 

* 

* Written  by:  Derek  Atkins  <wa r l o r da M I T . E D U > 

* 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  functions  in  an  application. 

* 

* $ I d : addhdr. h,v  1.17  1 996/1  1 /1  2 02:1  8:20  mhw  Exp  $ 

* / 

//include  " pg  p / u s u a l s . h " 
struct  PgpPipeline; 
struct  PgpFifoDesc; 


struct  PgpPipeline 
pgpAddHeaderCreate 


★ * 


(struct 
struct 
byte  * 


PgpP 
Pg  p f 
h e a d e 


l 

i 

r 


peline  **head 
foDesc  const 
, s i z e_t  h d r l 


, PgpVers 
* f d , byte 
en); 


ion  version, 
pkttype,  byte 


lien. 
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bufmod.c 


/ * 

* bufmod.c  --  A Buffering  Module;  buffer  until  the  first  sizeAdvise 

★ 

* Written  by:  Derek  Atkins  < w a r l o r d a M I T . E D 1)  > 

* 

* Sid:  bufmod.c, v 1.7. 2.1  1 996/1  1 /1  4 04:09:37  cbertsch  Exp  $ 

* / 

flifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 

#end  i f 


//include  <assert  . h> 
#include  <stdio.h> 


/include 
Zinc  lude 
//include 
//include 
//include 
# i nc  l ude 
//include 


"pgp/annotate.h" 

"pgp/fifo.h" 

"pgp/pgpmem.h" 

"pgp/pgperr . h" 

"pgp/pipeline.h" 

"pgp/usuals.h" 

"bufmod.h" 


/ * 

* This  is  a magic  number  for  use  within  this  module.  It  is  used  to 

* make  sure  the  passed-in  module  is  a member  of  this  type.  Just  a 

* little  extra  s a n i t y - c h e c k i n g . 

* 

* You  should  set  this  value  to  some  "random"  32-bit  number. 

* / 


//define  BUFMODMAGIC  0xb3ffe43d 

struct  Context  { 

struct  PgpFifoDesc  const  * f d ; 
struct  PgpFifoContext  * f i f o ; 

struct  PgpFifoContext  * a n n ; / * Fifo  to  hold  the  saved  annotations  * / 

struct  PgpPipeline  * t a i l ; 

byte  cmdargCBUFSIZD; 

unsigned  cmd  l en; 

int  scope_depth; 

byte  writing; 

>; 

/* 

* Buffer  a command  at  the  current  spot  in  the  data  stream.  This  is  only 

* called  when  c t x - > b u f f e r i n g is  true.  What  it  does  is  find  the  delta 

* of  this  command  in  the  data  fifo  from  the  last  command  in  order  to  replay 

* the  commands  at  the  proper  place.  It  saves  off  c o n t e x t - > w r i t t e n as 

* the  offset  and  then  resets  the  value  to  0. 

* 

* The  return  value  is  0 on  success  or  an  error  code. 

* 

* Command  Byte  Syntax:  < a r g l e n > < a r g > 

* / 

static  int 

b u f f e r C o mm a n d (struct  Context  *ctx,  const  byte  *arg,  unsigned  arglen) 


1226 


lib/ pgp/ pipe/ utils/bufmod.c 


/*  Make  sure  the  command  argument  fits  the  buffer  size  */ 
if  (arglen  > sizeof  ( c t x-> cmda r g ) ) 
return  P G P E R R_C M D_T 0 0 B I G ; 

if  ( pg p F i f oW r i t e (ctx->fd,  ctx->ann,  (byte  *)&arglen, 

sizeof  (arglen))  !=  sizeof  (arglen)) 
return  PG P E R R_N 0 M E M ; 

if  ( pgp F i f oW r i t e (ctx->fd,  ctx->ann,  arg,  arglen)  !=  arglen) 
return  P G P E R R_N 0 M E M ; 


> 


return  0; 


/*  Buffer  up  an  annotation  */ 
static  i n t 

bu f f e r An n o t a t i o n (struct  Context  *ctx,  struct  PgpPipeline 

byte  const  *string,  si ze_t  size) 


t 


byte  * a r g , * a r g p ; 
int  retval; 


★origin. 


int  type. 


> 


arg  = argp  = (byte  * ) p g p M e m A l l o c (sizeof  (origin)  + sizeof 

size  + sizeof  (size)); 


if  ( ! arg) 

return  PG P E R R_N 0 M E M ; 


( type ) 


+ 


memcpy  (argp,  (byte  *)&origin,  sizeof  (origin)); 
argp  +=  sizeof  (origin); 

memcpy  (argp,  (byte  * ) & t y p e , sizeof  (type)); 
argp  +=  sizeof  (type); 

memcpy  (argp,  (byte  * ) & s i z e , sizeof  (size)); 
argp  +=  sizeof  (size); 


memcpy  (argp,  string,  size); 
argp  +=  size; 


retval  = buf f erCommand  (ctx,  arg,  argp-arg); 
pgpMemFree  (arg); 
return  retval; 


static  int 

parseAnnotation  (struct  Context  *ctx) 

{ 

struct  PgpPipeline  *origin; 
int  type; 
s i z e_t  s i z e ; 

byte  stringCBUFSIZD,  *argp  = ctx->cmdarg; 

assert  ( c t x-> c md  l e n >=  sizeof  (origin)  + sizeof  (type)  + 
sizeof  (size)); 

memcpy  ((byte  *)&origin,  argp,  sizeof  (origin)); 
argp  +=  sizeof  (origin); 

memcpy  ((byte  *)&type,  argp,  sizeof  (type)); 
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argp  +=  sizeof  (type); 

memcpy  ((byte  * ) & s i z e , argp,  sizeof  (size)); 
argp  +=  sizeof  (size); 

/*  make  sure  we  have  the  right  number  of  bytes  remaining  */ 
assert  (ctx->cmdlen  - size  ==  argp  - ctx->cmdarg); 

memcpy  (string,  argp,  size); 

return  c t x -> t a i t - > a n n o t a t e (ctx->tail,  origin,  type,  string,  size 

> 

/ * <len><cmd>  * / 
static  int 

f lushCommands  (struct  Context  *ctx) 

{ 

int  error; 

unsigned  cmdlen  = pgpFifoSize  (ctx->fd,  ctx->ann); 
do  ( 

if  (ctx->cmdlen)  { 

error  = parseAnnotation  (ctx); 
if  (error) 

return  error; 

ctx->cmdlen  = 0; 

> 

if  (cmdlen)  { 

if  (pgpFi foRead  (ctx->fd,  ctx->ann, 

(byte  * ) S c t x-> c md  l e n , 
sizeof  ( c t x -> c md  l e n ) ) ! = 

sizeof  ( c t x-> cmd  l en  ) ) 

return  PG P E R R_F I F 0_R E A D ; 
cmdlen  - = sizeof  (ctx->cmdlen); 

if  (pgpFi foRead  (ctx  — >fd,  ctx->ann,  ctx->cmdarg, 

ctx->cmdlen)  !=  ctx->cmdlen) 
return  P G P E R R_F I F 0_R E A D ; 
cmdlen  -=  ctx->cmdlen; 


} 

> while  (ctx->cmdlen); 
return  0 ; 

> 

static  int 

DoFlush  (struct  Context  nontext) 

{ 

int  error  = 0; 
byte  const  *ptr; 
s i z e_t  retlen; 
unsigned  l en; 

/*  first,  flush  out  any  commands  */ 
error  = f l u s h C omm a n d s (context); 
if  (error) 
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return  error; 

ptr  = pgpFifoPeek  (context->fd,  context->fifo,  SLen); 
while  (len)  { 

ret  len  = c o n t e x t -> t a i l -> w r i t e ( c o n t e x t -> t a i l , 

ptr,  len,  Serror); 
pgpFifoSeek  (context->fd,  context->fifo,  retlen); 
if  (error) 

return  error; 

ptr  = pgpFifoPeek  ( c o n t e x t -> f d , c o n t e x t -> f i f o , Slen) 

> 

return  error; 

> 

static  i n t 

Flush  (struct  PgpPipeline  *myself) 

struct  Context  ^context; 
int  error; 

assert  (myself); 

assert  ( myse  l f->mag i c = = BU FMODMAG I C ) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

if  ( ! c o n t e x t -> w r i t i n g ) 

return  -1;  / * XXX  ★ / 

error  = DoFlush  (context); 
if  (error) 

return  error; 

return  context->tai  l->f lush  (context->tail); 

> 

static  s i z e_t 

Write  (struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  int 
C 

struct  Context  *context; 
assert  (myself); 

assert  ( my s e l f ->ma g i c ==  BU FMODMAG I C ) ; 
assert  (error)  ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  ( c o n t e x t -> t a i l ) ; 

if  ( ! context->wri t ing)  { 

★error  = 0; 

return  pgpFifoWrite  ( c o n t e x t -> f d , c o n t e x t -> f i f o , buf 

> 

★error  = DoFlush  (context); 
if  (*error) 

return  0; 


★error) 


s i z e ) ; 
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> 


return  context->tail->write  (context->tail,  but. 


size,  error) 


static  i n t 

Annotate  (struct  PgpPipeline  *myself,  struct 
byte  const  *string,  si ze_t  size) 


{ 


struct  Context  *context; 
int  error; 


Pg  p P i pe 


ine  *o  r i g i n , 


i n t 


assert  (myself); 

assert  (myself->magic  ==  BUFMOD  MAGIC); 


context  = (struct  Context  * ) my s e l f - > p r i v ; 
assert  (context); 
assert  (context->tail); 

if  ( ! c o n t e x t -> w r i t i n g ) { 

/*  Make  sure  there  isn't  any  data  buffered!  */ 
assert  (IpgpFifoSize  (context->fd,  context->f i f o)  ); 


} 


error 

> else 

error 

if  ( ! error) 


bufferAnnotation  (context,  origin,  type,  strin 

c o n t e x t -> t a i l -> a nn o t a t e ( c on t e x t -> t a i l , origin 

string,  size); 


P G P_S  C0PE_DEPT  H_U  PDATE(context->scop  e_d  epth,  type); 
a s s e r t ( c o n t e x t -> s c o p e_d e p t h !=  -1); 
return  error; 


static  int 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

{ 

struct  Context  *context; 
int  error; 

assert  (myself); 

assert  (myse l f->magi c ==  B U F M 0 D M A G I C ) ; 

context  = (struct  Context  *)myself->priv; 
assert  (context); 
assert  (context->tail); 

context->writing  = 1 ; 
error  = DoFlush  (context); 
if  (error) 

return  error; 

return  context->tail->sizeAdvise  (context->tail,  bytes); 


static  void 

Teardown  (struct  PgpPipeline  *myself) 
{ 

struct  Context  *context; 
assert  (myself); 


type. 


9/  size); 
✓ type. 
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assert  (nyse l f->magi c = = BUFMODMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert  (context); 

if  (context->tai  l) 

context->tai L->teardown  (context->tai L ) ; 

pgpFifoDestroy  (context->fd,  context->ann); 
pgpFifoDestroy  (context->fd,  context->f i f o)  ; 
memset  (context,  0,  sizeof  (*context)); 
pgpMemFree  (context); 

memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 

> 

struct  PgpPipeline  ** 

pg pB u f f e r Mod C r e a t e (struct  PgpPipeline  **head,  struct  PgpFifoDesc  const  *fd) 

struct  PgpPipeline  * m o d ; 
struct  Context  *context; 
struct  PgpFifoContext  * f i f o , * a n n ; 

if  ( ! head  | | ! f d ) 

return  NULL; 

context  = (struct  Context  *)pgpMemAlloc  (sizeof  (*context)  ) ; 
if  ( ! context  ) 

return  NULL; 

mod  = (struct  PgpPipeline  *)pgpMemAlloc  (sizeof  (*mod)  ) ; 
if  ( ! mod ) { 

pgpMemFree  (context); 
return  NULL; 

> 

fifo  = pgpFifoCreate  (fd); 
if  ( ! f i f o)  { 

pgpMemFree  (context); 
pgpMemFree  (mod); 
return  NULL; 

> 

ann  = pgpFifoCreate  (fd); 
i f ( ! ann)  { 

pgpFifoDestroy  (fd,  fifo); 
pgpMemFree  (context); 
pgpMemFree  (mod); 
return  NULL; 

> 

mod->magic  = BUFMODMAGIC; 
mod->write  = Write; 
mod->flush  = Flush; 
mod-> s i z e Ad v i s e = SizeAdvise; 
mod-> a n n o t a t e = Annotate; 
mod->teardown  = Teardown; 
mod->name  = "Buffer  Module"; 
mod->priv  = context; 

memset  (context,  0,  sizeof  (*context)); 
context->fd  = fd; 
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context->fifo  = 
context->ann  = 

context->tai L = 
* h e a d = mod; 
return  Scontext 


f i f o ; 
ann; 

* h e a d ; 

- > t a i L ; 
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bufmod.h 

/ * 

* bufmod.h  --  A Buffering  Module;  buffer  until  the  first  sizeAdvise 

* 

* Written  by:  Derek  Atkins  < wa r l o rd a M I T . E D U> 

* 

* $ I d : bufmod.h, v 1.4  1 996/1  1 / 1 2 02:1  8:21  mhw  Exp  $ 

* / 

# i f n d e f PGP_BUFM0D_H 

# d e f i n e PGP_BUFM0D_H 

struct  PgpPipeline; 
struct  PgpFifoDesc; 

struct  PgpPipeline  ** 

pgpBufferModCreate  (struct  PgpPipeline  **head,  struct  PgpFifoDesc  const  * f d ) ; 

# e nd i f /*  PGP  BUFMOD  H */ 
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copymod.c 

/* 

* copymod.c  --  Module  to  copy  input  to  output 

* 

* Written  by:  Derek  Atkins  < w a r l o r d S)  M I T . E D U > 

* 

* $ I d : copymod.c, v 1.21  1 996/1  1 /1  2 02:1  8:21  mhw  Exp  $ 

* / 

//ifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 

//end  i f 


//include  <assert  . h> 
//include  <stdio.h> 


//include 

//include 

//include 


"copymod  . h" 
"pgp/pgpmem.h1' 
"pgp/pi pe  l i ne  . h" 


//define  COPYMODMAGIC  0xc09430d 


static  s i z e_t 

Wri telstruct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  int 
struct  PgpPipeline  * t a i l ; 
assert(myself); 

assert(myself->magic  = = COPYMODMAGIC); 
assert(error); 

tail  = *(struct  PgpPipeline  **)&myself->priv; 
assertltai  l ) ; 

return  tail  — >write(tail,  buf,  size,  error); 


static  int 

FlushCstruct  PgpPipeline  *myself) 

{ 

struct  PgpPipeline  * t a i l ; 
assert(myself); 

assert(myself->magic  ==  COPYMODMAGIC); 

tail  = *(struct  PgpPipeline  **)&myself->priv; 
assertltai  l); 

return  tail->flush(tail); 

> 


static  int 
Annotatelstruct 
byte 


{ 


PgpPi pe  l i ne  *myse l f , 
const  *string,  si ze_t 


struct  PgpPipeline  *tail; 


struct 

size) 


PgpPipeline  *origin. 


i n t 


assertlmyself); 

assert(myself->magic  = = COPYMODMAGIC); 


★error) 


type. 
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tail  = *(struct  PgpPipeline  **)&myself->priv; 
assert(tail); 

return  tail->annotate(tail,  origin,  type,  string,  size); 

} 

static  int 

S i z e Ad v i s e ( s t r u c t PgpPipeline  *myself,  unsigned  long  bytes) 

{ 

struct  PgpPipeline  *tail; 
assert(myself); 

assert(myself->magic  ==  COPYMODMAGIC); 

tail  = *(struct  PgpPipeline  **)&myself->priv; 
assert ( tai l); 

return  t a i l -> s i z e Ad v i s e ( t a i l , bytes); 

> 

static  void 

Tea rdown ( s t ru c t PgpPipeline  *myself) 

{ 

struct  PgpPipeline  * t a i l ; 
assert(myself); 

assert(myself->magic  = = COPYMODMAGIC) ; 

tail  = *(struct  PgpPipeline  * ★ ) &my s e l f -> p r i v ; 
if  (tail) 

tai  l->teardown(tai l ) ; 

memsetCmyself , 0,  sizeof(*myself)); 
pgpMemFree(myself); 

> 

struct  PgpPipeline  ★ * 

pgpCopyModC rea t e ( s t rue t PgpPipeline  **head) 

{ 

struct  PgpPipeline  ★ m o d ; 

if  ('.head) 

return  NULL; 

mod  = (struct  PgpPipeline  *)pgpMemAlloc(sizeof(*mod)); 
if  ( ! mod ) 

return  NULL; 

mod->magic  = COPYMODMAGIC; 
mod->write  = Write; 
mod->flush  = Flush; 
mod->sizeAdvise  = SizeAdvise; 
mod->annotate  = Annotate; 
mod-> t ea rdown  = Teardown; 
mod->name  = "Copy  Module"; 
mod->priv  = *head; 

★head  = mod; 
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return  (struct  PgpPipeline  **)&mod->priv; 


lib/ pgp/ pipe/  utils/ copymod.h 


copymod.h 

/ * 

* copymod.h  --  Copy  the  input  directly  to  the  output. 

★ 

* Written  by:  Derek  Atkins  < wa r l o r d3M I T . E D U> 

* 

* $Id:  copymod.h, v 1.10  1996/11/12  02:18:21  mhw  Exp  $ 

*/ 

#ifndef  PGP_C0PYM0D_H 
#define  PGP_C0PYM0D_H 

struct  PgpPipeline; 

struct  PgpPipeline  * * pg p C opy Mod C r e a t e (struct  PgpPipeline  **head); 
flendif  /*  PGP  COPYMOD  H */ 
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devnull.c 


/* 

* devnull.c  --  sink  module  to  eat  all  input. 

* 

* Written  by:  Derek  Atkins  < w a r l o r d3M  I T . E D U > 

* 

* $ I d : devnull.c, v 1.20  1 996/1  1 /1  2 02:1  8:22  mhw  Exp  $ 

* / 

#ifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 

//end  i f 


//include  <assert  . h> 
//include  <stdio.h> 


//include 

//include 

//include 


"devnu  l l . h " 

"pgp/pgpmem.h" 

"pgp/pipeline.h" 


//define  DEVNULLMAGIC  0xde5  5771  1 


static  s i z e_t 

Write  (struct  PgpPipeline  *myself,  byte  const  *buf,  si ze_t  size,  int 
{ 

assert(myself); 

assert(myself->magic  = = DEVNULLMAGIC); 

/ * To  shut  up  compiler  warnings  * / 

(void)myself; 

(void)buf; 

assert(error); 

★error  = 0 ; 

return  size; 

> 


static  int 

Flush  (struct  PgpPipeline  ★myself) 

{ 

assert(myself); 

assert(myself->magic  ==  DEVNULLMAGIC); 

/*  To  shut  up  compiler  warnings  */ 
(void)myself; 

return  0; 

> 


static  int 

Annotate  (struct  PgpPipeli 
byte  const  *stri 


{ 


ne  *myself,  struct 
ng , si z e_t  size) 


PgpPipeline 


assert(myself); 

assert (myse l f->magi c ==  DEVNULLMAGIC); 


* o r i g i n , 


i n t 


/*  To  shut  up  compiler  warnings  */ 
(void)myself; 


★error) 


type. 
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(void)origin; 

(void)type; 

(void)string; 

(void)size; 

return  0 ; 

> 

static  int 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

{ 

assert(myself); 

assert(myself->magic  = = DEVNULLMAGIC); 

/*  To  shut  up  compiler  warnings  */ 

(void)myself; 

(void)bytes; 

return  0; 

> 

static  void 

Teardown  (struct  PgpPipeline  *myself) 

{ 

assert(myself); 

assert (myse  l f->magi c = = DEVNULLMAGIC); 

memset(myself,  0,  sizeof  (*myself )); 
pgpMemFree(myself); 

} 

struct  PgpPipeline  * 

pg p D e v N u l l C r e a t e (struct  PgpPipeline  **head) 

{ 

struct  PgpPipeline  *mod; 

if  ( ! h e a d ) 

return  NULL; 

mod  = (struct  PgpPipeline  *)pgpMemAlloc(sizeof(*mod)); 
if  ( mod ) { 

mod->magic  = DEVNULLMAGIC; 
mod->write  = Write; 
mod->flush  = Flush; 
mod->si zeAdvi se  = SizeAdvise; 
mod->annotate  = Annotate; 
mod->teardown  = Teardown; 
mod->name  = "Dev  Null"; 

*head  = mod; 
return  *head; 

> 

return  NULL; 

> 
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devnull.h 

/ * 

* devnull.h  --  A pipeline  going  nowhere 

★ 

* Written  by:  Derek  Atkins  < w a r l o r d 5)  M I T . E D U > 

★ 

* This  is  a Public  API  Function  Header. 

* 

* $ I d : devnull.h, v 1.1  2 1 996/1  1 /1  2 02:1  8:22  mhw  Exp  $ 

*/ 

//ifndef  PG P_D E V N U L L_H 
//define  P G P_D  E V N U L L_H 

struct  PgpPipeline; 

# i f n d e f T Y P E_P G P P I P E L I N E 
//define  T Y P E_PG  P P I P E L I N E 1 

typedef  struct  PgpPipeline  PgpPipeline; 

# e n d i f 

/ * 

* Create  a module  that  will  eat  all  of  its  input. 

*/ 

struct  PgpPipeline  *pgpDevNullCreate  (struct  PgpPipeline  **head); 
//endif  /*  PGP  DEVNULL  H */ 
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join.c 


/ * 

* join.c  --  join  multiple  modules  into  a single  stream 

* 

* Written  by:  Derek  Atkins  < w a r l o r d 3M  I T . E D 1)  > 

* 

* $ I d : j o i n . c , v 1.32  1 996/1  1 / 1 2 02:1  8:22  mhw  Exp  $ 

* / 

//ifdef  H A V E_C  0 N F I G_H 
//include  "con-fig. h" 

# e nd i f 


//include 

//include 


<assert  . h> 
< s t d i o . h > 


//  i n c 

# i n c 
/Zinc 
/fine 

# i n c 
Sine 


l ude 
l ude 
l ud  e 
l ude 
l ud  e 
l ud  e 


" j o i n . h " 

"pgp/annotate.h" 
"pgp/fifo.h" 
"pgp/pgpmem.h" 
"pgp/ pgperr . h" 
"pgp/pipeline.h" 


//define  JOINMAGIC 


0x00112233 


struct  Context 

struct 

PgpFi foDesc 

const  *fd; 

struct 

Pg p F i f o C o n t e x t *fifo; 

struct 

PgpPipeline 

* t a i l; 

struct 

PgpPipeline 

*next; 

struct 

PgpPipeline 

* t o p ; 

unsigned  long  size; 
int  sizevalid; 
int  canwri te; 

int  e o f 

r 

int  teardown; 

> ; 

s t a t 

i c int 

DoF  l 
/ 

ush(struct 

Context  *context) 

int  error  = 0; 

byte  const  * p t r ; 
unsigned  len; 
s i z e_t  ret len; 

struct  Context  *topp  = (struct  Context  *)context->top->priv; 
struct  PgpPipeline  * t a i l p = topp->tail; 

assertCtai  Ip); 

/*  Try  to  flush  anything  that  we  have  buffered  */ 
if  (context->fifo)  { 

ptr  = pgpFifoPeek  (context->fd,  context->fifo,  & l e n ) ; 
while  (len)  f 

retlen  = tailp->write(tailp,  ptr,  len,  Serror); 
pgpFifoSeek  (context->fd,  context->fifo,  retlen); 
if  ( c o n t e x t -> s i z e v a l i d ) 

context->size  - = retlen; 
if  (error) 
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return  error; 

ptr  = pgpFifoPeek  (context->fd,  context->fifo,  SLen); 

> 

> 

/*  If  we  get  here,  we  have  nothing  Left  buffered  in  the  fifo  */ 

/* 

* Now,  check  if  we  are  in  an  EOF  condition.  If  so,  then  we 

* can  tell  the  next  input  that  it  is  allowed  to  write,  and 

* then  we  can  try  to  flush  out  that  buffer  as  well. 

*/ 

if  ( context->eof  SS  c o n t e x t -> n e x t ) { 

struct  Context  *ctx  = (struct  Context  *)context->next->priv; 

ctx->canwri te  = 1; 
error  = DoFlush  (ctx); 


> 


return  error; 


static  i n t 

FlushCstruct  PgpPipeline  *myself) 

struct  Context  *context,  * t o p p ; 
struct  PgpPipeline  * t a i l p ; 
int  error; 


assert(myself); 

assert (myse  l f->magi c ==  JOINMAGIC); 

context  = (struct  Context  *)myself  — >priv; 
assert(context)  ; 

topp  = (struct  Context  *)context->top->priv; 
assert(topp); 


tailp  = topp->tai  l ; 


i f 


> 


(context->canwri te)  { 
assert(tai Ip); 
error  = DoFlush  (context ) ; 
if  (error) 

return  error; 


> 


if  (tailp) 

return  t a i l p-> f l u s h ( t a i l p ) ; 
return  0; 


static  size_t 

Write(struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  len,  int  *error) 

struct  Context  nontext,  *topp; 
struct  PgpPipeline  *tailp; 
size_t  written; 
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assert(myself); 

assert(myself->magic  = = JOINMAGIC); 
assert(error); 

context  = (struct  Context  *)myself->priv; 
assert(context); 

topp  = (struct  Context  *)context->top->priv; 
assert(topp); 

/*  If  we're  not  allowed  to  write,  then  buffer  things  up 
*error  = 0 ; 

if  ( ! c on t e x t -> c a n w r i t e ) 

return  pgpFifoWrite  ( c o n t e x t -> f d , c on t e x t -> f i f o , 

/*  At  this  point  we  are  writing  --  make  sure  we  have  a t 
tailp  = topp->tail; 
assert ( tai  Ip); 

★error  = DoFlush  (context); 
if  (*error) 

return  0 ; 

written  = tailp->write(tailp,  buf,  len,  error); 
if  ( c on t e x t -> s i z e v a l i d ) 

context->size  -=  written; 

return  written; 

} 


static  i n t 

A n n o t a t e ( s t r u c t PgpPipeline  *myself, 
byte  const  *string,  size_t 


struct  Context  *context; 


struct  PgpPipeline  *origin, 
len) 


assert(myself); 

assert(myself->magic  ==  JOINMAGIC); 

context  = (struct  Context  * ) my s e l f -> p r i v ; 
assert(context); 

/*  XXX  --  Don't  allow  annotations  */ 
(void)origin; 

(void)string; 

(void)  len; 

switch  (type)  { 
case  P G P A N N_F I L E_B  E G I N : 
case  P G P A N N_F I L E_E  N D : 
case  PGPANN_INPU  T_B  E G I N : 

Case  P G P A N N_I N P U T_E  N D : 
return  0; 

/★NOTREACHED*/ 

default: 

return  PG P E R R_J 0 I N_B A D ANN ; 

> 

/★NOTREACHED*/ 
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until  we  can  * / 

buf,  len); 
ail!  * / 


i n t type. 
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/* 

* c o n t e x t -> s i z e is  the  number  of  bytes  in  the  fifo  plus  the  number  of 

* bytes  we  still  should  expect  to  receive.  Once  this  is  set,  we 

* expect  it  to  be  held  by  the  caller.  Each  input  gets  one  of  these. 

* We  decrement  it,  if  it  is  valid,  whenever  we  write  data  out  to  the 

* tail. 

* 

* c o n t e x t - > s i z e v a l i d is  if  the  number  in  c o n t e x t -> s i z e is  valid 

* 

* This  function  will  first  check  to  make  sure  that  the  size  is  valid, 

* and  that  the  passed- in  size  matches  the  expected  size. 

* 

* We  also  keep  track  of  EOF  --  if  we  get  a sizeAdvise  of  0 bytes, 

* then  we  set  context->eof  to  1,  to  signify  that  we  have  an  EOF 

* condition  and  we  do  not  expect  any  more  bytes  to  be  written  from 

* that  input.  This  means  that  c o n t e x t - > s i z e is  the  number  of  bytes 

* buffered  in  that  context. 

* 

* Then  it  will  see  if  all  inputs  have  a valid  size.  If  they  do,  then 

* it  will  add  up  all  the  sizes  and  send  that  as  a sizeAdvise  to  the 

* tail. 

* 

* Next,  we  will  flush  out  the  buffered  data,  and  if  that  returns 

* without  an  error  we  know  that  everything  is  flushed  from  all  the 

* modules  from  this  one  to  the  end. 

* 

* Finally  we  check  if  everything  is  EOF.  We  know  that  if  everything 

* is  at  EOF,  and  we  got  this  far,  that  there  must  not  be  anything  in 

* any  buffers,  and  we  are  not  expecting  anymore  data  to  be  written. 

* Therefore,  we  pass  a sizeAdvise  (0)  to  the  tail. 

* / 

static  i n t 

Si  zeAdvi selstruct  PgpPipeline  *myself,  unsigned  long  bytes) 

{ 

struct  Context  *ctx,  *context,  * t o p p ; 

struct  PgpPipeline  *current,  * t a i l p ; 

unsigned  long  fifolen; 

unsigned  long  total; 

int  flag  = 0 ; 

int  error; 

assert(myself); 

assert (myse l f->magi c ==  JOINMAGIC); 

context  = (struct  Context  *)myself— >priv; 
assert(context); 

topp  = (struct  Context  * ) c on t e x t -> t o p-> p r i v ; 
assert(topp); 

tailp  = topp->tail; 

/ * 

* XXX  If  annotations  get  added,  make  sure  we  only  consider  calls 

* outside  them.  I.e.  "if  ( c o n t e x t -> s c op e_d e p t h ) return  O'" 

*/ 

/*  save  off  the  size  of  the  buffered  data  */ 
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fifolen  - pgpFifoSize  (context->fd/  context->f i to)  ; 

/*  Check/set  the  size  */ 
it  ( c o n t e x t ->  s i z e va  L i d ) C 

if  (bytes  !=  c o n t e x t -> s i z e - fifolen) 

/*  It  doesn't  jibe  — this  is  an  error  * / 
return  PG P E R R_S I Z E A D V I S E ; 

> else  { 

context->sizevalid  = 1; 
context->size  = bytes  + fifolen; 

> 


/*  Set  EOF,  if  needed  */ 
if  (! bytes) 

context->eof  = 1 ; 


/ * Check  if  all  modules  have  valid  size;  add  up  the  sizes  * / 
total  = 0 ; 

for  (current  = context->top;  current;  current  = ctx->next)  C 
ctx  = (struct  Context  *)current->priv; 
assert(ctx); 


if  ( ! ctx->si zeva  lid)  { 
flag  = 1 ; 
break; 

> 

total  +=  ctx->size; 

> 

if  ( ! flag)  C 

/*  All  the  inputs  have  a valid  sizes...  Send  a sizeAdvise  */ 
assert (tai  Ip); 


> 


error  = tailp->sizeAdvise(tailp,  total); 
if  (error) 

return  error; 


/ * 

* If  we  cannot  write,  then  we  cannot  flush!  Just  accept  that 

* the  sizeAdvise  worked  to  this  point  and  return  success. 

*/ 

if  ( ! c o n t e x t -> c a n w r i t e ) 
return  0; 


assert(tai  Ip); 

/ * 

* Flush  the  data.  This  will  return  an  error,  or  everything 

* will  be  flushed  out  of  the  fifo. 

*/ 

error  = DoFlush  (context); 
if  (error) 

return  error; 


/*  At  this  point,  check  if  everything  is  EOF.  */ 
for  (current  = context->top;  current;  current  = ctx->next)  C 
ctx  = (struct  Context  *)current->priv; 
assert(ctx)  ; 
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if  ( ! c tx->eof ) 

/*  Something  isn't  done  — just  return  success  */ 
return  0; 

> 

/*  Send  a sizeAdvise  (0)  --  all  the  inputs  are  done  writing.  */ 
return  tailp->sizeAdvise(tailp,  0); 


static  void 

Tea rdown ( s t r u c t PgpPipeline  *myself) 

{ 

struct  PgpPipeline  *current,  * t a i l p ; 
struct  Context  *ctx,  *context,  * t o p p ; 

assert(myself)  ; 

assert(myself->magic  ==  JOINMAGIC); 

context  = (struct  Context  *)myself->priv; 
assert(context)  ; 

topp  = (struct  Context  *)context->top->priv; 
assert(topp); 

tailp  = t opp->  t a i l ; 


context->teardown  = 1 ; 

for  (current  = context->top;  current;  current  = ctx->next)  { 
ctx  = (struct  Context  *)current->priv; 
assert(ctx); 


} 


if  ( ! c t x-> t e a r d o w n ) 
return; 


/*  Everything  can  be  torn  down,  now.  */ 
if  (tailp) 

tai lp->teardown(tai Ip); 

for  (current  = context->top;  current;  current  = myself)  f 
ctx  = (struct  Context  *)current->priv; 
assert(ctx); 

myself  = ctx->next; 

pgpFi f oDestroy  (ctx->fd,  ctx->fifo); 
memset (ctx,  0,  sizeof (*ctx)); 
pgpMemFree(ctx); 

memset ( current,  0,  si zeof (*current  ) ) ; 
pgpMemFree(current); 

} 

> 

static  struct  PgpPipeline  * 

j oi  nDoC reate ( i nt  dowrite,  struct  PgpFifoDesc  const  *fifod) 

{ 

struct  PgpPipeline  *mod; 

struct  PgpFi foContext  *fifop  = NULL; 
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struct  Context  *context; 

context  = (struct  Context  *)pgpMemAlloc(sizeof(*context)); 
if  (!  context) 

return  NULL; 

mod  = (struct  PgpPipeline  *)pgpMemAlloc(sizeof(*mod)); 
if  ( ! mod  ) C 

pgpMemFree(context); 
return  NULL; 

> 

fifop  = pgpFifoCreate  (fifod); 
if  (! fifop)  C 

pgpMemFree(context); 
pgpMemFree(mod); 
return  NULL; 

} 

mod->magic  = JOINMAGIC; 
mod->wri te  = Write; 
mod->flush  = Flush; 
mod->si zeAdvi se  = SizeAdvise; 
mod-> a n n o t a t e = Annotate; 
mod-> t ea rdown  = Teardown; 
mod->name  = "Join  Module"; 
mod->priv  = context; 

memset(context,  0,  sizeof(*context)); 
context->fd  = fifod; 
context->fifo  = fifop; 
c o n t e x t -> c a n w r i t e = dowrite; 

return  mod; 

> 

struct  PgpPipeline  ** 

pg p J o i n C r e a t e ( s t r u c t PgpPipeline  **head,  struct  PgpFifoDesc  const  *fifod) 
{ 

struct  PgpPipeline  *mod; 
struct  Context  *context; 

if  ( ! h e a d ) 

return  NULL; 

assert(fifod); 

mod  = joi nDoCreate  (1,  fifod); 
if  ( ! mod  ) 

return  NULL; 

context  = (struct  Context  *)mod->priv; 

context->top  = mod; 
context->tail  = *head; 

★head  = mod; 

return  &context->tail; 

> 

struct  PgpPipeline  * 

pg p J o i n App e n d ( s t r u c t PgpPipeline  *head) 
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{ 

struct  PgpPipeline  * m o d ; 
struct  Context  *context,  *ctx; 

if  ( ! h e a d ) 

return  NULL; 

assert(head->magic  ==  JOINMAGIC); 

context  = (struct  Context  *)head->priv; 
assert(context) ; 

mod  = joinDoCreateCO,  context->fd); 
if  ( ! mod  ) 

return  NULL; 

mod->name  = "Join  Module  Appendage"; 
ctx  = (struct  Context  *)mod->priv; 

/*  Splice  in  myself  module  */ 
ctx->next  = context->next; 
context->next  = mod; 

ctx->top  = context->top; 

return  mod; 

> 

s i z e_t 

p g p J o i n B u f f e r ( s t r u c t PgpPipeline  *myself,  byte  const  *buf,  size  t 
{ “ 
struct  Context  *context; 

assert(myself); 

assert(myself->magic  ==  JOINMAGIC); 

context  = (struct  Context  * ) my s e l f -> p r i v ; 
assert(context); 

return  pgpFifoWrite  ( c o n t e x t -> f d , c on t ex t-> f i f o , buf,  len) 


l e n ) 
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/ * 

* join.h  — Append  multiple  streams  together  into  a single  output,  and 

* buffer  as  needed 

* 

* Written  by:  Derek  Atkins  <wa  r l o rdalM  I T . E DU> 

* 

* $ I d : j o i n . h , v 1 . 1 5 1 996/  1 1 /1  2 02:1  8:22  mhw  Exp  $ 

*/ 


/ * 

* A join  module  will  combine  multiple  inputs  into  a single  output. 

* It  will  first  take  all  the  data  from  the  first  input  (the  input 

* from  the  creation  function)  until  it  gets  a S i z e A d v i s e ( 0 ) . Then  it 

* will  start  reading  from  the  next  input  in  line,  until  it  is  done, 

* and  so  on  down  the  list  of  inputs. 

* 


* If  an  input  pipeline  that  is  not  the  current  writer  tries  to  write 

* data,  it  will  be  buffered  in  that  input's  fifo. 

* 

* Data  that  is  buffered  will  be  flushed  out  when  that  input  is 

* allowed  to  write,  which  is  when  all  previous  writers  have  sent 

* a sizeAdvise(O). 

*/ 


//  i f nde  f PGP_J0IN_H 
//define  PGP_J0IN_H 

//include  "pgp/usua  l s . h" 

struct  PgpPipeline; 

# i f nde  f T Y P E_PG P P I P E L I N E 
//define  T Y P E_P G P P I P E L I N E 1 
typedef  struct  PgpPipeline  PgpPipeline ; 
it  e n d i f 

struct  PgpFifoDesc; 

//ifndef  T Y P E_P  G P F I F 0 D E S C 
//define  T Y P E_PG  P F I F 0 D E S C 1 
typedef  struct  PgpFifoDesc  PgpFifoDesc; 
tie  nd  i f 


/ ★ 

* Create  a join  module.  The  caller  needs 

* for  later  use.  * / 

struct  PgpPipeline  **pgp J o i nC r ea t e (struct 

struct 


to  save  the  head  pointer 

PgpPipeline  **head, 
PgpFifoDesc  const  * f d ) ; 


/ * 

* Append  a new  input  to  the  join  module. 

* new  pipeline  just  after  the  pointer  to 

* function  returns  a pointer  to  the  join 

* myself  input. 

* / 

struct  PgpPipeline  * pg p J o i n A pp e n d (struct 


This  will  insert  the 
the  head  passed  in.  This 
module  associated  with 


PgpPipeline  *head); 


/ * 

* Add  data  to  the  buffer  in  the  pipeline  module  passed  in.  This 
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* data  will  be  flushed  out  later. 

* / 

size_t  pg p J o i n Bu f f e r (struct  PgpPipeline  *myself,  byte  const 


# e nd i f /*  PGP  JOIN  H */ 
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pipeline.h 

/ * 

* pipeline.h  --  This  is  the  code  that  is  the  public  part  of  a pipeline 

* module,  and  defines  everything  that  all  the  pipelines  should  export. 

* 

* Written  by:  Derek  Atkins  <wa r l ordOMIT  . EDU> 

* 

* This  is  a Public  API  F u n c t i on  / S t r u c t u r e Header. 

★ 

* $ I d : pipeline. h,v  1.1  9.2.1  1996/1  1 /1  4 04:09:37  cbertsch  Exp  $ 

* / 

# i f nd  e f PG P_P I P E L I N E_H 
#def i ne  PG P_P I P E L I N E_H 

#include  " pg p / u s u a l s . h " 


struct  PgpPipeline  { 

/★  A means  to  check  if  this  is  a valid  module  --  put  a magic 

* number  in  the  structure  for  each  different  pipeline  module 

* and  compare  it.  Simple,  eh? 

*/ 

word32  magic; 


/ * Expo 
s i z e_t 

i n t 
i n t 

i n t 
void 


rted  Pipeline  Functions  that  all  Pipelines  support  ★ / 
(★write)  (struct  PgpPipeline  *myself,  byte  const  *buffer 
size_t  size,  int  *error); 

(★flush)  (struct  PgpPipeline  *myself); 

(★annotate)  (struct  PgpPipeline  *myself, 

struct  PgpPipeline  *origin,  int  type, 
byte  const  *string,  si ze_t  size); 

(*si zeAdvi  se)  (struct  PgpPipeline  *myself, 

unsigned  long  bytes); 

(★teardown)  (struct  PgpPipeline  ★myself); 


/ 


/ * Some  exported  information  about  this  particular  module  ★/ 
char  const  * name; 


/*  A pointer  to  modu  l e- s pe c f i c data  */ 
void  *priv; 

>; 

# i f n d e f T Y P E_PG P P I P E L I N E 

# d e f i n e T Y P E_P G P P I P E L I N E 1 

typedef  struct  PgpPipeline  PgpPipeline; 

# e nd i f 


# e n d i f /*  PGP  PIPELINE  H */ 
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protomod.c 


/ * 

* protomod.c  --  a prototype  module  for  PGP 

* 

* Written  by:  Derek  Atkins  < w a r l o r d 5)  M I T . E D U > 

* 

* $Id:  protomod.c, v 1.24  1996/11/12  02:18:23  mhw  Exp  $ 

* / 

//  i f d e f H A V E_C  0 N F I G_H 
//include  "config.h" 

# e n d i f 

//include  <assert.h> 

//include  <stdio.h> 

//include  "pgp/annotate  . h" 

//include  "pgp/mem.h" 

//include  " pg  p / p i p e l i n e . h " 

/ * 

* This  is  a magic  number  for  use  within  this  module.  It  is  used  to 

* make  sure  the  passed-in  module  is  a member  of  this  type.  Just  a 

* little  extra  s a n i t y- c h e c k i ng . 

* 

* You  should  set  this  value  to  some  "random"  32-bit  number. 

* / 


//define  MAGIC 


0x0 


struct  Context  f 

byte  bufferCBUFSIZO; 
byte  *bufptr; 
s i z e_t  bu  f l e n ; 
struct  PgpPipeline  *tail; 
i n t s c op  e_d  epth; 

>; 

static  i n t 

DoFlush  (struct  Context  *context) 
{ 

int  error  = 0; 
s i z e_t  r e t l e n ; 


/*  Try  to  flush  anything  that  we  have  buffered  */ 
while  ( c o n t e x t -> bu f l e n ) C 

ret len  = c o n t e x t - > t a i l - > w r i t e ( c o n t e x t - > t a i l , 

context->bufptr, 
context->buf  len, 
Serror) ; 

context->buf len  -=  retlen; 
memset  (context->bufptr,  0,  retlen); 
context->bufptr  +=  retlen; 
if  (error) 

return  error; 

> 

return  error; 
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static  i n t 

Flush  (struct  PgpPipeline  *myself) 

struct  Context  *context; 
int  error; 

assert  (myself); 

assert  (myself->magic  = = MAGIC); 

context  = myself->priv; 
assert  (context); 
assert  (context->tail); 

error  = DoFlush  (context); 
if  (error) 

return  error; 

return  context->tail->flush  (context->tail); 

> 

static  s i z e_t 

Write  (struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  int  *error) 
{ 

struct  Context  *context; 
s i z e_t  written  = 0; 

assert  (myself); 

assert  (myself->magic  ==  MAGIC); 
assert  (error); 

context  = myself->priv; 
assert  (context); 
assert  ( c o n t e x t -> t a i l ) ; 

do  C 

★error  = DoFlush  (context); 
if  (*error) 

return  written; 

/ * 

* Now  that  we  don't  have  anything  buffered,  bring  in  more 

* data  from  the  passed-in  buffer,  process  it,  and  buffer 

* that  to  write  out. 

* / 

context->bufptr  = context->buffer; 

/*  XXX  Set  c on t ex t -> bu f l e n to  length  of  read-in  material  */ 

/*  XXX  Read/processed  data  into  c on t e x t -> bu f f e r */ 

buf  +=  context->buflen; 

size  -=  c o n t e x t -> bu f l e n ; 

written  +=  context->buflen; 

} while  (context->buflen  > 0); 

/*  Continue  until  we  have  nothing  buffered  */ 
return  written; 

> 

static  int 

Annotate  (struct  PgpPipeline  *myself,  struct  PgpPipeline  *origin,  int  type. 
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{ 


> 


byte  const  *string,  si ze_t  size) 


struct  Context  *context; 
int  error; 

assert  (myself); 

assert  (myself->magic  ==  MAGIC); 

context  = myself->priv; 
assert  (context); 
assert  (context->tail); 


error  = DoFlush  (context); 
if  (error) 

return  error; 

error  = c o n t e x t - > t a i l - > a n n o t a t e 
if  ( lerror) 


(context->tai  l, 
string,  size); 


origin. 


type. 


P G P_S  C0PE_DEPT  H_U  PDATE(context->scop  e_d  epth,  type); 
a s s e r t ( c on t ex t -> s c ope_d e p t h !=  -1); 
return  error; 


static  int 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

{ 

struct  Context  *context; 
int  error; 

assert  (myself); 

assert  (myself->magic  ==  MAGIC); 

context  = myself->priv; 
assert  (context); 
assert  (context->tail); 

error  = DoFlush  (context); 
if  (error) 

return  error; 

return  c o n t e x t - > t a i l - > s i z e A d v i s e ( c o n t e x t -> t a i l , bytes) 


static  void 

Teardown  (struct  PgpPipeline  *myself) 

{ 

struct  Context  *context; 
assert  (myself); 

assert  (myself->magic  ==  MAGIC); 

context  = myself->priv; 
assert  (context); 

if  (context->tail) 

context->tai  l->teardown  (context->tai  l ) ; 

memset  (context,  0,  sizeof  (nontext)); 
pgpMemFree  (context); 
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> 

struct 

Create 

{ 


memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 


PgpPipeline  * * 

(struct  PgpPipeline  **head) 

struct  PgpPipeline  * m o d ; 
struct  Context  *context; 

if  ( ! h e a d ) 

return  NULL; 

context  = pgpMemAlloc  (sizeof  (*context)); 
if  (! context) 

return  NULL; 

mod  = pgpMemAlloc  (sizeof  (*mod)  ); 
if  ( ! mod  ) { 

pgpMemFree  (context); 
return  NULL; 

> 

mod->magic  = MAGIC; 
mod->write  = Write; 
mod->flush  = Flush; 
mod->si zeAdvi se  = SizeAdvise; 
mod->annotate  = Annotate; 
mod->teardown  = Teardown; 

mod->name  = "Prototype";  /*  XXX  Set  myself  to  the  module 
mod->pri v = context; 

memset  (context,  0,  sizeof  (*context)); 
context->bufptr  = context->buffer; 

context->tail  = *head; 

★head  = mod; 

return  &context->tai  l ; 


name!  * / 
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rotl3mod.c 

/* 

* rot13mod.c  --  A pipeline  module  to  rotate  by  13  characters.  A stupid 

* encryption/decryption  link  for  PGP! 

* 

* $ I d : rot13mod.c,v  1.1  9.2.1  1 996/1  1 /1  4 04:09:37  cbertsch  Exp  $ 

*/ 


#ifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 

# e nd  i f 


//include  <assert  . h> 
//include  <stdio.h> 


//include  "mem.  h" 

//include  "pipeline. h" 

//include  "rot13mod.h" 

//define  R0T13MAGIC  0x1  3263952 


struct  Rot13Context  { 

byte  bufferCBUFSIZ]; 
byte  *bufptr; 
s i z e_t  bu  f l e n ; 
struct  PgpPipeline  * t a i l ; 

>; 

static  siz  e_t 

r o 1 1 3 (byte  const  *input,  size_t  inlen,  byte  *output,  size_t  outlen) 
{ 

s i z e_t  l e n = 0 ; 
char  c ; 

while  (inlen  &&  outlen)  i 
c = inputClend; 


outputllen++]  = (((c 

> = 

' a 1 

&& 

c 

< = 

' m ' 

) 

1 1 

( c 

> = 

' A ' 

&S 

c 

< = 

' M ' 

) ) 

7 

c + 13 

( ( c 

> = 

' n ' 

S& 

c 

< = 

' z J 

) 

1 1 

( c 
c ) ; 

> = 

' N ' 

ss 

c 

< = 

' Z ' 

) ) 

7 

c - 1 3 

inlen--; 

outlen--; 


} 

return  len; 

} 

static  i n t 

DoFlush  (struct  Rot13Context  *context) 

{ 

s i z e_t  retlen; 
int  error  = 0; 

/*  Try  to  flush  anything  that  we  have  buffered  */ 
while  ( c on t e x t -> bu f l e n ) { 

retlen  = c o n t e x t - > t a i l - > w r i t e ( c on t e x t -> t a i l , 

context->bufptr, 
context->buf len. 
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> 


context->buf len  -=  retlen; 
memset  ( c on t ex t -> b u f p t r , 0, 
c on t ex t -> bu f p t r +=  retlen; 
if  (error) 

return  error; 

> 

return  error; 


Serror); 

retlen); 


static  int 

Flush  (struct  PgpPipeline  *myself) 

{ 

struct  Rot13Context  *context; 
int  error; 

assert  (myself); 

assert  (myself->magic  = = R0T13MAGIC); 

context  = myself->priv; 
assert  (context); 
assert  (context->tail); 

error  = DoFlush  (context); 
if  (error) 

return  error; 

return  c o n t e x t - > t a i l - > f l u s h ( c o n t e x t - > t a i l ) ; 


static  si ze_t 

rot13Write  (struct  PgpPipel 
int  * e r r o r ) 


{ 


ne  *my s e l f , 


struct  Rot13Context  *context; 

int  myerror  = 0; 

si ze_t  retlen,  written  = 0; 


byte  const  * bu  f , 


size  t 


s 


assert  (myself); 

assert  (myself->magic  = = R0T13MAGIC); 

context  = myself->priv; 
assert  (context); 
assert  (context->tail); 

do  -C 

myerror  = DoFlush  (context); 
if  (myerror)  f 

if  (error) 

★error  = myerror; 
return  written; 

} 

/ ★ 

* Now  that  we  dont  have  anything  buffered,  bring 

* data  from  the  passed-in  buffer,  rot13  it,  and 

* that  to  write  out. 

* / 

context->bufptr  = context->buffer; 


i ze. 


in  more 
buffer 
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c o n t e x t -> bu f L e n = rot13  (buf,  size,  c o n t e x t - > b u f f e r , 
buf  +=  context->buflen; 
size  -=  context->buf  Len; 
written  +=  context->buf  len; 

> while  (context->buf  len  > 0 ) ; 

/*  Continue  until  we  have  nothing  buffered  */ 


> 


return  written; 


static  int 
rotl 3Annotate 

f 


(struct  PgpPipeline  *myself,  struct 
int  type,  byte  const  *string,  size 


struct  Rot13Context  ^context ; 
int  error  = 0 ; 


PgpPipeline  *origi 
t size) 


assert  (myself); 

assert  (myself->magic  ==  R0T13MAGIC); 


context  = myself->priv; 
assert  (context); 
assert  (context->tail); 


error  = DoFlush  (context); 
if  (error) 

return  error; 


> 

static 
r o 1 1 3 S 
{ 


return  c o n t e x t -> t a i l - > a n n o t a t e ( c o n t e x t -> t a i l , origin,  type, 

string,  size); 

int 

zeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

struct  Rot13Context  *context; 
int  error  = 0; 


assert  (myself); 

assert  (myself->magic  ==  R0T13MAGIC); 

context  = myself->priv; 
assert  (context); 
assert  (context->tail); 

error  = DoFlush  (context); 
if  (error) 

return  error; 


> 


return  c o n t e x t - > t a i l - > s i z e A d v i s e 


(context->tail,  bytes); 


static  void 

rot  1 3Tea rdown  (struct  PgpPipeline  *myself) 
{ 

struct  Rotl 3Context  *context; 
assert  (myself); 


B U F S I Z ) ; 
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assert  (myself->magic  ==  R0T13MAGIC); 

context  = myself->priv; 
assert  (context); 

if  (context->tail) 

context->tai L~>teardown  (context->tai l); 

memset  (context,  0,  sizeof  (*context)); 
memFree  (context); 

memset  (myself,  0,  sizeof  (*myself)); 
memFree  (myself); 

> 

struct  PgpPipeline  ** 

rot13Create  (struct  PgpPipeline  **head) 

{ 

struct  PgpPipeline  * m o d ; 
struct  Rot13Context  ^context; 

if  (!head) 

return  NULL; 

context  = memAlloc  (sizeof  (*context)); 
if  ( ! context) 

return  NULL; 

mod  = memAlloc  (sizeof  (*mod)); 
if  ( ! mod ) ( 

memFree  (context); 
return  NULL; 

> 

mod->magic  = R0T13MAGIC; 
mod->wri te  = rot13Write; 
mod->write  = Flush; 

mod->si zeAdvi se  = rot13SizeAdvise; 
mod-> a n no t a t e = rotl 3Annotate; 
mod->teardown  = rot  1 3Tea rdown; 
mod->name  = "Rot  13  Module"; 
mod->priv  = context; 

memset  (context,  0,  sizeof  (*context)  ); 
context->buf ptr  = context->buffer; 

context->tail  = *head; 

*head  = mod; 

return  S c o n t e x t -> t a i l ; 

> 
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rotl3mod.h 

/ * 

* definitions  for  a stupid  encryption  pipeline: 

* 

* $ I d : rot13mod.h,v  1.3  1 996/1  1 /1  2 02:1  8:24  mhw 
*/ 

struct  PgpPipeline; 

struct  PgpPipeline  * * r o 1 1 3 C r e a t e (struct  PgpPipe 


r o 1 1 3 
Exp  $ 

ine  * * h e a d ) ; 


1260 


lib/ pgp/ pipe/ utils/ split. c 


split.c 

/ * 

* $ I d : split. c,v  1.1  6 1 996/1  1 /1  2 02  : 1 8:24  mhw  Exp  $ 
*/ 


Z/ifdef  H A V E_C  0 N F I G_H 
^include  "config.h" 
//end  i f 

//include  <assert.h> 
//include  <stdio.h> 


# i n c l u d e 
//include 
# i nc  l ude 
//include 


"spli t . h" 
"pgp/annotate.h" 
"pgp/pgpmem.h" 
"pgp/pipeline.h" 


//define  SPLITMAGIC  0x1  1 223344 


//define  MAXTAILS  2 


struct  Context  { 

byte  bufferUBUFSIZD; 

byte  const  *bufptr,  *bufend; 

int  curtail,  numtails; 

struct  PgpPipeline  *tailCMAXTAILS]; 

int  sc  o pe_d  e p t h ; 

>; 

/ * 

* If  we  got  an  error  while  writing,  the  pending  write  data  gets  copied  to 

* the  context's  buffer  for  re-transmission  later.  (Yes,  this  is  needed  to 

* preserve  the  semantics  of  wr  i te(  ) . ) 

*/ 

static  int 

DoFlushCstruct  Context  *context) 

struct  PgpPipeline  * t a i l p ; 
int  error; 
s i z e_t  l e n ; 

/*  Try  to  flush  anything  that  we  have  buffered  */ 
len  = context->buf end  - context->buf ptr; 
while  ( c o n t e x t -> c u r t a i l !=  c o n t e x t -> n um t a i l s ) C 
tailp  = c o n t e x t -> t a i l [ c o n t e x t -> c u r t a i l ] ; 
while  (len  !=  0)  C 

len  = t a i l p-> w r i t e ( t a i l p , c on t e x t -> bu f p t r , 

len,  terror); 
context->buf ptr  +=  len; 
if  (error) 

return  error; 

> 

context->bufptr  = context->buf f er; 

len  = context->buf end  - context->buf ptr; 

context->curtai l ++; 

> 

memset(context->buffer,  0,  len); 

context->bufptr  = context->buf end  = context->buf f er; 
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> 


return  0 ; 


static  i n t 

FlushCstruct  PgpPipeline  *myself) 

{ 

struct  PgpPipeline  * t a i l p ; 
struct  Context  *context; 
int  error,  i ; 

assert(myself); 

assert(myself->magic  ==  SPLITMAGIC); 

context  = (struct  Context  *)myself->priv; 

assert(context); 

assert(context->tai  l); 


> 


error  = DoFlush(context); 
if  (error) 

return  error; 


for  ( i 


> 


= 0;  i 
t a i l p 
error 
if  ( e 


< c o n t e x t -> n um t a i l 
= context->tailCi] 
= t a i l p->  f l u s h ( t a i 
rror) 

return  error; 


s ; i + + ) 
L p ) ; 


{ 


return  0; 


static  s i z e_t 

Wri te(struct  PgpPipeline  *myself,  byte  const  *buf,  size_t  size,  int  *error) 

struct  PgpPipeline  * t a i l p ; 

struct  Context  ^context; 

size_t  block,  pending,  myselfwrite; 

byte  const  *tmpbuf; 

si ze_t  written  = 0; 

int  i ; 


assert(myself); 

assert(myself->magi  c ==  SPLITMAGIC); 
assert(error); 

context  = (struct  Context  *)myself  — >priv; 

assert(context); 

assert(context->tai  l); 

/ * Write  out  anything  still  hanging  around  from  last  time  * / 
★error  = DoFlush(context); 
if  (*error) 

return  written; 

/*  Okay,  now  write  out  the  new  stuff.  */ 
while  (size)  { 

/*  Never  write  more  in  one  block  than  we  can  buffer  */ 
block  = m i n ( s i z e , sizeof  (context->buffer)); 
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> 


> 


/*  Now  write  out  the  current  block 
for  (i  = 0;  i < context->numtails; 

tailp  = context->tailCiD; 
tmpbuf=buf;  / * 

pending  = block;  / * 

do  { 


to  each 
i + + ) { 
/* 

Current 

Current 


of  the  tails.  * / 

Current  tail  * / 
write  pointer  * / 
size  * / 


myselfwrite  = t a i l p-> w r i t e ( t a i l p , tmpbuf, 

pending,  error); 

tmpbuf  +=  myselfwrite; 
pending  -=  myselfwrite; 
if  (!*error) 

continue; 

/*  --  Error  handling  --  */ 

/*  Remember  how  far  we've  gotten  */ 
context->curtail  = i; 

/* 


* If  we 

* first 

* bytes 

* since 

* so  we 
*/ 


get  an  error  while  writing  to  the 
tail,  we  don't  need  to  buffer  the 
after  the  current  write  pointer, 
we've  never  done  anything  with  them, 
aren't  responsible  for  them. 


if  ( i ==  0) 

block  - = pending; 

/* 


* If  we  get  an  error  while  writing  to  the 

* last  tail,  we  don't  need  to  remember  the 

* bytes  we've  managed  to  write  to  every 

* tail;  only  the  following  bytes,  which 

* we've  accepted  responsibility  for  by 

* writing  out  somewhere  else. 

*/ 


if  (i  context->numta i l s-1  ) C 

buf  = tmpbuf; 
written  +=  block-pending; 
block  = pending; 

> 

/*  Copy  data  to  buffer  for  later  DoFlushC)  */ 
mem c py ( c o n t e x t -> bu f f e r , buf,  block); 
context->buf end  = context->buffer+block; 
context->buf ptr  = context->bufend-pending; 

/*  And  return  the  amount  written  plus  buffer  */ 
return  written  + block; 

> while  (pending); 

> 


/*  Advance  pointers  and  go  on...  */ 
buf  + = block; 
size  -=  block; 
written  + = block; 


return  written; 


/ * 

* Annotate  is  a bit  magic.  The  problem  is  that  annotations  are 

* defined,  as  a class,  to  atomically  succeed  or  fail.  One  particular 

* annotation  might  play  fast  & loose  with  this,  but  we  aren't  allowed 
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* to  break  it  for  *all*  annotations. 

★ 

* But  if  we  pass  an  annotation  down  the  first  tail,  and  it  succeeds 

* (no  error  returned),  then  pass  it  down  the  second,  and  get  an  error, 

* things  are  a bit  screwed  up,  because  Lots  of  modules  saw  the  annotation 

* succeed  and  altered  their  state  accordingly. 


• Ar 


* The  solution  seems  to  be  to  pass  annotations  down  *one  tail  only*, 

* which  we  use  the  first  tail  for.  Other  tails  see  data,  but  no 

* annotations. 

*/ 


static  i n t 

Annotate(struct  PgpPipeline  *myself, 
byte  const  *string,  size_t 


struct 

size) 


PgpPipeline  *origin. 


i n t type. 


struct  Context  *context; 
int  error; 


> 


assert(myself); 

assert(myself->magic  ==  SPLITMAGIC); 

context  = (struct  Context  *)myself->priv; 

assert(context); 

assert(context->tai  l); 

error  = DoFlush(context); 
if  (error) 

return  error; 


error  = context->tai  l[OH->annotate(context->tai  1101, 


string,  size); 


if  ( ! error) 

P G P_S  C0PE_DEPT  H_U  PDATE(context->scop  e_d  e p t h 
assert ( c o n t e x t -> s c ope_d e p t h !=  -1); 
return  error; 


f 


origin. 


type); 


type. 


/* 

* Note  that  because  of  the  way  we  do  annotations,  if  a SizeAdvise 

* arrives  while  we're  inside  a scope,  we  can't  pass  it  down  to  any  but 

* the  first  tail;  it  is  meaningless  to  the  others.  So  we  bail  out 

* of  the  loop  early  in  that  case. 

*/ 

static  int 

S i z e A d v i s e ( s t r u c t PgpPipeline  *myself,  unsigned  long  bytes) 

struct  Context  *context; 
int  error; 
int  i ; 

assert (myse l f ) ; 

assert (myse l f->magi c ==  SPLITMAGIC) ; 

context  = (struct  Context  *)myself  — > p r i v ; 
assert(context) ; 
assert(context->tai l); 

error  = DoFlush(context); 
if  (error) 
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return  error; 

for  (i  = 0;  i < context->numtai Is;  i + + ) { 

error  = c o n t e x t ->  t a i l C i ] ->  s i z e Ad  v i s e ( c on  t e x t ->  t a i L C i II 
if  (error  ||  c o n t e x t - > s c o p e_d e p t h ) 
return  error; 

> 

return  0; 


static  void 

Tea rdown ( s t ru c t PgpPipeline  *myself) 
{ 

struct  Context  *context; 
i n t i ; 


assert(myself); 

a s s e r t ( my s e l f ->ma g i c ==  SPLITMAGIC); 


context  = (struct  Context  *)myself->priv; 
assert(context); 


for  ( i 


> 


= 0;  i < context->numtails;  i++)  { 
if  ( c o n t ex t -> t a i L C i ] ) 

context->tai LCi3->teardown(context->tai L [ i 3 ) ; 


memset(context,  0,  sizeof (*context)); 
pgpMemFree(context); 

memset(myself,  0 , sizeof(*myself)); 
pgpMemFree(myself); 


struct  PgpPipeline  ** 

pg p S p l i t C r e a t e ( s t r u c t PgpPipeline  **head) 

{ 

struct  PgpPipeline  * m o d ; 
struct  Context  *context; 

if  ( ! h e a d ) 

return  NULL; 

context  = (struct  Context  *)pgpMemAlloc(sizeof(*context)); 
if  (!  context) 

return  NULL; 

mod  = (struct  PgpPipeline  *)pgpMemAlloc(sizeof(*mod)); 
if  ( ! mod  ) C 

pgpHemFree(context); 
return  NULL; 

> 

mod->magic  = SPLITMAGIC; 
mod->write  = Write; 
mod->flush  = Flush; 
mod->si zeAdvi se  = SizeAdvise; 
mod->annotate  = Annotate; 
mod-> t ea rdown  = Teardown; 
mod->name  = "Split  module"; 
mod->priv  = context; 


bytes)  ; 
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memsetCcontext,  0 , sizeof(*context)); 
context->bufptr  = context->buffer; 

context->curtail  = context->numtai  Is  = 1 ; 
context->buf ptr  = context->buf end  = context->buf f er; 

context->tailC0]  = * h e a d ; 

★head  = mod; 

return  &context->tai  ICO]; 

> 

struct  PgpPipeline  ** 

pg p S p l i t Ad d ( s t r u c t PgpPipeline  *myself) 

{ 

struct  Context  *context; 
struct  PgpPipeline  **tailp; 

assert(myself); 

assert(myself->magi c ==  SPLITMAGIC); 

context  = (struct  Context  *)myself->priv; 

assert(context); 

assert(context->tai  l); 

if  ( c o n t e x t -> n um t a i l s ==  MAXTAILS) 
return  0; 

if  ( c o n t e x t - > c u r t a i l !=  c on t e x t -> n um t a i l s ) 

return  0;  /*  We're  in  the  middle  of  things!  */ 

tailp  = &context->tail[context->numtails++]; 
context->curtail  = context->numtai Is; 
return  tailp; 

> 
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split.h 

/* 

* S p l i 

* ALL 

* GETS 

* 

* $ I d : 

* / 

struct 

# i f nde  f 

# d e f i n e 
t y ped e f 
Send  i f 

struct 

struct 


t module  - one  input,  multiple  outputs, 
outputs  get  data,  but  ONLY  THE  ORIGINAL  OUTPUT 
ANNOTATIONS.  (Error-handling  is  impossible  otherwise.) 

split. h,v  1.5  1996/11/12  02:18:24  mhw  Exp  $ 

PgpPipeline; 

TYPE_PGPPIPELINE 

TYPE_PGPPIPELINE  1 

struct  PgpPipeline  PgpPipeline; 


PgpPipeline  **pgpSpl 
PgpPipeline  **pgpSpl 


tCreate  (struct  PgpPipeline  **head); 
tAdd  (struct  PgpPipeline  *myself); 
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pubkey/ 
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.cvsignore 


Makefile  DONE 


. 


lib/ pgp/ pubkey/ Makefile,  in 


Makefile.in 

# 

# Lib/pubkey 
U 

# $ I d : Makef i le. in,v  1.1  6 1 996/1  1 /1  2 02:1  8:25  mhw  Exp  $ 

n 

0BJS=  pubkey. o rsakey.o  rsaglue.o  fixedkey.o  esk.o  sig.o  pktlist. 

keyspec.o  elgkey.o  dsakey.o  keymisc.o 
PUBHDRS=  esk.h  fixedkey.h  pubkey. h sig.h  keyspec.h 
PRIVHDRS=  rsakey.h  makesig.h  elgkey.h  dsakey.h  keymisc.h 

all::  DONE 


makes i g . o \ 
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makefile. msc 

PG  P L I B=  . .\.  .\pgplib.  Lib 

CFLAGS=-I..\..\..\include  -I..\..\incLude  \ 

-DHAVE  CONFIG  H=1  $(DEBUG) 


all::  lib 

headers:  incl 

(include  "makefile. in 


incl: 

i f 

not 

"$ ( PUBHDRS)  " 

= = ""  \ 

for  % f in  ( 

$(PUBHDRS) 

) do 

copy  % f . 

.\. .\. .\include\pgp 

i f 

not 

"$(PRIVHDRS) 

II Mil  ^ 

for  / f in  ( 

$(PRIVHDRS) 

) do 

copy  % f 

. .\. .\include 

DOSOB J SX  = 

$ ( OB J S : . o= . 

o b j ) 

DOSOB J S = 

$(DOSOBJSX: 

unix=win32) 

lib:  $(D0S0BJS) 

. c . o b j : 

$ ( C C ) $(CFLAGS)  -Z7  -c  $< 

# lib  /out : $( PGPLIB)  $(PGPLIB)  $*.obj 

clean: 

del  * . o b j 

DONE  : 

if  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(PGPLIB)  $(D0S0BJS) 
if  not  exist  S(PGPLIB)  l i b / o u t : $ ( PG P L I B ) $(D0S0BJS) 
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dsakey.c 


/* 

* dsakey.c 

* Signatures  using  the 

•k 

* $ I d : dsakey.c, v 1.14. 
*/ 

#ifdef  HAVE  CONFIG  H 


# i n c l ud  e 

" c o n f i g . h " 

# e nd  i f 

//include 

<assert . h> 

//include 

"dsakey.h" 

//include 

"keymisc.h" 

//include 

"pgp/bn.h" 

//include 

"pgp/cipher.h" 

//include 

"pgp/cfb.  h" 

//include 

"pgp/hash . h " 

//include 

"pgp/pgpmem.  h" 

# i n c l u d e 

"pgp/pgper r . h" 

//include 

"pgp/prime.h" 

//include 

"pgp/pubkey.h" 

# i n c l u d e 

"pgp/ random,  h" 

//include 

"pgp/str2key.  h " 

# i nc  l ude 

"pgp/usua  Is  . h" 

# i f nd e f 

NULL 

//define  NULL  0 
//end  i f 


Digital  Signature 
2.1  1 996/11/14  04 


Algorithm 
09:38  cbertsch 


Exp  $ 


//define  A S S E R T D S A ( a l g ) a s s e r t ( ( A L G M A S K ( a l g ) ) = = PG  P_P  K A L G_D  S A ) 


struct  DSApub  { 


struct 

B i gNum 

p; 

/* 

Public 

prime  * / 

struct 

B i g N urn 

q; 

/* 

Public 

order  of  generator 

*/ 

struct 

B i gNum 

g; 

/ * 

Public 

generator  */ 

>; 

struct 

B i gNum 

y; 

/ * 

Public 

key,  g**x  mod  p */ 

struct 

DSAsec 

{ 

struct 

B i g N urn 

p; 

/* 

Copy  of 

public  parameters 

* / 

struct 

B i gNum 

q; 

struct 

B i gNum 

g; 

struct 

B i gNum 

y; 

> • 

struct 

Bi gNum 

x; 

/* 

Secret 

key,  discrete  log 

o f 

/*  A PgpSecKey's  priv  points  to  this,  an  DSAsec  plus  the  encrypted  form...  */ 
struct  DSAsecPlus  { 

struct  DSAsec  s; 
byte  *cryptkey; 
size_t  ckalloc,  cklen; 
int  locked; 

>; 


/**  Public  key  functions  **/ 


1272 


lib/ pgp/ pubkey/ dsakey.c 


static  void 

dsaPubDestroy (struct  PgpPubKey  *pubkey) 

{ 

struct  DSApub  *pub  = (struct  DSApub  *)pubkey->priv; 

ASSERTDSA(pubkey->pkAlg); 

bnEnd(&pub->p) ; 

bnEnd ( &pub->q ) ; 

bnEnd ( &pub->g ) ; 

bnEnd ( &pub->y ) ; 

memset(pub,  0,  s i z e o f ( p ub ) ) ; 

pgpMemFree(pub) ; 

memset (pubkey,  0,  sizeof(pubkey)); 
pgpMemFree(pubkey); 

> 

#i  f 0 

static  void 

d s a P u b I d8 ( s t r u c t PgpPubKey  const  *pubkey,  byte  *buf) 

{ 

assert(O); 

struct  DSApub  const  * p u b = (struct  DSApub  *)pubkey->priv; 

byte  *keybuf; 

si ze_t  keybuflen; 

struct  PgpHash  const  *h; 

struct  PgpHashContext  *hc; 

ASSERTDSA(pubkey->pkAlg); 

/*  Unfortunately  we  have  no  way  of  indicating  failure  */ 

h = pgpHashByNumber  ( P G P_H A S H_S H A ) ; 

assert(h); 

he  = pgpHashCreate(h); 
assert(hc); 

keybuflen  = dsaPubBufferLength(pubkey); 
keybuf  = pgpMemAlloc(keybuflen); 
assert(keybuf); 

dsaPubToBuffer(pubkey,  keybuf); 

pgpHashUpdate(hc,  keybuf,  keybuflen); 
memepy  (buf,  pgpHashFinal(hc),  8); 
pgpHashDestroy(hc); 

> 

ft  e nd  i f 

/*  Return  the  largest  possible  PgpESK  size  for  a given  key  */ 
static  s i z e_t 

dsaMaxes k ( s t ru c t PgpPubKey  const  *pubkey,  PgpVersion  version) 

C 

(void)pubkey; 

(void)version; 

return  PGPE RR_PUBKE Y_UN I MP; 

> 

/ * 

* Given  a buffer  of  at  least  "maxesk"  bytes,  make  an  PgpESK 
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* into  it  and  return  the  size  of  the  PgpESK,  or  <0. 

*/ 

static  i n t 

d s a E n c ry p t ( s t r u c t PgpPubKey  const  *pubkey,  byte  const  *key, 
si ze_t  keylen,  byte  *esk,  si ze_t  *esklen, 
struct  Pg p R a nd om C on t e x t const  *rc,  PgpVersion  version) 

{ 

(void)pubkey; 

( v o i d ) k e y ; 

(void)keylen; 

(void)esk; 

(void)esklen; 

(void)rc; 

(void)version; 

return  P G P E R R_P U B K E Y_U N I M P ; 

> 

/ * 

* Return  1 if  (sig,siglen)  is  a valid  MPI  which  signs 

* hash,  of  type  h.  Verify  that  the  type  is  SHA.1  and 

* the  hash  itself  matches. 

* / 

static  int 

dsaVeri fyCstruct  PgpPubKey  const  *pubkey,  int  sigtype,  byte  const  *sig, 
size_t  siglen,  struct  PgpHash  const  *h,  byte  const  *hash) 

{ 

struct  DSApub  const  * p u b = (struct  DSApub  *)pubkey->priv; 
struct  BigNum  r,  s,  w,  u2; 
int  i ; 
s i z e_t  off; 

(void)sigtype; 

ASSERTDSA(pubkey->pkAlg); 

if  (h->type  !=  P G P_H  A S H_S  HA) 

return  0;  /*  No  match  for  sure!  */ 

bnBegin(Sr); 

bnBegin(Ss); 

bnBegin(Sw); 

bnBegin(Su2); 

/*  sig  holds  two  values.  Get  first,  r,  from  sig.  */ 
off  - 0; 

i = pg pBnGe t P l a i n ( S r , sig  + off,  siglen-off); 
if  (i  <=  0) 

goto  fail; 

/*  Get  2nd  value,  s,  from  SIG  */ 
off  + = i ; 

i = pgpBnGetPlainCSs,  sig+off,  siglen-off); 
if  ( i <=  0) 

goto  fail; 
off  + = i ; 

if  (off  !=  siglen)  { 

i = PGPERR_SIG_T00L0NG; 
goto  done; 

> 
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/ * 

* Sanity-check  r and  s against  the  subprime  q.  Both  should 

* be  less  than  q.  If  not,  the  signature  is  clearly  bad. 

* / 

if  (bnCmpCSr,  &pub->q)  >=  0 ||  bnCmp(&s,  Spub->q)  >=  0)  { 
i = 0;  /*  FAIL  */ 

goto  done; 

> 

/*  Reconstruct  hash  as  u2  */ 

/*  aaa : complicated  issues  re  packing,  160  bits  is  tight...  */ 
if  ( bn  I n s e r t B i g By t e s ( Su 2 , hash,  0,  h->hashsize)  < 0) 
goto  nomem; 

/ * 

* Calculate  DSS  check  function.... 

* Given  signature  (r,s)  and  hash  H (in  bn),  compute: 

* w = s A — 1 mod  q 

* ul  = H * w mod  q 

* u2  = r * w mod  q 

* v = gAu1  * yAu2  mod  p 

* i f v ==  r mod  q,  the  signature  checks. 

* 

* To  save  space,  we  put  ul  into  s,  H into  u2,  and  v into  w. 

*/ 


i f 

(bnlnvCSw,  Ss,  &pub 

cr 

A 

1 

< 0) 

i f 

goto  nomem; 
(bnMul(&s,  &u2,  Sw) 

< 

0 

||  bnModCSs,  Ss, 

Spub->q ) < 

0) 

i f 

goto  nomem; 
(bnMul(Su2,  Sr,  Sw) 

< 

0 

| | bnMod ( Su2 , Su2 

, Spub->q) 

A 

O 

goto  nomem; 

/* 

Now  for  the  expensive 

part.  . . 

*/ 

i f 

(bnDoubleExpModCSw, 

Spub 

->9/ 

8 s , 

Spub->y , 

Su2,  Spub 

V 

Q. 

A 

1 

i f 

goto  nomem; 
(bnModCSw,  Sw,  Spub 

cr 

A 

i 

A 

O 

goto  nomem; 

/ * 

Compare  result  with 

r, 

should 

be 

equal  * / 

i = bnCmpCSw,  &r)  = = 0; 
goto  done; 


fail: 

if  ( ! i ) 

i = PGPERR_SIG_T00SH0RT; 
goto  done; 

nomem : 

i = P G P E R R_N  0 M E M ; 
goto  done; 

done: 

bnEnd(&u2); 

bnEnd(Srw); 

bnEnd(Ss); 

bnEnd(Sr); 

return  i ; 

> 
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/ * 

* Turn  a PgpPubKey  into  the  a L g o r i t h m- s p e c i f i c parts  of  a public  key. 

* A public  key's  DSA-specific  part  is: 

* 


* 

0 

2 + i 

MPI 

for 

prime 

★ 

2 + i 

2 + t 

MPI 

for 

order 

★ 

4 + i + 1 

2 + u 

MPI 

for 

generator 

★ 

6 + i + 1 + u 

2 + v 

MPI 

for 

public  key 

* 8+i+t+u+v 

*/ 

static  s i z e_t 

d s a P u bBu f f e r Le n g t h ( s t r u c t PgpPubKey  const  *pubkey) 

{ 

struct  DSApub  const  *pub  = (struct  DSApub  *)pubkey->priv; 


> 


return  8 + (bnBits(&pub->p)+7)/8  + (bnBits(&pub->q)+7)/8  + 
(bnBits(8pub->g)+7)/8  + (bnBits(&pub->y)+7)/8; 


static  void 

dsaPubToBuf ferCstruct  PgpPubKey  const  *pubkey,  byte  *buf) 

{ 

struct  DSApub  const  *pub  = (struct  DSApub  *)pubkey->priv; 
unsigned  off; 


> 


off  = 0 ; 

off  +=  pg pB n P u t P l a i n ( &pu b-> p , 
off  +=  pg pBn P u t P l a i n ( &pu b->q  , 
off  +=  pg pB n Pu t P l a i n ( &pu b-> g , 
off  +=  pg pB n Pu t P l a i n ( Spu b->y , 


buf+off); 
buf+off); 
buf+off) ; 
buf+off); 


/*  A little  helper  function  that's  used  twice  */ 
static  void 

dsa F i l l Pub  key ( s t r u c t PgpPubKey  *pubkey,  struct  DSApub  *pub) 
{ 


ft  i f 0 
ft  e nd  i f 


> 


pubkey->next 

pubkey->pkAlg 

pubkey->priv 

pubkey->destroy 


NULL; 

PGP_PKALG_DS A; 
pub; 

dsaPubDestroy; 


pubkey->id8 


dsaPub!d8; 


pubkey->maxesk  = dsaMaxesk; 
pubkey->encrypt  = dsaEncrypt; 
pubkey->verify  = dsaVerify; 
pubkey->bufferLength  = dsaPubBufferLength; 
pubkey->toBuffer  = dsaPubToBuffer; 


/* 

* Turn  the  a l g o r i t h m- s p e c i f i c parts  of  a public  key  into  a PgpPubKey 

* structure.  A public  key's  DSA-specific  part  is: 

* 

* 0 2+i  MPI  for  prime 

* 2+i  2+t  MPI  for  order 
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* 4+i+t  2+u  MPI  for  generator 

* 6+i+t+u  2 + v MPI  for  public  key 

* 8 + i + 1 + u + v 

* / 

struct  PgpPubKey  * 

d s a Pu b F r omBu f ( by t e const  *buf,  si ze_t  size,  int  *error) 

struct  PgpPubKey  *pubkey; 
struct  DSApub  * p u b ; 
unsigned  i,  t,  u,  v ; 
int  w ; 


> 


bnlnitO; 


w = pgpBnParselbuf,  size,  4,  & i , & t , & u , & v ) ; 
i f (w  < 0)  { 


★error  = w ; 
return  NULL; 

> 

if  (t  <=  i+2  ||  (bufCt-1D  S 1)  ==  0)  f /*  Too  small  or  even  prime  p */ 

★ error  = PG  P E R R_KE  Y_M  PI; 
return  NULL; 

> 

if  (u  <=  t + 2 | | (buftu-1]  & 1)  ==  0)  -C  /*  Too  small  or  even  order  q */ 

★error  = PG P E R R_KE Y_M P I ; 
return  NULL; 

> 

pub  = (struct  DSApub  *)pgpMemAlloc(sizeof(*pub)); 
if  ( pub ) ( 

pubkey  = (struct  PgpPubKey  *)pgpMemAlloc(sizeof(*pubkey)); 
i f ( pubkey  ) ( 

bnBegin(&pub->p); 
bnBegi n(&pub->q)  ; 
bnBegin(&pub->g) ; 
bnBegi n(&pub->y); 


i f 

(bnInsertBigBytes(&pub->p, 

buf+i+2. 

o. 

t-i-2) 

> = 

&& 

bnInsertBigBytes(Spub->q, 

buf+t+2. 

o. 

u-t-2 ) 

> = 

S& 

bnInsertBigBytes(&pub->g, 

buf+u+2. 

o. 

v-u-2 ) 

> = 

&& 

bnInsertBigBytes(&pub->y, 

buf+v+2. 

o. 

w-v-2 ) 

dsa F i l l Pubkey ( pubkey,  pub); 


★error  = 0; 
return  pubkey; 

> 

/*  Failed  = clean  up  and  return  NULL  ★/ 

bnEnd(Spub->p) ; 

bnEnd(&pub->q); 

bnEnd(Spub->g); 

bnEnd(&pub->y); 

pgpMemFree(pubkey); 


> 


pgpMemFree(pub); 


★error  = PG P E R R_N 0M E M ; 
return  NULL; 


/* 
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* Return  the  size  of  the  public  portion  of  a key  buffer. 
*/ 
i n t 

d s a Pu bKe y P r e f i x S i z e ( by t e const  *buf,  si ze_t  size) 

{ 

return  pg pBn Pa r s e ( bu f , size,  4,  NULL,  NULL,  NULL, 

> 


N U L L ) ; 


/**  Secret  key  functions  **/ 
static  void 

dsaSecDestroyfstruct  PgpSecKey  *seckey) 

{ 

struct  DSAsecPlus  *sec  = (struct  DSAsecPlus  *)seckey->priv; 

ASSERTDSA(seckey->pkAlg); 
bnEnd(&sec->s  . p ) ; 
bnEnd(&sec->s  .q)  ; 
bnEnd ( &sec->s  . g ) ; 
bnEnd(Ssec->s  .y)  ; 
bnEnd(Ssec->s.x); 

memset(sec->cryptkey,  0,  sec->ckalloc); 
pgpMemFree(sec->cryptkey); 
memsetCsec,  0,  sizeof (sec)); 
pgpMemFree(sec)  ; 

memset(seckey,  0,  si zeof ( seckey ) ) ; 
pgpMemFree(seckey)  ; 

> 


# if  0 

static  void 

d s a S e c I d 8 ( s t r u c t PgpSecKey  const  *seckey,  byte  *buf) 

{ 

struct  DSAsecPlus  const  *sec  = (struct  DSAsecPlus  *)seckey->priv; 
ASSERTDSA(seckey->pkAlg); 

bnExtractBigBytes(8sec->s.p,  buf,  0,  8); 

> 

#end  i f 


/ * 

* Generate  a PgpPubKey  from  a PgpSecKey 
*/ 

static  struct  PgpPubKey  * 

dsaPubkey ( st ruct  PgpSecKey  const  *seckey) 

{ 

struct  DSAsecPlus  const  * sec  = (struct  DSAsecPlus  *)seckey->priv; 
struct  PgpPubKey  *pubkey; 
struct  DSApub  *pub; 

ASSERTDSA(seckey->pkAlg); 

pub  = (struct  DSApub  * ) pg pM em A l l o c ( s i z e o f ( * pu b ) ) ; 
if  ( pub ) { 

pubkey  = (struct  PgpPubKey  * ) pg pM em A l l o c ( s i z e o f ( *pu b ke y ) ) ; 
if  (pubkey)  { 

bnBegin(&pub->p); 

bnBegin(8pub->q); 

bnBegin(8pub->g); 
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> 


bnBegin(&pub->y); 


( bn C o py ( &pu b-> p , &sec->s.p)  >= 

0 

&& 

bnCopy(&pub->q, 

&sec->s.q) 

> = 

0 

&& 

bnCopy(&pub->g, 

&sec->s.g) 

> = 

0 

&& 

bnCopy ( &pub->y. 

&sec->s.y) 

> = 

0) 

dsaFi L LPubkey(pubkey,  pub); 
pubkey->pkALg  = seckey->pkAlg; 
memcpy(pubkey->keyID,  seckey->keyID, 
sizeof(pubkey->keyID)); 
return  pubkey; 

> 

/*  Failed  = clean  up  and  return  NULL  */ 

bnEnd(Spub->p); 

bnEnd(Spub->q); 

bnEnd(&pub->g); 

bnEnd(Spub->y); 

pgpMemFree(pubkey); 

> 

pgpMemFree(pub); 

> 

return  NULL; 


/ * 

* Yes,  there  *i s*  a reason  that  this  is  a function  and  not  a variable. 

* On  a hardware  device  with  an  automatic  timeout, 

* it  actually  might  need  to  do  some  work  to  find  out. 

*/ 

static  i n t 

d s a I s l o c k ed ( s t r u c t PgpSecKey  const  *seckey) 

{ 

struct  DSAsecPlus  const  * s e c = (struct  DSAsecPlus  *)seckey->priv; 

ASSERTDSA(seckey->pkAlg); 
return  sec->locked; 


/* 

* Try  to  decrypt  the  secret  key  wih  the  given  passphrase.  Returns  >0 

* if  it  was  the  correct  passphrase.  =0  if  it  was  not,  and  <0  on  error. 

* Does  not  alter  the  key  even  if  it's  the  wrong  passphrase  and  already 


★ 

* 

unlocked. 

A NULL 

passphrae  will  work  if  the  key  is  unencrypted. 

★ 

A (secret) 

key's 

DSA- 

specific  part  is: 

A 

★ 

0 

2 + u 

MPI  for  prime  p 

★ 

2 + u 

2 + v 

MPI  for  order  q 

★ 

4 + u + v 

2 + w 

MPI  for  generator  g 

★ 

6+u+ v+w 

2 + x 

MPI  for  public  key  y 

★ 

8+u+v+w+x 

1 

Encryption  algorithm  (0  for  none,  1 for  IDEA) 

★ 

9+u+v+w+x 

t 

Encryption  IV:  0 or  8 bytes 

★ 

9+t+u+v+w+x 

2 + y 

MPI  for  x (discrete  log  of  public  key) 

: k 

2 

Checksum 

* 1 3+t+u+v+w+x+y 

* 

* Actually,  that's  the  old-style,  if  pg p S 2 Ko l d Ve r s is  true. 

* If  it's  false,  the  a Igoruthm  is  255,  and  is  followed  by  the 

* algorithm,  then  the  ( va r a i b l e - l e n g t h , s e l f -d e l i m i t i n g ) 
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* s t r i n g - t o- k e y descriptor. 

* / 


static  i n t 

dsaUnlock(struct  PgpSecKey  *seckey,  struct 
char  const  *phrase,  si ze_t  plen) 


{ 


PgpEnv  const 


* e n v , 


struct  DSAsecPLus  *sec  = (struct  DSAsecPlus  * ) s e c k e y- > p r i v ; 

struct  BigNum  x ; 

struct  PgpCfbContext  * c f b ; 

unsigned  v ; 

unsigned  alg; 

unsigned  checksum; 

i n t i ; 


bnBegin(Sx); 


ASSERTDSA(seckey->pkALg); 

/*  Check  packet  for  basic  consistency  */ 

i = pgpBnParse(sec->cryptkey,  sec->cklen,  4,  Sv,  NULL,  NULL,  NULL); 

i f ( i <=  0) 

goto  fail; 

/ * OK,  read  the  public  data  * / 

i = pgpBnGetPlain(Ssec->s.p,  sec->cryptkey+v,  sec->cklen-v); 

if  ( i <=  0) 

goto  fail; 

v +=  i; 

i = pg pBnG e t P l a i n ( & s e c-> s . q , sec->cryptkey  + v,  s e c - > c k l e n - v ) ; 

if  ( i < = 0 ) 

goto  fail; 

v +=  i ; 

i = pgpBnGetPlain(Ssec->s.g,  sec->cryptkey+v,  sec->cklen-v); 

if  ( i <=  0) 

goto  fail; 

v +=  i ; 

i = pgpBnGetPlain(&sec->s.y,  sec->cryptkey+v,  sec->cklen-v); 

i f ( i <=  0) 

goto  fail; 

v +=  i; 


/*  Get  the  encryption  algorithm  (cipher  number).  0 ==  no  encryption  */ 
alg  = sec->cryptkeyCvD; 


/*  If  the  phrase  is  empty,  set  it  to  NULL  */ 
if  (plen  ==  0) 

phrase  = NULL; 

/* 

* We  need  a pass  if  it  is  encrypted,  and  we  cannot  have  a 

* password  if  it  is  NOT  encrypted.  I . e . , this  is  a logical 

* xor  (AA) 

* / 

if  ( ! phrase  !=  ! s e c - > c r y p t k e y [ v ] ) 

goto  badpass; 


i 

i f 


p g p C i p h e r S e t u p ( s e c -> c r y p t k e y + v, 

env,  Scfb); 

i < 0 ) 


sec->cklen 


v,  phrase,  plen. 
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goto  done; 

v +=  i ; 
checksum  = 0; 

i = pgpBnGetNew (&x,  s e c -> c r y p t k e y + v,  sec->cklen  - v,  cfb, 
if  (i  <=  0) 

goto  badpass; 

v +=  i ; 

if  (bnCmp(&x,  &sec->s.q)  >=  0) 

goto  badpass;  / * Wrong  passphrase:  x must  be  < q 

/*  Check  that  we  ended  in  the  right  place  */ 
if  (sec->cklen  - v !=  2)  C 

i = PGPERR_KEY_LONG; 
goto  fail; 

> 

checksum  & = Oxffff; 

if  (checksum  !=  pg p C h e c k s umG e t N e w ( s e c -> c r y p t k e y + v , cfb)) 
goto  badpass; 

/* 

* Note  that  the  "nomem"  case  calls  bnEnd() 

* more  than  once,  but  this  is  guaranteed  harmless. 

* / 

if  ( bn C o py ( & s e c-> s . x , Sx)  < 0) 
goto  nomem; 

i = 1;  /*  Decrypted!  */ 

sec->locked  = 0; 
goto  done; 

nomem : 

i = P G P E R R_N  0 M E M ; 
goto  done; 

fail: 

if  ( ! i ) 

i = PG  P E R R_KE  Y_SH0RT; 
goto  done; 

badpass : 

i = 0;  / * Incorrect  passphrase  * / 

goto  done; 

done: 

bnEnd ( &x  ) ; 
return  i; 

> 

/ * 

* Relock  the  key. 

*/ 

static  void 

d s a Lo c k ( s t r u c t PgpSecKey  *seckey) 

{ 

struct  DSAsecPlus  *sec  = (struct  DSAsecPlus  *)seckey->priv; 

ASSERTDSA(seckey->pkAlg); 
sec->  locked  = 1; 

/*  bnEnd  is  documented  as  also  doing  a bnBegin  */ 
bnEnd(&sec->s.x); 

> 


Schecksum); 


*/ 
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/* 

* Return  the  size  of  the  buffer  needed,  worst-case,  for  the  decrypted 

* output. 

* / 

static  s i z e_t 

dsaMa xde c ryp t ed ( s t ru c t PgpSecKey  const  *seckey) 

{ 

(void)seckey; 

return  P G P E R R_P U B KE Y_U N I M P ; 

> 

/* 

* Try  to  decrypt  the  given  esk.  If  the  key  is  locked,  try  the  given 

* passphrase.  It  may  or  may  not  leave  the  key  unlocked  in  such  a case. 

* (Some  hardware  implementations  may  insist  on  a password  per  usage.) 

*/ 

static  i n t 

dsaDecryptlstruct  PgpSecKey  *seckey,  struct  PgpEnv  const  *env, 
int  esktype,  byte  const  *esk,  si ze_t  esklen, 
byte  *key,  si ze_t  *keylen,  char  const  *phrase, 
s i z e_t  p l e n ) 

{ 

(void)seckey; 

(void)env; 

(void)esktype; 

(void)esk; 

(void)esklen; 

(void)key; 

(void)keylen; 

(void)phrase; 

( v o i d ) p l e n ; 

return  PG P E R R_P U B K E Y_U N I M P ; 

> 

static  siz  e_t 

d s a M a x s i g ( s t r u c t PgpSecKey  const  *seckey,  PgpVersion  version) 

{ 

struct  DSAsecPlus  const  * s e c = (struct  DSAsecPlus  *)seckey->priv; 

(void)version; 

ASSERTDSA(seckey->pkAlg)  ; 

return  2*((bnBits(&sec->s.q)+7)/8  + 2 ) ; 

static  int 

dsa S i gn ( s t rue t PgpSecKey  *seckey,  struct  PgpHash  const  *h,  byte  const  *hash, 
byte  *sig,  size_t  *siglen,  struct  Pg p Ra nd om C o n t e x t const  *rc, 
PgpVersion  version) 

{ 

/*  Calculate  a DSA  signature  */ 

struct  DSAsecPlus  *sec  = (struct  DSAsecPlus  *)seckey->priv; 

struct  BigNum  r,  s,  bn,  k; 

unsigned  t; 

unsigned  kbits; 

int  i ; 

/*  We  don't  need  this  argument,  although  other  algorithms  may...  */ 
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(void)version; 

ASSERTDSA(seckey->pkAlg); 

/*  We  *only*  sign  SHA  hashes  */ 
assert ( h->type  ==  PG P_H A S H_S H A ) ; 

if  (sec->locked) 

return  PG P E R R_KE Y_I S LO C KE D ; 

bnBegin(Sr); 
bnBeg i n ( 8s ) ; 
bnBegin(Sbn); 
bnBegin(Sk); 

/* 

* Choose  the  random  k value  to  be  used  for  this  signature. 

* Make  it  a bit  bigger  than  q so  it  is  fairly  uniform  < q. 

* / 

kbits  = bnBits(8sec->s.q)  + 8 ; 
if  ( pgpBnGenRand ( 8k,  rc,  kbits,  0,  1)  < 0 || 

bnModCSk,  8k,  8sec->s.q)  < 0) 
goto  nomem; 

/*  Raise  g to  k power  mod  p then  mod  q to  get  r */ 
if  ( bn E x pMod ( 8 r , 8sec->s.g,  8k,  8sec->s.p)  < 0 || 

bnMod(8r,  8r,  8sec->s.q)  < 0) 
goto  nomem; 

/*  r*x  mod  q into  s */ 
if  (bnMul(8s,  Sr,  8sec->s.x)  < 0 || 
bnMod(8s,  8s,  8sec->s.q)  < 0) 
goto  nomem; 

/*  Pack  message  hash  M into  buffer  bn  */ 

/*  TODO:  complicated  issues  re  packing,  160  bits  is  tight...  */ 
if  ( bn  I n s e r t B i g By t e s ( 8bn , hash,  0,  h->hashsize)  < 0) 
goto  nomem; 

if  (bnMod(8bn,  8bn,  8sec->s.q)  < 0) 
goto  nomem; 

/ * Add  into  s */ 
if  (bnAddCSs,  8bn)  < 0 || 

bnMod(8s,  8s,  8sec->s.q)  < 0) 
goto  nomem; 

/*  Divide  by  k,  mod  q (k  inverse  held  in  bn)  */ 
if  (bnlnv(8bn,  8k,  8sec->s.q)  < 0 || 

bnMul(8s,  8s,  Sbn)  < 0 | | 
bnMod(8s,  8s,  8sec->s.q)  < 0) 
goto  nomem; 

/*  That's  it,  now  to  pack  r and  then  s into  the  buffer  */ 
t = pgpBnPutPlain(8r,  sig); 
t +=  pgpBnPutPlain(8s,  sig+t); 
if  (siglen) 

★siglen  = (size_t)t; 


i = 0; 

goto  done; 
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n o m e m : 

i = P G P E R R_N  0 M E M ; 

/ * fall  through  * / 

done: 

bnEnd(&r); 

bnEnd(Ss); 

bnEnd(Sbn); 

bnEnd(Sk); 


> 


return  i; 


/ * 


•k 

* 

* 

* 

* 

* 

* 


Re-encrypt  a 
A secret  key 


0 

1 

5 

7 


1 

4 

2 

1 


PgpSecKey  with  a new  urn  a PgpSecKey 
is,  after  a non-specific  prefix: 
Version  (=  2 or  3) 

Timestamp 

Validity  (=0  at  present) 

Algorithm  ( = P G P_P K A LG_D S A for  DSA) 


The  following: 


into  a 


secret 


key  . 


★ 

0 

2 + u 

MPI 

for  prime  p 

■k 

2 + u 

2 + v 

MPI 

for  order  q 

•k 

4 + u + v 

2 + w 

MPI 

for  generator  g 

* 

6+u+ v+w 

2 + x 

MPI 

for  public  key  y 

' k 

8+u+v+w+x 

1 

Encryption  algorithm 

(0 

for  none. 

1 for  IDEA) 

k 

9+u+v+w+x 

t 

Encryption  IV:  0 or  8 

bytes 

k 

9+t+u+v+w+x 

2 + y 

MPI 

for  x (discrete  l 

og 

of  public 

key ) 

k 

1 1 +t+u+v+w+x+y 

2 

Checksum 

k 

k 

1 3+t+u+v+w+x+y 

k 

The  Encryption 

a l g o r i 

t h m is 

the  cipher  algorithm  for  the 

old-style 

* string-to-key  conversion.  For  the  new  type,  it's  255,  then  a cipher 

* algorithm,  then  a string-to-key  algorithm  ( v a r i a b l e - l e n g t h ) , 

* then  the  encryption  IV.  That's  16  bytes  plus  the  string-to-key 

* conversion  length. 


★ 

* On  initial  key  generation  we  rely  on  calling  this  with  env=NULL  being 

* OK  if  phrase=NULL. 

*/ 


static  int 

d s a C h a ng e Lo c k ( s t r u c t PgpSecKey  *seckey,  struct  PgpEnv  const  *env, 

struct  PgpRandomContext  const  *rc,  char  const  *phrase,  size_t  plen) 

{ 


struct  DSAsecPlus  *sec  = (struct 
struct  PgpS t r i ngToKey  *s2k  = NULL 
struct  PgpCipher  const  *cipher  = 
struct  Pg p C f b C o n t e x t *cfb  = NULL; 
byte  * p ; 
int  oldf  = 0; 
unsigned  len; 
unsigned  checksum; 


DSAsecPlus  * ) s e c k e y- > p r i v ; 


/ 

/* 

Shut 

up 

NULL; 

/* 

Shut 

up 

/* 

This 

i s 

/* 

Shut 

up 

warnings  * / 
warnings  * / 
realy  needed  * / 

warnings  * / 


ASSERTDSA(seckey->pkAlg); 
if  (sec->locked) 

return  P G P E R R_K E Y_I SLOCKED; 


len  - bnBy t e s ( & s e c -> s . p ) + bnBy t e s ( & s e c -> s . q ) + bn  By t e s ( & s e c -> s . g ) + 
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bnBy t e s ( S s e c -> s . y ) + bnBy t e s ( & s e c -> s . x ) + 13; 
if  (phrase)  C 

s 2 k = pgpS2KdefauLt(env,  rc); 
if  ( ! s 2 k ) 


return  PG P E R R_NOM E M ; 
cipher  = pgpCipherDefaultKey(env); 
assert(cipher)  ; 
if  (Icipher)  { 

pgpS2Kdestroy(s2k); 
return  PG P E R R_NOM E M ; 

> 

Len  +=  cipher->bLocksize; 
cfb  = pgpCfbCreate(cipher); 
if  ( ! cf b)  { 

pgpS2Kdestroy(s2k); 
return  PG P E R R_N OM E M ; 

> 

oldf  = pgpS2KisOldVers(s2k); 
if  ( ! o Idf  ) 

Len  +=  1 + s2k->encodelen; 

} 

p = sec->cryptkey; 
if  (Len  > s e c -> c k a L L o c ) C 

p = (byte  *)pgpMemReaLLoc(p,  Len); 
if  ( ! p ) { 

pgpCfbDestroy(cfb); 
pgpS2Kdestroy(s2k); 
return  P G P E R R_N 0 M E M ; 

> 

sec->cryptkey  = p; 
sec->cka  L Loc  = (size_t) Len; 

} 

sec->ckLen  = Len; 


/*  Okay,  no  more  errors  possibLe! 
P +=  pgpBnPutPLain(Ssec->s.p,  p); 
p +=  pgpBnPutPLain(Ssec->s.q,  p); 
p + = pgpBnPutPLain(&sec->s.g,  p); 
p +=  pgpBnPutPLain(&sec->s.y,  p); 


Start  instaLLing  data  */ 


/ * Unencrypted  * / 


/*  Encryption  parameters  */ 
if  ( ! phrase)  { 

* p + + = 0 ; 

> e L s e { 

if  (oLdf)  { 

*p++  = cipher->type; 

> e L s e { 

*p++  = 255; 

*p++  = c i p h e r-> t y pe ; 

memcpy(p,  s 2 k-> e n c od i ng , s 2 k-> e n c od e L e n ) ; 
p +=  s 2 k-> e n c od e L e n ; 


/ * Create  IV  */ 

pgpRandomGetBytes(rc,  p,  cipher->bLocksize); 

/*  Use  data  buffer  as  temp  hoLding  space  for  key  */ 
assert(sec->ckaL  Loc-ci pher->b  L ocks i ze  >=  c i ph e r-> keys i z e 
pg p S t r i n g T oKey ( s 2 k , phrase,  pLen,  p+ c i p h e r-> b L o c k s i z e , 
cipher->keysize); 

pgpCfbInit(cfb,  p+cipher->bLocksize,  p); 
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pgpS2Kdestroy(s2k) ; 
p +=  cipher->blocksize; 

/*  Wipe  key  * i mmed i a t e l y*  */ 
memsetCp,  0,  cipher->keysize); 

> 

/*  Now  install  x,  encrypted  */ 
checksum  = 0; 

p +=  pgpBnPutNew(8sec->s . x,  p,  cfb,  Schecksum)  ; 
pgpChecksumPutNew(checksum,  p,  cfb); 

P +=  2; 

assert((ptrdiff_t)len  ==  p - sec->cryptkey); 
if  (cfb) 

pgpCfbDestroy(cfb); 
return  0;  / * Success  * / 

> 

static  s i z e_t 

d s a S e c Bu f f e r Le n g t h ( s t r u c t PgpSecKey  const  *seckey) 

{ 

struct  DSAsecPlus  const  *sec  = (struct  DSAsecPlus  *)seckey->priv; 
return  sec->cklen; 

> 

static  void 

dsaSecToBuf fer(struct  PgpSecKey  const  *seckey,  byte  *buf) 

{ 

struct  DSAsecPlus  const  *sec  = (struct  DSAsecPlus  *)seckey->priv; 
memcpy(buf,  sec->cryptkey,  sec->cklen); 

/*  Return  only  algorithm-dependent  portion  */ 

> 


/*  Fill  in  secret  key  structure  */ 
static  void 


d s a F i l l S e c Key ( s t r u c t PgpSecKey 
r 

*seckey,  struct  DSAsecPlus  *sec) 

seckey->pkAlg 

PGP_PKALG_DS A; 

seckey->priv 

= 

sec; 

seckey->destroy 

= 

dsaSecDestroy; 

# i f 0 

seckey->id8 

dsaSec!d8; 

U e n d i f 

seckey->pubkey 

= 

dsaPubkey; 

seckey->i slocked 

= 

dsalslocked; 

seckey->unlock 

= 

dsaUnlock; 

seckey->Lock 

= 

dsaLock; 

seckey->maxdecrypted 

= 

dsaMaxdecrypted; 

seckey->decrypt 

= 

dsaDecrypt ; 

seckey->maxsig 

= 

dsaMaxsig; 

seckey->sign 

= 

dsaSign; 

seckey->changeLock 

= 

dsaChangeLock; 

seckey->bufferLength 

= 

dsaSecBufferLength; 

seckey->toBuf fer 

> 

= 

dsaSecToBuffer; 
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struct  PgpSecKey  * 

d s a S e c F r omBu f ( by t e const  *buf,  si ze_t  size,  int  *error) 
{ 

struct  PgpSecKey  *seckey; 
struct  DSAsecPLus  * s e c ; 
byte  *cryptk; 


> 


bnlnitC); 

cryptk  = (byte  *)pgpMemAlloc(size); 
if  (cryptk)  { 

sec  = (struct  DSAsecPlus  *)pgpMemAlloc(sizeof(*sec)); 
if  (sec)  { 

seckey  = (struct  PgpSecKey  *) 

pgpMemAl loc(sizeof(*seckey) ); 
if  (seckey)  { 

memcpy(cryptk,  buf,  size); 
bnBegin(Ssec->s.p); 
bnBegin(Ssec->s.q); 
bnBegin(&sec->s.g); 
bnBegi n(Ssec->s . y) ; 
bnBegin(&sec->s.x); 
sec->cryptkey  = cryptk; 
sec->cklen  = sec->ckalloc  = size; 
sec->  Locked  = 1; 

/ * We  only  need  this  to  try  unlocking...  * / 
sec key->pkA  l g = PGP_PKALG_DS A; 
seckey->pri v = sec; 

if  ( d s a U n l o c k ( s e c k ey  , NULL,  NULL,  0)  >=  0)  { 
d s a F i l l S e c Key ( s e c k e y , sec); 

★error  = 0; 

return  seckey;  /*  Success!  */ 

> 

/*  Ka-boom.  Delete  and  free  everything.  */ 
memset(cryptk,  0,  size); 
memset(sec,  0,  sizeof (*sec)); 
pgpMemFree(seckey); 

} 

pgpMemFree(sec); 

> 

pgpMemFree(cryptk); 

> 

★error  = PG P E R R_N0M E M ; 
return  NULL; 


#if  0 /*  Disabled  to  avoid  use  of  libm  */ 

/ * 

* Heuristic  algorithm  to  estimate  the  size  of  the  prime  order  for  the 

* generator  for  DSA  signatures. 

* 

* s lowf actor  is  ln(ln(n))**(2/3). 

* Formula  for  work  factor  is  exp(2.08*(ln  n ) * * ( 1 / 3 ) * s l ow f a c t o r ) , where 

* that  2.08  is  sensitive  to  the  algorithm.  This  assumes  some  pretty  good 

* version  of  NFS. 

* Change  to  use  base  2 and  we  get: 
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* 2 * * ( 2 . 6 5 6 * ( L o g 2 n)**(1 /3)*slowfactor) . 

* We  assume  a DH  exponent  of  160  is  about  right  for  n of  about  2**1000. 

* When  we  change  the  DH  exponent  by  n bits  we  get  2**(n/2)  increase  in 

* work  factor,  so  to  find  out  how  much  we  should  change  it,  take  the 

* power  of  2 in  the  formula  above,  double  it,  and  subtract  the  value 

* for  n=1000,  then  add  160. 

* This  leads  to  5.3  * slowfactor  * (log2  n)**(1/3)  all  minus  25  (-185.5+160). 

* 

* A simpler  approximation  holds  slowfactor  constant.  Varies  from  3.5  at 

* bitsize  of  1000  to  4.0  at  4000  bits,  so  I found  that  4.5  made  a good 

* conservative  approximation  for  values  in  this  range.  Then  heuristic 

* formula  becomes  cube  root  of  size  of  prime  in  bits,  times  24,  minus  80. 

* This  can  be  calculated  pretty  well  in  int  arithmetic  if  we  want  to. 

*/ 

static  unsigned 

dsaOrderBits  (unsigned  primebits) 

{ 

unsigned  size; 
double  slowfactor; 
double  logbits; 

logbits  = log((double)primebits); 

slowfactor  = exp((2./3.)*log(-.366  + logbits)); 

size  = 5.3  * slowfactor  * exp(logbits/3.)  - 25; 

return  size  >=  160  ? size  : 160; 

> 

# e n d i f 

/ * 

* Generate  an  DSA  secret  key  with  prime  of  the  specified  number  of  bits. 

* Make  callbacks  to  progress  function  periodically. 

* Secret  key  is  returned  in  the  unlocked  form,  with  no  passphrase  set. 

* / 

struct  PgpSecKey  * 

dsa SecGene ra t e ( uns i gned  bits,  struct  Pg p R a n d om C o n t e x t const  *rc, 
int  progress ( voi d *arg,  int  c),  void  *arg,  int  *error) 

{ 

struct  PgpSecKey  *seckey; 
struct  DSAsecPlus  * s e c ; 
struct  BigNum  h; 
struct  BigNum  e; 
unsigned  qbits; 
int  i ; 

★error  = 0; 

/*  Initialize  local  pointers  (simplify  cleanup  below)  */ 

seckey  = NULL; 

sec  = NULL; 

bnBegin(Sh); 

bnBegin(Se); 

/*  Allocate  data  structures  */ 

seckey  = (struct  PgpSecKey  * ) pg pM em A l l o c ( s i z e o f ( * s e c ke y ) ) ; 
if  (! seckey) 

goto  memerror; 

sec  = (struct  DSAsecPlus  *)pgpMemAlloc(sizeof(*sec)); 
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if  ( ! s e c ) 

goto  memerror; 

bnBegin(Ssec->s.p); 
bnBegin(Ssec->s.q); 
bnBegin(&sec->s.g); 
bnBegin(&sec->s.y)  ; 
bnBegin(&sec->s.x); 


/ * 

* Choose  a random  starting  place  for  q,  in  the  high  end  of  the  range 

* / 

if  (bits  <=  1024) 

qbits  = 160;  / * Follow  the  published  standard  * / 

else 


qbits  = pgpDiscreteLogExponentBits(bits); 
if  ( pgpBnGen Ra nd ( & s e c-> s . q , re,  qbits,  OxFF,  1)  < 0) 
goto  nomem; 

/ * And  search  for  a prime  */ 

i = bnPrimeGen(Ssec->s.q,  NULL,  progress,  arg,  0); 
if  ( i < 0) 


goto  nomem; 
if  (progress) 

progress(arg,  ' '); 


/*  ...and  now  a random  start  for  p */ 
(void)bnSetQ(&sec->s.p,  0); 

if  ( pg pB nG e n R a nd ( & s e c -> s . p , rc,  bits,  OxCO,  1)  < 0) 
goto  nomem; 


/*  Temporarily  double  q */ 
if  ( bn L S h i f t ( & s e c -> s . q , 1)  < 0) 
goto  nomem; 

/*  Set  p = p - (p  mod  q)  + 1,  i.e.  congruent  to  1 mod  2*q  */ 
if  (bnMod(Se,  &sec->s.p,  &sec->s.q)  < 0) 
goto  nomem; 

if  ( bn S u b ( & s e c -> s . p , &e)  < 0 ||  bnAddQ ( Ss e c-> s . p,  1)  < 0) 
goto  nomem; 

/*  And  search  for  a prime,  1+2kq  for  some  k */ 
i = bnPrimeGenStrong(Ssec->s.p,  &sec->s.q,  progress,  arg); 
if  ( i < 0) 

goto  nomem; 
if  (progress) 

progresstarg,  1 '); 

/ * Reduce  q again  */ 
bnRShift(&sec->s.q,  1 ) ; 

/*  Now  hunt  for  a suitable  g - first,  find  ( p — 1 ) / q */ 
if  (bnDivMod(Se,  Sh,  &sec->s.p,  &sec->s.q)  < 0) 
goto  nomem; 

/*  e is  now  the  exponent  (p  — 1 )/q,  and  h is  the  remainder  (one!)  */ 
assert(bnBits(Sh)=  = 1 ); 


if  (progress) 

progress(arg,  ' . ' ) ; 
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/ * Search  for  a suitable  h * / 
if  (bnSetGK&h,  2)  <0  || 

bn T w o E x pM od ( S s e c -> s . g , &e,  &sec->s.p)  < 0) 
goto  nomem; 

while  ( bnB i t s ( & s e c -> s . g ) < 2)  { 
if  (progress) 

progressCarg, 
i f (bnAddGK&h,  1 ) <0  | | 

bn E x pM od ( & s e c -> s . g , &h,  &e,  &sec->s.p)  < 0) 
goto  nomem; 

> 


i f 

(progress) 

progress(arg,  ' '); 

/* 

Choose  a random  0 < x < q 

o f 

reasonable 

size  as 

secret 

i f 

(pgpBnGenRand(&sec->s . x. 

re. 

qbits  + 8, 

0,  0)  < 

0 1 1 

bn  Mod ( & s e c -> s . x , &sec->s 

• x. 

&sec->s.q) 

< 0) 

goto  nomem; 

/ * 

prob.  failure  < 2A-140  is 

awful  unlikely 

...  * / 

assert(bnBits(Ssec->s.x)  > 20); 

/*  And  calculate  g**x  as  public  key  */ 

if  ( bn E x pMod ( & s e c -> s . y , &sec->s.g,  &sec->s.x,  &sec->s.p)  < 0) 
goto  nomem; 

/*  And  that's  it...  success!  */ 

/*  Fill  in  structs  */ 
sec->c rypt key  = NULL; 
sec->ckalloc  = sec->cklen  = 0; 
sec->locked  = 0; 
dsaFillSecKey(seckey,  sec); 

/*  Fill  in  cryptkey  structure,  unencrypted  */ 
dsaChangeLock  (seckey,  NULL,  re,  NULL,  0 ) ; 

goto  done; 


nomem : 

bnEnd(Ssec->s.p); 
bnEnd(&sec->s.q); 
bnEnd(Ssec->s.g); 
bnEnd(&sec->s.y); 
bnEnd(Ssec->s  . x ) ; 

/ * Fall  through  */ 
memerror  : 

pgpMemFree(seckey); 
pgpMemFree(sec)  ; 
seckey  = NULL; 

*error  = P G P E R R_N 0 M E M ; 
/*  Fall  through  * / 

done: 

bnEnd ( Sh  ) ; 
bnEnd (Se ) ; 
return  seckey; 

> 
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dsakey.h 


/ * 

* S Id : dsakey.h, v 1.4  1996/11/12  02:18:26  mhw  Exp  $ 

* / 


tfifndef  P G P_D  SAKE  Y_H 
^define  PGP  DSAKEY  H 


#include  "pgp/usuals 
^include  <stddef.h> 


h" 


/ * For  byte  * / 

/*  For  size  t * / 


struct  PgpPubKey; 
struct  PgpSecKey; 
struct  PgpRandomContext; 


struct  PgpPubKey  *dsaPubFromBuf(byte  const  *buf,  si ze_t  Len,  int 
struct  PgpSecKey  *dsaSecFromBuf (byte  const  *buf,  si ze_t  Len,  int 
int  dsaPubKeyPrefixSizeCbyte  const  *buf,  size_t  size); 

struct  PgpSecKey  * 

dsaSecGenerateCunsigned  bits,  struct  PgpRandomContext  const  *rc, 
int  progressCvoid  *arg,  int  c),  void  *arg,  int  *error); 

#end i f /*  PGP  DSAKEY  H */ 


*error); 

★error); 
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elgkey.c 

/* 

* elgkey.c 

* El  Gamal  encryption 

* 

* $ I d : elgkey.c, v 1.1  3 1 996/1  1 /1  2 02:1  8:26  mhw  Exp  $ 

* / 


/*  Experiment  with  El  Gamal  signatures  */ 
//undef  ELGSIGS 


//ifdef  HAVE  CONFIG  H 


tt  i n c l ud  e 
# e nd i f 

" c o n f i g . h " 

# i n c l ud e 

<assert  . h> 

# i n c l ud  e 

"elgkey.h" 

//include 

" keymi s c . h " 

//include 

"pgp/bn.h" 

//include 

"pgp/prime.h" 

//include 

"pgp/cfb.  h" 

//include 

"pgp/cipher.h" 

//include 

"pgp/germain.h" 

//include 

"pgp/hash  . h" 

# i n c l ud  e 

"pgp/pgpmem.h" 

# i n c l ud e 

"pgp/pgperr  . h" 

//include 

"pgp/prime  . h" 

# i n c l ud  e 

"pgp/pubkey.h" 

# i n c l ude 

"pgp/ random,  h" 

# include 

"pgp/ str2key.  h" 

//include 

"pgp/usuals.h" 

# i f n d e f 

NULL 

# d e f i n e 
//endi  f 

NULL  0 

//define  A S S E R T E L G ( a l g ) 


assert ((ALGMASK(alg) ) == PG P_P K A L G_E L G A M A L ) 


struct  ELGpub  C 

struct  BigNum  p; 
struct  BigNum  g; 
struct  BigNum  y; 

>; 

struct  ELGsec  { 

struct  BigNum  p; 
struct  BigNum  g; 
struct  BigNum  y ; 
struct  BigNum  x; 

>; 

/*  A PgpSecKey's  priv  points  to  this, 

struct  ELGsecPlus  { 

struct  ELGsec  s; 
byte  *cryptkey; 
si ze_t  ckalloc,  cklen; 
int  locked; 

>; 


/ * Public  prime  * / 

/*  Public  generator  */ 

/*  Public  key,  g**x  mod  p */ 


/*  Copy  of  public  parameters  */ 

/*  Secret  key,  discrete  log  of  y */ 
an  ELGsec  plus  the  encrypted  form...  */ 
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/**  Public  key  functions  **/ 


static  void 

e l g Pu b D e s t r oy ( s t r u c t PgpPubKey  *pubkey) 

struct  ELGpub  * p u b = (struct  ELGpub  *)pubkey->priv; 

ASSERTELG(pubkey->pkAlg); 

bnEnd(Spub->p); 

bnEnd ( &pub->g  ) ; 

bnEnd ( &pub->y  ) ; 

memset(pub,  0,  sizeof(pub)); 

pgpMemFree(pub); 

mem s e t ( pu b k e y , 0,  s i zeof ( pubkey  ) ) ; 
pgpMemFree(pubkey); 

> 


# i f 0 

static  void 

e l g Pu b I d8 ( s t r u c t PgpPubKey  const  *pubkey,  byte  *buf) 

{ 

assert(O); 

struct  ELGpub  const  * p u b = (struct  ELGpub  *)pubkey->priv; 

byte  *keybuf; 

size_t  keybuf  len; 

struct  PgpHash  const  * h ; 

struct  PgpHashContext  * h c ; 

assert  ( pubkey->pkA  l g ==  PG P_PKA LG_E LG ) ; 

/*  Unfortunately  we  have  no  way  of  indicating  failure  */ 

h = pg p H a s h By N umb e r ( P G P_H A S H_S H A ) ; 

assert(h); 

he  = pgpHashCreate(h); 
assert(hc); 


keybuflen  = elgPubBufferLength(pubkey); 
keybuf  = pgpMemAlloc(keybuflen); 
assert(keybuf); 

elgPubToBuffer(pubkey,  keybuf); 

pgpHashUpdate(hc,  keybuf,  keybuflen); 
memepy  (buf,  pgpHashFinal(hc),  8); 
pgpHashDestroy(hc); 

> 

# e n d i f 


/ * 

* Return  the  largest  possible  PgpESK  size  for  a given  key. 

* Must  hold  two  numbers  up  to  p in  size. 

*/ 

static  s i z e_t 

e l g Ma x e s k ( s t r u c t PgpPubKey  const  *pubkey,  PgpVersion  version) 

{ 

struct  ELGpub  const  *pub  = (struct  ELGpub  *)pubkey->priv; 
(void)version; 
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ASSERTELG(pubkey->pkAlg) ; 

return  2*(2  + (bnBits(&pub->p)+7)/8); 


# i f 0 
/ * 

* Heuristic  algorithm  to  estimate  the  size  of  the  random  exponent  chosen 

* for  El  Gamal  encryption. 

* s lowf actor  is  l n ( l n ( n ) ) * * ( 2 / 3 ) . 

* Formula  for  work  factor  is  exp(2.08*(ln  n ) * * ( 1 / 3 ) * s l o w f a c t o r ) , where 

* that  2.08  is  sensitive  to  the  algorithm.  This  assumes  some  pretty  good 

* version  of  NFS. 

* Change  to  use  base  2 and  we  get: 

* 2** ( 2 . 656* ( l og2  n ) * * ( 1 / 3 ) * s l o w f a c t o r ) . 

* We  assume  a DH  exponent  of  160  is  about  right  for  n of  about  2**1000. 

* When  we  change  the  DH  exponent  by  n bits  we  get  2**(n/2)  increase  in 

* work  factor,  so  to  find  out  how  much  we  should  change  it,  take  the 

* power  of  2 in  the  formula  above,  double  it,  and  subtract  the  value 

* for  n=1000,  then  add  160.  This  leads  to  5.3  * slowfactor  * (log2 

* n ) * * ( 1 / 3 ) all  minus  25  (-1  85.5  + 1 60  ). 

* 

* A simpler  approximation  holds  slowfactor  constant.  Varies  from  3.5  at 

* bitsize  of  1000  to  4.0  at  4000  bits,  so  I found  that  4.5  made  a good 

* conservative  approximation  for  values  in  this  range.  Then  heuristic 

* formula  becomes  cube  root  of  size  of  prime  in  bits,  times  24,  minus  80. 

* This  can  be  calculated  pretty  well  in  int  arithmetic  if  we  want  to. 

*/ 

static  unsigned 

elgExpBits  (unsigned  primebits) 

{ 

unsigned  size; 
double  slowfactor  ; 
double  logbits; 

logbits  = log((double)primebits); 

slowfactor  = exp((2./3.)*log(-.366  + logbits)); 

size  = 5.3  * slowfactor  * exp(logbits/3.)  - 25; 

return  size  >=  160  ? size  : 160; 

> 

Send  i f 
/* 

* Given  a buffer  of  at  least  "maxesk"  bytes,  make  an  PgpESK 

* into  it  and  return  the  size  of  the  PgpESK,  or  <0. 

* 

* ElGamal  encryption  is  a simple  variant  on  non-interactove 

* D i f f i e-H e l l ma n . The  recipient  publishes  g,  p,  and  y = g**x  mod  p. 

* the  sender  picks  a random  xx,  computes  yy  = g**xx  mod  p,  and 

* the  shared  secret  z = y**xx  mod  p = yy**x  mod  p = g**(x*xx)  mod  p,  then 

* then  sends  z+m,  where  m is  the  message.  (Padded  in  the  usual 

* PKCS  manner.)  Other  legal  combinations  are  z*m  and  z X0R  m. 

* / 

static  int 

e l g E n c r y p t ( s t r u c t PgpPubKey  const  *pubkey,  byte  const  *key, 
size_t  keylen,  byte  *esk,  si ze_t  *esklen, 
struct  Pg p R a nd om C on t e x t const  *rc,  PgpVersion  version) 
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struct  ELGpub  const  * p u b = (struct  ELGpub  *)pubkey->priv; 
struct  BigNum  xx;  / * Random  exponent  * / 

struct  BigNum  yy;  /*g**xxmodp*/ 

struct  BigNum  z;  /*  y**xx  mod  p */ 

unsigned  t ; 

unsigned  xxbits,  pbytes; 
i n t i ; 

/*  We  don't  need  this  argument,  although  other  algorithms  may...  */ 
(void)version; 

bnBeginC&xx); 
bnBeg i n ( Syy  ) ; 
bnBegin(Sz); 

ASSERTELG(pubkey->pkAlg); 
t = bnBits(Spub->p); 
if  (t  > Oxf f f f ) 

return  PGPERR_PUBKE  Y_T  0 0 B I G ; 
pbytes  = (t  + 7)  / 8 ; 
if  (keylen  > pbytes) 

return  PG P E R R_PUBKE Y_T00 S M A L L ; /*  data  too  big  for  pubkey  */ 

/*  Add  checksum  to  key,  place  temporarily  in  esk  buffer  */ 
t = 0; 

eskLOD  = keyCOD; 

for  (i  = 1;  i < (int)keylen;  i++) 
t + = eskCi]  = keyCill; 
eskCkeylen]  = (byte)(t  >>  8 & 255); 
es kd key  l en  + 1 D = (byte)(t  & 2 5 5 ); 

/*  Choose  the  random  xx  value  to  be  used  for  this  encryption  */ 
xxbits  = pgpDiscreteLogExponentBits(bnBits(&pub->p))*3/2; 
if  (pgpBnGenRand(Sxx,  re,  xxbits,  0,  0)  < 0) 
goto  nomem; 

/*  Do  the  two  exponentiations  necessary  to  compute  yy  and  z */ 
if  ( bnExpMod ( &yy , &pub->g,  &xx,  &pub->p)  < 0 || 

bnExpMod(&z,  &pub->y,  &xx,  &pub->p)  < 0) 
goto  nomem; 

/*  Re-use  xx  to  hold  the  PKCS-padded  conventional  key  */ 
if  (pgpPKCSPack(Sxx,  esk,  keylen+2,  PKC S_P A D_E N C R Y PT E D , pbytes,  rc)<0) 
goto  nomem; 

assert  (bnCmpl&xx,  8pub->p)  < 0); 

/*  Compute  xx+z  mod  p,  the  encrypted  session  key  we  will  transmit  */ 
if  (bnAdd(&z,  &xx)  < 0 || 

bnMod(&z,  &z,  8pub->p)  < 0) 
goto  nomem; 

/*  Pack  the  two  values  into  the  esk,  first  yy  and  then  k+z  */ 
t = pgpBnPutPlain(&yy,  esk); 
t +=  pgpBnPut P l a i n ( &z  , esk  + t); 
if  (esklen) 

*esklen  = (size_t)t; 


i = 0; 
goto  done; 
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nomem : 

i = P G P E R R_N  OMEM; 

done  : 

bnEnd(&z); 
bnEnd(Syy)  ; 
bnEnd(Sxx); 
return  i ; 

> 

#ifdef  ELGSIGS 
/ * 

* Helper  routine  to  pack  a hash  into  a buffer  with  DER  prefix 

* Return  size  of  packed  data 
*/ 

static  unsigned 

elgPack  (byte  *buf,  unsigned  buflen,  struct  PgpHash  const  *h,  byte  const  *hash) 
{ 

unsigned  t = h->DERprefixsize  + h->hashsize; 
assert  (t  < = buflen); 

memcpyCbuf,  h->DERprefix,  h->DERprefixsize); 
memcpy(buf+h->DERprefixsize,  hash,  h->hashsize); 
return  t; 

> 

# end  i f 
/ * 

* Return  1 if  (sig,siglen)  is  a valid  MPI  which  signs 

* (hash,  hashlen). 

* Not  implementing  ElGamal  signatures,  using  DSS. 

* / 

static  i n t 

e l g V e r i f y ( s t r u c t PgpPubKey  const  *pubkey,  int  sigtype,  byte  const  *sig, 
size_t  siglen,  struct  PgpHash  const  *h,  byte  const  *hash) 

{ 

# i f n d e f ELGSIGS 

(void)pubkey; 

(void)sigtype; 

(void)sig; 

(void)siglen; 

( v o i d ) h ; 

(void)hash; 

return  P G P E R R_P U B K E Y_U N I M P ; 

//else 

/*  Check  an  El  Gamal  signature  */ 

struct  ELGpub  const  *pub  = (struct  ELGpub  *)pubkey->priv; 
struct  BigNum  a,b,yaab; 

byte  bufC64];  /*  largest  hash  size  + DER  prefix  */ 
int  i ; 
s i z e_t  off; 
unsigned  t ; 

(void)sigtype; 

bnBegin(&a); 
bnBegin(Sb); 
bnBegin(Syaab)  ; 

ASSERTELG(pubkey->pkAlg)  ; 
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/*  sig  holds  two  values.  Get  first,  a,  from  sig.  */ 
off  = 0 ; 

i = pgpBnGetPlain(8a,  sig+off,  siglen-off); 
if  ( i <=  0) 

goto  fail; 

/*  Get  2nd  value,  b,  from  SIG  */ 
off  +=  i ; 

i = pg pBnG e t P l a i n ( & b , sig  + off,  siglen-off); 
if  ( i <=  0 ) 

goto  fail; 
off  + = i ; 

if  (off  !=  siglen)  C 

i = P G P E R R_S I G_T  OOLONG; 
goto  done; 

> 

/*  Compute  y**a  * a**b,  put  in  a */ 
if  ( bnExpMod ( Syaab,  &pub->y,  &a,  8pub->p)  < 0 || 

bnExpMod(Sa,  Sa,  &b,  &pub->p)  < 0 | | 

bnMul(8yaab,  &a,  Syaab)  < 0 | | 

bnMod(8yaab,  Syaab,  Spub->p)  < 0) 

goto  nomem; 

/*  Reconstruct  PKCS  packed  hash  as  b */ 
t = elgPack(buf,  sizeof(buf),  h,  hash); 

i = pgpPKCSPackCSb,  buf,  t,  PKC S_P A D_S I G N E D , ( b n B i t s ( S p u b-> p ) + 7 ) / 8 , 

(struct  PgpRandomContext  const  *)NULL); 
memset(buf,  0,  t ) ; 
if  ( i < 0 ) 

goto  nomem; 

/*  Calculate  g**M,  leave  in  a */ 
if  ( bnExpMod ( Sa , Spub->g,  Sb,  8pub->p)  < 0) 
goto  nomem; 

/*  Compare  y**a  * a**b  with  g**M,  should  be  equal  */ 
i = bnCmp(Sa,  Syaab)  ==  0; 
goto  done; 

nomem: 

i = P G P E R R_N  0 M E M ; 
goto  done; 

fail: 

if  ( ! i ) 

i = PGPERR_SIG_T00SH0RT ; 
goto  done; 

done : 

bnEnd(Syaab); 
bnEnd(Sb) ; 
bnEnd(Sa) ; 

return  i ; 

# e nd i f 

> 

/ * 

* Turn  a PgpPubKey  into  the  algorithm-specific  parts  of  a public  key. 

* A public  key's  ELG-specific  part  is: 

* 

* 0 2+i  MPI  for  prime 
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* 2+i  2+t  MPI  for  generator 

* 4+i+t  2+u  MPI  for  public  key 

* 6+i +t+u 

* / 

static  s i z e_t 

e l g PubBu f f e r Le ng t h ( s t r u c t PgpPubKey  const  *pubkey) 

{ 

struct  ELGpub  const  * p u b = (struct  ELGpub  *)pubkey->priv; 


> 


return  6 + ( bnB i t s ( &pub->p ) +7 ) /8  + ( b n B i t s ( S p u b- > g ) +7 ) / 8 + 
(bnBits(&pub->y)+7)/8; 


static  void 

elgPubToBufferlstruct  PgpPubKey  const  *pubkey,  byte  *buf) 

{ 

struct  ELGpub  const  * p u b = (struct  ELGpub  *)pubkey->priv; 
unsigned  off; 

off  = 0 ; 

off  +=  pgpBnPutPlain(&pub->p,  buf+off); 
off  +=  pgpBnPutPlain(&pub->g,  buf+off); 
off  +=  pgpBnPutPlain(8pub->y,  buf  + off)  ; 


/*  A little  helper  function  that's  used  twice  */ 
static  void 

e l g F i l l P u b k e y ( s t r u c t PgpPubKey  *pubkey,  struct  ELGpub  *pub) 
{ 


U i f 0 
# e n d i f 


> 


pubkey->next 
pubkey->pkA l g 
pubkey->priv 
pubkey->destroy 


N U L L ; 

PGP_PKALG_ELGAMAL; 

pub; 

elgPubDestroy; 


pubkey->id8 


elgPubId8; 


pubkey->maxesk  = elgMaxesk; 
pubkey->enc rypt  = elgEncrypt; 
pu b key-> v e r i f y = elgVerify; 
pubkey->bufferLength  = elgPubBufferLength; 
pub key-> t oBu f f e r = e l g PubToBu f f e r ; 


/ * 

* Turn  the  a l g o r i t h m- s p e c i f i c parts  of  a public  key  into  a PgpPubKey 

* structure.  A public  key's  ELG-specific  part  is: 


* 0 

2 + i 

MPI 

for 

prime 

* 2 + i 

2 + t 

MPI 

for 

generator 

* 4+i+t 

* 6+i+t+u 

* / 

2 + u 

MPI 

for 

public  key 

struct  PgpPubKey 

* 

e l gPub F romBuf ( by t e const  *buf,  size_t  size,  int  *error) 
{ 

struct  PgpPubKey  *pubkey; 
struct  ELGpub  *pub; 
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> 


unsigned  i , t,  u; 

i n t v ; 

bnlnitC); 

v = pgpBnParse(buf,  size,  3 , & i , & t , & u ) ; 

if  ( v < 0 ) { 

★error  = v ; 
return  NULL; 

> 

if  ((bufCt-1]  & 1)  ==  0)  { /*  Too  small  or  even  prime  p ★ / 

★ error  = P G P E R R_K  E Y_M  PI; 
return  NULL; 

> 


pub  = (struct  ELGpub  *)pgpMemAlloc(sizeof(*pub)); 
if  (pub)  { 


pubkey  = (struct  PgpPubKey  *)pgpMemAlloc(sizeof(*pubkey)); 
if  (pubkey)  { 

bnBegi n(Spub->p)  ; 
bnBegi n(&pub->g)  ; 
bnBegin(&pub->y); 

if  (bnInsertBigBytes(Spub->p,  buf+i+2,  0,  t-i-2)  >= 
&&  bn  I n s e r t B i g By t e s ( Spu b->g , buf  + t + 2,  0, 

u-t-2 ) >=  0 

&&  bn  I n s e r t B i g By t e s ( &pu b-> y , buf  + u + 2,  0, 


elgFi l lPubkey(pubkey,  pub); 


★error  = 0; 
return  pubkey; 

> 

/*  Failed  = clean  up  and  return  NULL  */ 

bnEnd(&pub->p); 

bnEnd ( &pub->g  ) ; 

bnEnd(&pub->y)  ; 

pgpMemFree(pubkey); 


> 


pgpMemFree(pub); 


★error  = P G P E R R_N 0 M E M ; 
return  NULL; 


0 


/ * 

* Return  the  size  of  the  public  portion  of  a key  buffer. 
*/ 
i n t 

e l g P ub Ke y P r e f i x S i z e ( by t e const  *buf,  si ze_t  size) 

{ 

return  pgpBnParse(buf,  size,  3,  NULL,  NULL,  NULL); 

> 


/★*  Secret  key  functions  ★*/ 
static  void 

elgSecDestroy(struct  PgpSecKey  *seckey) 
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struct  ELGsecPlus  *sec  = (struct  ELGsecPLus  *)seckey->priv; 

ASSERTELG(seckey->pkAlg); 
bnEnd(8sec->s.p); 
bnEnd(8sec->s.g); 
bnEnd(8sec->s .y) ; 
bnEnd(Ssec->s.x); 

memset(sec->cryptkey/  0,  sec->cka  L Loc ) ; 
pgpMemFree(sec->cryptkey) ; 
memsetCsec,  0,  si zeof (sec) ) ; 
pgpMemFree(sec); 

memsetCseckey,  0,  sizeof(seckey)); 
pgpMemFree(seckey); 


ft  i f 0 

static  void 

e L g S e c I d 8 ( s t r u c t PgpSecKey  const  *seckey,  byte  *buf) 

{ 

struct  ELGsecPlus  const  * s e c = (struct  ELGsecPlus  *)seckey->priv; 
ASSERT  ( s e c k e y-> p k A l g ) ; 

bnExt ra c tBi gBy t es ( 8sec->s  . p,  but,  0,  8); 

> 

ft  e nd  i f 
/ * 

* Generate  a PgpPubKey  from  a PgpSecKey 

* / 

static  struct  PgpPubKey  * 

e l g Pu b key ( s t r u c t PgpSecKey  const  *seckey) 

{ 

struct  ELGsecPlus  const  *sec  = (struct  ELGsecPlus  * ) sec key->pri v; 
struct  PgpPubKey  *pubkey; 
struct  ELGpub  * p u b ; 

ASSERTELG(seckey->pkAlg); 

pub  = (struct  ELGpub  * ) pg pM e m A l l o c ( s i z e o f ( * p u b ) ) ; 
if  ( pub ) { 

pubkey  = (struct  PgpPubKey  *)pgpMemAlloc(sizeof(*pubkey)); 
if  (pubkey)  { 

bnBegin(&pub->p); 

bnBegin(&pub->g); 

bnBegin(&pub->y); 

if  (bnCopy(&pub->p,  &sec->s.p)  >=  0 

&&  bnCopy(&pub->g,  8sec->s.g)  >=  0 
88  bnCopy (8pub->y,  8sec->s.y)  >=  0) 


> 


e l g F i l l Pub ke y ( pub  key  , pub); 
pubkey->pkAlg  = seckey->pkAlg; 
memcpy(pubkey->keyID,  seckey->keyID, 
sizeof(pubkey->keyID)); 
return  pubkey; 


/*  Failed  = clean  up  and  return  NULL  */ 

bnEnd(8pub->p); 

bnEnd(8pub->g)  ; 

bnEnd(8pub->y); 
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pgpMemFree(pubkey); 

> 

pgpMemFree(pub); 

> 

return  NULL; 


/* 

* Yes,  there  *i  s*  a reason  that  this  is  a function  and  no  a variable. 

* On  a hardware  device  with  an  automatic  timeout, 

* it  actually  might  need  to  do  some  work  to  find  out. 

*/ 

static  i n t 

e l g I s l o c k e d ( s t r u c t PgpSecKey  const  *seckey) 

{ 

struct  ELGsecPlus  const  * s e c = (struct  ELGsecPlus  *)seckey->priv; 

ASSERTELG(seckey->pkAlg); 
return  sec->locked; 

> 


/ * 


* Try  to  decrypt  the  secret  key  wih  the  given  passphrase.  Returns  >0 

* if  it  was  the  correct  passphrase.  =0  if  it  was  not,  and  <0  on  error. 

* Does  not  alter  the  key  even  if  it's  the  wrong  passphrase  and  already 

* unlocked.  A NULL  passphrae  will  work  if  the  key  is  unencrypted. 


* 

* A (secret)  key's  ELG-specific  part  is: 

* 


★ 

0 

2 + u 

M P I for 

prime 

★ 

2 + u 

2 + v 

MPI  for 

generator 

* 

4 + u + v 

2 + w 

MPI  for 

public  key 

★ 

6+u+v+w 

1 

Encryption  algorithm  (0  for  none,  1 for 

★ 

7+u+ v+w 

t 

Encryption  IV:  0 or  8 bytes 

★ 

7+t+u+v+w 

2 + x 

MPI  for 

x (discrete  log  of  public  key) 

★ 

9+t+u+v+w+x 

2 

Checksum 

★ 

1 1+t  + u + v + w + x 

★ 

★ 

Actually,  that' 

s the 

old-style 

, if  pg p S 2 Ko l d Ve r s is  true. 

★ 

If  it's  false. 

the  algorithm  i 

s 255,  and  is  followed  by  the 

★ 

algorithm,  then 

the  (varaible- 

length,  s e l f -d e l i m i t i n g ) 

* s t r i n g - t o- k e y descriptor. 


IDEA) 


* / 


static  i n t 

e l g U n l o c k ( s t r u c t PgpSecKey  *seckey,  struct  PgpEnv  const 
char  const  *phrase,  size_t  plen) 


* e n v , 


struct  ELGsecPlus  *sec  = (struct  ELGsecPlus  *)seckey->priv; 

struct  BigNum  x; 

struct  Pg p C f b C o n t e x t *cfb; 

unsigned  v ; 

unsigned  a l g ; 

unsigned  checksum; 

i n t i ; 


ASSERTELG(seckey->pkAlg); 

bnlnit(); 
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/*  Check  packet  for  basic  consistency  */ 

i = pgpBnParse(sec~>cryptkey,  sec->cklen,  3 , & v , NULL,  NULL,  NULL); 

if  ( i < 0) 

return  i ; 

/*  OK,  read  the  public  data  */ 

i = pgpBnGetPlain(&sec->s.p,  sec->cryptkey+v,  sec->cklen-v); 

if  (i  <=  0) 

goto  fail; 

v +=  i ; 

i = pgpBnGetPlain(8sec->s.g,  sec->cryptkey+v,  sec->cklen-v) ; 

if  ( i <=  0) 

goto  fail; 

v +=  i; 

i = pgpBnGetPlain(&sec->s.y,  sec->cryptkey+v,  sec->cklen-v) ; 

if  ( i <=  0) 

goto  fail; 

v +=  i; 


/*  Get  the  encryption  algorithm  (cipher  number).  0 ==  no  encryption  */ 
alg  = sec->cryptkeyCv]; 

/*  If  the  phrase  is  empty,  set  it  to  NULL  */ 
if  (plen  ==  0) 

phrase  = NULL; 

/* 

* We  need  a pass  if  it  is  encrypted,  and  we  cannot  have  a 

* password  if  it  is  NOT  encrypted.  I . e . , this  is  a logical 

* xor  (AA) 

* / 

if  (!  phrase  !=  ! a l g ) 

return  0; 


i = pgpCi pherSetup(sec->cryptkey  + v,  sec->cklen  - v,  phrase,  plen 

env,  & c f b ) ; 

if  ( i < 0) 

goto  done; 

v +=  i ; 


checksum  = 0; 

bnBegin(Sx); 

i = pgpBnGetNew(Sx,  s e c - > c r y p t k e y + v,  sec->cklen  - v,  cfb,  Schecksum); 

if  ( i < = 0 ) 

goto  badpass; 

v +=  i; 

if  (bnCmpC&x,  &sec->s.p)  >=  0) 

goto  badpass;  /*  Wrong  passphrase:  x must  be  < p * / 

/*  Check  that  we  ended  in  the  right  place  */ 

if  (sec->cklen  - v !=  2)  { 

i = P G P E R R_KE  Y_L0  N G ; 
goto  done; 

} 

checksum  &=  Oxffff; 

if  (checksum  !=  pg p C h e c k s umG e t N e w ( s e c-> c r y p t k e y + v,  cfb)) 
goto  badpass; 

/ * 

* Note  that  the  "nomem"  case  calls  bnEndO 
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* more  than  once,  but  this  is  guaranteed  harmless. 

* / 

if  ( bn C o py ( & s e c-> s . x , Sx)  < 0) 
goto  nomem; 
bnEnd(&x); 

i = 1;  / * Decrypted!  * / 

sec->  locked  = 0 ; 

return  1;  / * Decrypted  * / 

nomem : 

i = P G P E R R_N  0 M E M ; 
goto  done; 

fail: 

if  ( ! i ) 

i = P G P E R R__K  E Y_S  H 0 R T ; 
goto  done; 

ba  d pa  s s : 

i = 0;  / * Incorrect  passphrase  * / 

goto  done; 

done  : 

bnEnd(&x); 
return  i ; 

> 

/ * 

* Relock  the  key. 

*/ 

static  void 

e l g Lo c k ( s t r u c t PgpSecKey  *seckey) 

struct  ELGsecPlus  *sec  = (struct  ELGsecPlus  *)seckey->priv; 

ASSERTELG(seckey->pkAlg); 
sec->locked  = 1; 

/*  bnEnd  is  documented  as  also  doing  a bnBegin  */ 
bnEnd(Ssec->s.x); 

> 

/ * 

* Return  the  size  of  the  buffer  needed,  worst-case,  for  the  decrypted 

* output.  A trivially  padded  key  (random  padding  length  = 0) 

* can  just  be  0 2 0 <key>. 

* / 

static  s i z e_t 

e l gMaxdec rypt ed ( s t rue t PgpSecKey  const  *seckey) 

{ 

struct  ELGsecPlus  const  *sec  = (struct  ELGsecPlus  *) seckey->pri v; 
s i z e_t  size; 

ASSERTELG(seckey->pkAlg); 
size  = (bnBits(&sec->s.p)+7)/8; 

return  size  < 3 ? 0 : size-3; 

> 

/ * 

* Try  to  decrypt  the  given  esk.  If  the  key  is  locked,  try  the  given 

* passphrase.  It  may  or  may  not  leave  the  key  unlocked  in  such  a case. 

* (Some  hardware  implementations  may  insist  on  a password  per  usage.) 
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*/ 

static  i n t 

elgDecryptCstruct  PgpSecKey  *seckey,  struct  PgpEnv  const  *env, 
int  esktype,  byte  const  *esk,  si ze_t  esklen, 
byte  *key,  si ze_t  *keylen,  char  const  *phrase, 
s i z e_t  p L e n ) 

{ 

struct  ELGsecPLus  *sec  = (struct  ELGsecPLus  *)seckey->priv; 
struct  BigNum  k,  y y ; 
int  i , j ; 

unsigned  t,  pbytes; 
s i z e_t  Len; 
s i z e_t  off; 

(void)esktype; 

ASSERTELG(seckey->pkAlg); 
if  (sec-> locked)  { 

i = elgUnlock(seckey,  env,  phrase,  plen); 
if  ( i <=  0) 

return  i ? i : PG P E R R_K E Y_I S L0 C K E D ; 
assertC ! sec->locked); 

} 

bnBegin(Sk); 
bnBegin(Syy)  ; 

/*  ESK  holds  two  values.  Get  first,  yy,  from  ESK.  */ 
off  = 0 ; 

i = pgpBnGetPlainC&yy,  esk+off,  esklen-off); 
if  ( i <=  0) 

goto  fail; 

/*  Get  2nd  value,  k,  from  ESK  */ 
off  +=  i ; 

i = pgpBnGetPlain(&k,  esk+off,  esklen-off); 
if  ( i <=  0) 

goto  fail; 
off  + = i ; 

if  (off  !=  esklen)  f 

i = P G P E R R_E  S K_T  OOLONG; 
goto  done; 

> 

/*  Calculate  yy**x  mod  p,  which  is  what  is  added  to  k */ 
if  (bnExpMod(Syy,  &yy,  &sec->s.x,  &sec->s.p)  < 0) 
goto  nomem ; 

/*  Subtract  from  k to  reveal  PKCS  padded  session  key  */ 
if  (bnCmp(Sk,  &yy)  < 0)  { 

if  (bnAdd(Sk,  &sec->s.p)  < 0) 
goto  nomem; 

> 

(void)bnSub(Sk,  &yy); 
bnEnd(Syy); 

/*  k is  now  suitable  for  unpacking  */ 
pbytes  = (bnBits(&sec->s.p)  + 7)  / 8; 
len  = elgMaxdecrypted(seckey); 

i = pgpPKCSUnpack  (key,  len,  &k,  P KC  S_P  A D_E  NCRYPTED,  pbytes); 
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bnEnd(&k)  ; 
if  ( i < 0) 

return  i ; 

/*  Check  checksum  (should  this  be  here?)  */ 
t = 0; 

for  (j  = 1;  j < i-2;  j++) 

t +=  keyCj]; 

if  (t  !=  ( ( uns i gned  ) keyC i -23<<8 ) + keyCi-13) 
return  PG P E R R_PK_C 0 R R U P T ; 
memset(key+i-2,  0,  2 ) ; 

/ * The  actual  key  * / 
if  ( key  l en ) 

*keylen  = (size_t)i-2; 
return  0; 


fail: 

if  ( ! i ) 

i = P G P E R R_E  S K_T  00SH0RT; 
goto  done; 

nomem : 

i = P G P E R R_N  0 M E M ; 
goto  done; 

done: 

bnEnd(Syy); 
bnEnd(Sk); 
return  0; 


static  s i z e_t 

e l g Ma x s i g ( s t r u c t PgpSecKey  const  *seckey,  PgpVersion  version) 

# i f nd  e f ELGSIGS 

(void)seckey; 

(void)version; 

return  P G P E R R_P  U B K E Y_U  NIMP; 

#else 

struct  ELGsecPlus  const  *sec  = (struct  ELGsecPlus  *)seckey->priv; 

(void)version; 

ASSERTELG(seckey->pkAlg) ; 

return  2*((bnBits(Ssec->s.p)+7)/8  + 2); 

#end i f 

> 

static  i n t 

e l g S i g n ( s t r u c t PgpSecKey  *seckey,  struct  PgpHash  const  *h,  byte  const  *hash, 
byte  *sig,  si ze_t  *siglen,  struct  Pg p Ra ndom C o n t e x t const  *rc, 
PgpVersion  version) 

# i f nd  e f ELGSIGS 

(void)seckey; 

(void)h; 

(void)hash; 

( v o i d ) s i g ; 

(void)siglen; 

(void)rc; 
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(void)version; 

return  P G P E R R_P U B K E Y_U N I M P ; 

Seise 

/*  Calculate  an  El  Gamal  signature  */ 

struct  ELGsecPlus  *sec  = (struct  ELGsecPlus  *)seckey->priv; 
struct  BigNum  pml,  x 1 , a,  bn,  xk,  xa; 
unsigned  t; 
unsigned  xlbits; 
i n t i ; 

/ * We  don't  need  this  argument,  although  other  algorithms  may...  * / 
( vo i d ) ve  r s i on; 

ASSERTELG(seckey->pkAlg); 
if  (sec->locked) 

return  P G P E R R_K E Y_I S L 0 C K E D ; 

if  ( h - > D E R p r e f i x s i z e + h->hashsize  > e l g M a x s i g ( s e c k e y , version)) 
return  PG P E R R_P U B K E Y_T0 0 S M A L L ; 

bnBeginCSpml  ) ; 

bnBeginC&xl  ) ; 

bnBegin(&a); 

bnBegin(Sbn); 

bnBegin(Sxk); 

bnBegin(Sxa); 

/*  Some  calculations  done  mod  p-1  */ 
if  (bnCopy  ( & p m 1 , &sec->s.p)  < 0 || 
bnSubQ  ( Spml  , 1 ) < 0 ) 
goto  nomem; 

/* 

* Choose  the  random  xl  value  to  be  used  for  this  signature. 

* Make  sure  it  is  relatively  prime  to  p-1 

* / 

xlbits  = pgpDi screteLogExponentBi ts(bnBi ts(&sec->s .p)  ) * 3 / 2 ; 
do  { 

if  CpgpBnGenRandC&xl  , re,  xlbits,  0,  1)  < 0 || 
bnGcd(&a,  Sxl,  &pm1 ) < 0) 
goto  nomem; 

> while  (bnBits(&a)  > 1); 

/*  Raise  g to  xl  power  to  get  a */ 
if  (bnExpModCSa,  &sec->s.g,  &x1,  &sec->s.p)  < 0) 
goto  nomem; 

/*  Calculate  x**-1  mod  p-1,  keep  in  xl  */ 
if  (bnlnvCSxl , Sxl,  Spml)  < 0) 
goto  nomem; 

/*  Pack  message  hash  M into  buffer  bn  (use  sig  temporarily)  */ 
t = elgPack(sig,  elgMaxsig(seckey,  version),  h,  hash); 
if  (pgpPKCSPack(Sbn,  sig,  t,  PKC S_P A D_S I G N E D , 

( bnB i t s ( Ss e c-> s . p ) +7 ) / 8 , rc)  < 0) 
goto  nomem; 

/*  Calculate  b = (M-xa)/k  mod  p-1,  put  it  in  bn  */ 
if  (bnMul(&xa,  &sec->s.x,  &a)  < 0 || 
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bnMod(8xa,  Sxa,  Spml)  < 0) 
goto  nomem; 

if  (bnCmp(8bn,  Sxa)  < 0)  { 

if  (bnAdd(8bn,  Spml)  < 0) 
goto  nomem; 

> 

bnSub(8bn,  Sxa); 

if  (bnMul(8bn,  Sbn,  8x1)  < 0 || 
bnMod(8bn,  Sbn,  Spml)  < 0) 
goto  nomem; 

/*  Success,  now  just  pack  into  sig  buffer  */ 

t = pgpBnPut P L a i n ( Sa , sig); 

t +=  pg pBn P u t P l a i n ( Sbn , sig  + t); 

if  (siglen) 

*siglen  = (size_t)t; 


i = 0; 
goto  done; 


n o m e m : 

i = P G P E R R_N  0 M E M ; 

/ * fall  through  * / 

done  : 

bnEnd(Sxa); 
bnEnd(Sbn); 
bnEndCSpml ); 
bnEndCSxl ); 
bnEnd(Sa); 
bnEnd(Sbn); 
bnEnd(Sxk); 
return  i; 

U e nd  i f 

> 


/ * 

* Re-encrypt  a PgpSecKey  with  a new  passphrase . 

* A secret  key  is,  after  a non-specific  prefix: 

* 0 1 Version  (=  2 or  3) 

* 1 4 Timestamp 

* 5 2 Validity  (=0  at  present) 

* 7 1 Algorithm  ( = PG P_P K A L G_E LG  A M A L for  ELG) 

* The  following: 


★ 

0 

2 + u 

MPI  for  prime 

★ 

2 + u 

2 + v 

MPI  for  generator 

★ 

4 + u + v 

2 + w 

MPI  for  public  key 

★ 

6 + u + v + w 

1 

Encryption  algorithm 

(0 

for  none. 

1 for 

* 

7 + u + v + w 

t 

Encryption  IV:  0 or 

8 bytes 

* 

7+t+u+v+w 

2 + x 

MPI  for  x (discrete 

log 

of  public 

key) 

★ 

9+t+u+v+w+x 

2 

Checksum 

* 11 +t+u+v+w+x 


IDEA) 


* 

* The  Encryption  algorithm  is  the  cipher  algorithm  for  the  old-style 

* string-to-key  conversion.  For  the  new  type,  it's  255,  then  a cipher 

* algorithm,  then  a string-to-key  algorithm  ( v a r i a b l e - l e ng t h ) , 

* then  the  encryption  IV.  That's  16  bytes  plus  the  string-to-key 

* conversion  length. 

* 
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* On  initial  key  generation  we  rely  on  calling  this  with  env=NULL  being 

* OK  if  phrase=NULL. 

* / 


static  i n t 

elgChangeLocklstruct  PgpSecKey  *seckey,  struct  PgpEnv  const  *env, 

struct  Pg p R a nd om C o n t e x t const  *rc,  char  const  *phrase,  si ze_t  plen) 

{ 


struct  ELGsecPlus  *sec 
struct  Pg p S t r i n g ToKey  * 
struct  PgpCipher  const 
struct  Pg p C f b C o n t e x t *c 
byte  * p ; 
int  oldf  = 0 ; 
unsigned  len; 
unsigned  checksum; 


= (struct  ELGsecPlus 
s 2 k = NULL;  /* 

★cipher  = NULL;  / * 
fb  = NULL;  /* 

/* 


* ) s e 

ckey->priv; 

Shut 

up 

warnings 

* / 

Shut 

up 

warnings 

*/ 

This 

i s 

realy  needed 

Shut 

up 

warnings 

*/ 

*/ 


ASSERTELG(seckey->pkAlg); 
if  (sec->locked) 

return  PG P E R R_KE Y_I S L0 C KE D ; 


len  = bnBytes (Ssec->s . p)  + b n B y t e s ( & s e c - > s . g ) 
bnBy t e s ( & s e c -> s . y ) + b n B y t e s ( & s e c - > s . x ) 
if  (phrase)  { 

s2k  = pg p S 2 Kd e f a u l t ( e n v , re); 
if  ( ! s 2 k ) 


return  PG P E R R_N0M E M ; 
cipher  = pgpCipherDefaultKey(env); 
assert(cipher); 
if  ( ! cipher)  { 

pgpS2Kdestroy(s2k); 
return  PG P E R R_N OM E M ; 

> 

len  +=  cipher->blocksize; 
cfb  = pg p C f b C r e a t e ( c i p h e r ) ; 
if  ( ! c f b ) { 

pgpS2Kdestroy(s2k); 
return  PG P E R R_N0M E M ; 

> 

oldf  = pgpS2Kis0ldVers(s2k); 
if  ( ! o l d f ) 

len  + = 1 + s2k->encodelen; 

} 

p = sec->cryptkey; 
if  (len  > s e c -> c ka  l l o c ) { 

p = (byte  *)pgpMemRealloc(p,  len); 
if  ( ! p)  f 

pgpCfbDestroy(cfb); 
pgpS2Kdestroy(s2k) ; 
return  P G P E R R_N 0 M E M ; 

> 

sec->cryptkey  = p; 
sec->cka  lloc  = (si ze_t ) len; 

} 

sec->cklen  = len; 


+ 11; 


/*  Okay,  no  more  errors  possible!  Start  installing  data  */ 
p +=  pg pBn Pu t P l a i n ( &s e c-> s . p,  p); 
p +=  pg pBn Pu t P l a i n ( &s e c-> s . g , p); 
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> 


p +=  pgpBnPutPlain(&sec->s.y,  p ) ; 


/*  Encryption  parameters  */ 


if  (! phrase)  { 

* p + + = 

0; 

/*  Unencrypted  * / 

> else  { 

if  (oldf)  { 

* p++ 

= cipher->type; 

> else 

{ 

* p + + 

= 2 5 5 ; 

* p + + 

= cipher->type; 

memcpy(p,  s 2 k-> e n c od i ng  , s2k->encodel 

P + = 

s2k->encodelen; 

> 


/ * Create  IV  * / 

pgpRandomGetBytes(rc,  p , cipher->blocksize); 

/*  Use  data  buffer  as  temp  holding  space  for  key  */ 
assert(sec->ckalloc-cipher->blocksize  >=  cipher->keysize); 
pg p S t r i n g ToKey ( s 2 k , phrase,  plen,  p + c i p h e r-> b l o c k s i z e , 
cipher->keysize); 

pgpCfblnitCcfb,  p+cipher->blocksize,  p); 
pgpS2Kdestroy(s2k); 
p +=  cipher->blocksize; 

/*  Wipe  key  * i mmed i a t e l y*  */ 
memsetCp,  0,  cipher->keysize); 


/*  Now  install  x,  encrypted 
checksum  = 0; 

p +=  pg pBn P u t N e w ( S s e c-> s . x , 
pgpChecksumPutNew(checksum, 
P +=  2; 

a s s e r t ( ( p t r d i f f _t ) l e n ==  p 


*/ 

p,  cfb,  Schecksum) ; 
p , c f b ) ; 

sec->cryptkey); 


if  (cfb) 

pgpCfbDestroy(cfb); 
return  0;  / * Success  * / 


static  siz  e_t 

e l g S e c Bu f f e r Le ng t h ( s t r u c t PgpSecKey  const  *seckey) 

{ 

struct  ELGsecPlus  const  *sec  = (struct  ELGsecPlus  *)seckey->pri v; 
return  sec->cklen; 

> 

static  void 

e l g S e cToBu f f e r ( s t ru c t PgpSecKey  const  *seckey,  byte  *buf) 

{ 

struct  ELGsecPlus  const  *sec  = (struct  ELGsecPlus  *)seckey->priv; 
memcpy(buf,  sec->cryptkey,  sec->cklen); 

/*  Return  only  algorithm-dependent  portion  */ 

> 


/*  Fill  in  secret  key  structure  */ 
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static  void 

e L g F i l L S e c Ke y ( s t r u c t PgpSecKey 
{ 

seckey->pkAlg  = 

seckey->priv  = 

s e c k e y-> d e s t roy  = 

# i f 0 

seckey->id8  = 

#end  i f 

seckey->pubkey  = 

s e c k e y-> i s L o c k e d = 

seckey->unlock  = 

seckey->lock  = 

s e c k e y->ma x d e c r y p t ed  = 

s e c k e y-> d e c r y p t = 

seckey->maxsig  = 

seckey->sign  = 

s e c k ey-> c h a n g e Lo c k = 

s e c k e y- > b u f f e r L e n g t h = 

s e c k ey-> t o Bu f f e r = 


*seckey,  struct  ELGsecPLus  *sec) 

P G P_P  K A LG_ELGAMAL; 
sec; 

elgSecDestroy; 

elgSecId8; 

elgPubkey; 

elglslocked; 

elgUnlock; 

elgLock; 

elgMaxdecrypted; 

elgDecrypt; 

elgMaxsig; 

e l g S i g n ; 

elgChangeLock; 

elgSecBufferLength; 

eLgSecToBuffer; 


struct  PgpSecKey  * 

e L g S e c F r o mB u f ( b y t e const  *buf,  size_t  size,  int  *error) 
{ 

struct  PgpSecKey  * s e c k e y ; 
struct  ELGsecPLus  * s e c ; 
byte  *cryptk; 


b n I n i t ( ) ; 

cryptk  = (byte  *)pgpMemALLoc(size); 
if  (cryptk)  L 

(struct  ELGsecPLus  *)pgpMemALloc(sizeof(*sec)); 


sec 


if  (sec)  L 


seckey  = (struct  PgpSecKey  *) 

pgpMemAL  Loc(si zeof (*seckey) ) ; 
if  (seckey)  { 

memcpy (cryptk,  buf,  s i z e ) ; 
bnBegin(&sec->s.p); 
bnBegin(&sec->s.g); 
bnBegin(8sec->s . y ) ; 
bnBegin(&sec->s.x); 
s e c -> c r y p t k e y = cryptk; 
sec->ckLen  = sec->ckaLLoc  = size; 
sec->  Locked  = 1; 

/*  We  onLy  need  this  to  try  unLocki ng  . . 
seckey->pkALg  = PG P_PKA LG_E LG AM A L; 
seckey->priv  = sec; 


if  ( e L g U n L o c k ( s e c ke y , NULL,  NULL,  0)  >= 
eLgFiLLSecKey(seckey,  sec); 
★error  = 0; 

return  seckey;  /*  Success!  * / 

> 


/*  Ka-boom.  DeLete  and  free  everything 
memset(cryptk,  0,  size); 
memset(sec,  0,  s i z e o f ( * s e c ) ) ; 


*/ 


0)  ( 


* / 
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> 


pgpMemFree(seckey)  ; 

> 

pgpMemFree(sec); 

> 

pgpMemFree(cryptk); 

> 

*error  = PGPERR_NOMEM; 
return  NULL; 


/*  Generate  super-strong  primes?  (Warning:  slow!)  */ 
# i f nd  e f E LG_G  E R M A I N 
#def i ne  E L G_G  E R M A I N 0 
#end  i f 


/* 

* 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

* 

* 

* 

★ 

★ 

★ 

★ 

★ 

* 

★ 

★ 

* 

★ 

* 

★ 

★ 

★ 

* 

★ 

★ 

★ 

★ 

★ / 


Generate  an  ELG  secret  key  with  prime  of  the  specified  number  of  bits. 
Make  callbacks  to  progress  function  periodically. 

Secret  key  is  returned  in  the  unlocked  form,  with  no  passphrase  set. 

If  ELG_GERMAIN  is  set  to  1,  we  generate  p such  that  ( p — 1 ) / 2 is  also 
prime.  This  takes  long  time.  ( P s e ud o p r i ma  l i t y tests  take  time 
cubic  in  the  number  of  bits,  and  the  number  of  tests  needed  is 
linear  in  the  number  of  bits,  so  it's  quartic  overall.  Searching 
for  Sophier  Germain  primes  makes  it  quintic(l),  although  the  constant 
factor  improves  to  make  up  for  a lot  of  that. 

The  alternative  (which  is  really  just  as  safe,  really)  is  to  generate 
primes  which  have  a large  prime  factor  q about  10  bits  shorter  than 
the  requested  length.  We  will  guarantee  that  2 is  a generator  of  a 
subgroup  with  period  at  least  q. 

If  it  is  OK,  we  could  speed  it  up  more  by  generating  multiple  primes 

qi  such  that  p = 2 * k* q 1 * q 2 * q 3 * . . . * q n + 1,  and  where  each  qi  is  greater 

than  2**160  (or  whatever  exponent  value  we  are  using).  Again,  once  we 

verify  that  2's  period  is  > 2k  we  know  it  as  at  least  min(qi),  which 

should  be  long  enough  for  prevention  of  discrete  log  attacks. 

A bit  of  theory:  the  average  density  of  primes  around  n is  1/ln(n), 
so  the  average  gap  between  primes  is  ln(n).  However,  the  maximum 
gap  is  ln(n)A2.  The  fact  that  we're  searching  in  steps  other  than 
1 doesn't  matter  - it'll  take  an  average  of  ln(n)  steps. 


So  to  produce  a prime  of  the  desired  size,  we  should  have  p/q  at 
least  ln(p)  and  to  guarantee  it,  we  need  p/q  = ln(p)A2.  This 
means  that  we  want 

log2(ln(p))  < log2(p/q)  < l o g 2 ( l n ( p ) A 2 ) 

l og2  ( 0 . 693* l og2 ( p ) ) < log2(p)  - log2(q)  < 2 * log2  (0.693  * log2(p)) 

l og2 ( l og2 ( p ) ) - 0.529  < log2(p)  - log2(q)  < 2 ★ l o g 2 ( l o g 2 ( p ) ) - 1.058 


At  this  point,  it's  safe  to  start  getting  crude,  because  if  we're 
only  counting  bits,  2 A ( b i t s ( x ) - 1 ) <=  x < 2Abits(x)  <=  2*x,  or 
bits(x)-1  <=  log2(x)  < bits(x)  <=  log2(x)+1.  Another  way  of  looking 
at  all  this  is  that  Log2(x)  is  bits(x)  - 0.5  +/-  0.5. 

So  let's  split  the  difference  and  use  1.5  * b i t s ( b i t s ( p ) ) - 1 as  the 
difference  in  bits  between  p and  q. 


struct  PgpSecKey  * 

e l g S e c Ge n e r a t e ( un s i g n ed  bits,  struct  Pg p R a n d om C o n t e x t const  *rc. 
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int  p r og r e s s ( v o i d *arg,  int  c),  void  *arg,  int  *error) 

{ 

struct  PgpSecKey  *seckey; 
struct  ELGsecPLus  *sec; 
unsigned  expbits; 

#if  ! E L G_G  E R M A I N 

unsigned  lengthdiff; 
struct  BigNum  q , h , e ; 
int  i ; 

# e n d i f 

*error  = 0 ; 

/*  Initialize  local  pointers  (simplify  cleanup  below)  */ 
seckey  = NULL; 
sec  = NULL; 

/*  Allocate  data  structures  */ 

seckey  = (struct  PgpSecKey  *)pgpMemAlloc(sizeof(*seckey)); 
if  (! seckey) 

goto  memerror; 

sec  = (struct  ELGsecPlus  *)pgpMemAlloc(sizeof(*sec)); 
if  ( ! s e c ) 

goto  memerror; 

bnBegin(Ssec->s.p); 
bnBegin(Ssec->s.g); 
bnBegi n(Ssec->s  .y)  ; 
bnBegin(Ssec->s.x); 

#if  E L G_G  E R M A I N 

/*  Strong  ("sophie  germain")  prime  search  */ 

/*  Find  p - choose  a starting  place  */ 
if  ( pg pBnGe n Ra nd ( & s e c-> s . p , re,  bits,  OxCO,  3)  < 0) 
goto  nomem; 

/*  And  search  for  a prime  */ 

if  ( bnGe rma i nPr i meGen ( &sec->s . p,  1,  progress,  arg)  < 0) 
goto  nomem; 

/*  We  have  chosen  p so  2 is  a good  choice  for  generator  */ 
if  ( bn S e t Q ( S s e c -> s . g , 2)  < 0) 
goto  nomem; 

/*  Choose  a random  x of  reasonable  size  as  secret  key  */ 
expbits  = elgExpBits(bits); 

if  (pgpBnGenRand(&sec->s.x,  rc,  expbits,  0,  0)  < 0) 
goto  nomem; 

/*  And  calculate  g**x  as  public  key  */ 

if  (bnTwoExpMod(&sec->s  . y,  Ssec->s.x,  &sec->s.p)  < 0) 
goto  nomem; 

Seise  /*  !ELG_GERMAIN  - the  faster  version  */ 
bnBegin(Sq); 
bnBegin(Sh); 
bnBegin(Se); 

/* 
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* Choose  a random  starting  place  for  q,  a bit  less  than  p. 

* (See  function  header  comment  above  for  the  theory  behind  this.) 

* / 

lengthdiff  = 0 ; 
expbits  = bits; 
while  (expbits  >>=  1) 
lengthdi f f + + ; 

lengthdiff  + = ( lengthdi ff  + 1)  >>  1; 

if  ( pgpBnGenRand ( Sq,  rc,  b i t s - l e n g t h d i f f , 0x80,  1)  < 0) 
goto  nomem; 

/*  And  search  for  a prime  */ 

i = bnPrimeGen(8q,  NULL,  progress,  arg,  0); 
if  ( i < 0) 

goto  nomem; 
if  (progress) 

progress(arg,  ' 1 ) ; 

/*  ...and  now  a random  start  for  p */ 

(void)bnSetQ(8sec->s.p,  0); 

if  ( pg pBn G e n R a nd ( 8 s e c -> s . p , rc,  bits,  OxCO,  1)  < 0) 
goto  nomem; 

/*  Double  q to  make  it  a suitable  stride  */ 
if  ( bn L S h i f t ( 8q , 1)  < 0) 
goto  nomem; 

/ * Set  p = p - (p  mod  2q)  + 1,  i.e.  congruent  to  1 mod  2 q * / 
if  (bnMod(8h,  8sec->s.p,  8q)  < 0) 
goto  nomem; 

if  ( bn S u b ( 8 s e c -> s . p , 8h)  < 0 ||  bn AddQ ( 8 s e c -> s . p , 1)  < 0) 

goto  nomem; 


retry: 


/*  This  loop  is  very  rarely  executed  */ 

/*  And  search  for  a prime,  1+2kq  for  some  k */ 
i = bnPrimeGenStrong(8sec->s.p,  8q,  progress,  arg); 
if  ( i < 0) 

goto  nomem; 
if  (progress) 

progress(arg,  ' '); 

/*  Now  check  two  as  g:  first,  find  (p-1)/q  = 2* ( ( p-1  ) / ( 2*q  ) ) */ 
if  ( bn D i vMod ( 8e , 8h,  8sec->s.p,  8q)  < 0 ||  bnLShift(8e,  1)  < 0) 
goto  nomem; 

/*  e is  now  (p-1)/q,  and  h is  the  remainder  (one!)  */ 
assert  (bnBits(Sh)  = = 1 ) ; 


/ * 

* Make  sure  2**((p-1)/q)  mod  p is  not  small.  This  should  imply 

* that  the  period  of  2 as  a generator  has  at  least  q as  a factor, 

* meaning  it  is  very  big. 

* With  ( p — 1 ) / q as  small  as  it  is,  the  chances  are  *excellent* 

* that  it  will  work.  If  ( p — 1 ) / q were  less  than  a few  hundred 

* 2**((p-1)/q)  would  be  less  than  p and  coundn't  possibly  be  1. 

* / 

if  ( bn T w o E x pMod ( 8 h , 8e,  8sec->s.p)  < 0) 
goto  nomem; 
if  (bnBits(Sh)  < 2)  ( 
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if  (progress) 

progress(arg,  ' 1 ) ; 

goto  retry; 

} 

bnEnd(Se); 

bnEnd(Sh); 

bnEnd(Sq); 

tt  e nd  i f 

/*  We  have  done  things  so  2 is  a good  choice  for  generator  */ 
if  (bnSetQ(&sec->s  . g,  2)  < 0) 
goto  nomem; 

/*  Choose  a random  x of  reasonable  size  as  secret  key  */ 
expbits  = pgpDiscreteLogExponeritBits(bits)*3/2; 
if  ( pgpBnGenRand ( Sse c->s . x,  rc,  expbits,  0,  0)  < 0) 
goto  nomem; 

/*  And  calculate  g**x  as  public  key  */ 
if  ( bnTwoExpMod ( &se c->s . y , &sec->s.x,  &sec->s.p)  < 0) 
goto  nomem; 


/*  And  that's  it...  success!  */ 

/ * Fill  in  structs  * / 
sec->cryptkey  = NULL; 
sec->ckalloc  = sec->cklen  = 0; 
sec-> locked  = 0; 
elgFillSecKeyCseckey,  sec); 

/*  Fill  in  cryptkey  structure,  unencrypted  */ 
elgChangeLock  (seckey,  NULL,  rc,  NULL,  0); 

return  seckey; 


nomem : 

#if  ! E L G_G  E R M A I N 

bnEnd(Se); 

bnEnd(Sh); 

bnEnd(Sq); 

# e nd i f 

bnEnd(Ssec->s . p)  ; 
bnEnd(Ssec->s.g); 
bnEnd(&sec->s.y); 
bnEnd(Ssec->s.x)  ; 

/ * Fall  through  */ 
memerror : 

pgpMemFree(seckey); 
pgpMemFree(sec); 
seckey  = NULL; 

★error  = PG P E R R_N 0 M E M ; 

return  seckey; 

} 
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elgkey.h 


/ * 

* $ I d : elgkey.h, v 1.4  1 996/1  1 /1  2 02:1  8:26  mhw  Exp  $ 

* / 

# i f nd  e f PG  P_E  L G KE  Y_H 
tfdefine  P G P_E  LG  K E Y_H 

#include  " pg p / u s u a l s . h " /*  For  byte  ★ / 

^include  <stddef.h>  /*  For  size_t  */ 

struct  PgpPubKey; 
struct  PgpSecKey; 
struct  PgpRandomContext; 

struct  PgpPubKey  * e l g Pu b F r omBu f ( by t e const  *buf,  si ze_t  len,  int 
struct  PgpSecKey  *e l gSec F romBuf ( by te  const  *buf,  si ze_t  len,  int 
int  e l g Pu bKey P r e f i x S i z e ( by t e const  *buf,  size_t  size); 

struct  PgpSecKey  * 

elgSecGenerate(unsigned  bits,  struct  PgpRandomContext  const  *rc, 
int  progressCvoid  *arg,  int  c),  void  *arg,  int  *error); 


# e nd i f /*  PGP  ELGKEY  H */ 


★error); 

★error); 
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/ * 

* $ I d : esk.c, v 1.45  1 996/1  1 /1  2 02:1  8:27  mhw  Exp  $ 
*/ 


#ifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 
it  e nd  i f 


#include  <assert.h> 


tt  i n c l iid  e 
//include 
//include 
it  i n c l ud  e 
//include 
//include 
//include 
//include 
//include 
ft  i n c l u d e 
//include 


" e s k . h " 

" p k 1 1 i s t . h " 
"pgp/annotate . h" 
"pgp/cfb.h" 
"pgp/ci pher . h" 
"pgp/hash . h" 
"pgp/pgpmem  . h" 
"pgp/pgpe  r r . h " 
"pgp/pubkey  . h " 
"pgp/str2key.h" 
"pgp/usua l s . h" 


//define 
//define 
# d e f i n e 
//define 


E S KT  Y P E_C  0 N V 
ESKTYPE_NEWCONV 
E S KT  Y P E_P  K 
ESKTYPE  R S A 


( PGP_ESKTYPE_PASSPHRASE<<8) 

( (PGP_ESKTYPE_PASSPHRASE<<8)+1 ) 

( PGP_ESKTYP  E_P  UBKEY<<8) 

( ( PGP_ESKTYPE_PUBKEY<<8)+PGP_PKALG  RSA) 


struct  PgpESK  { 

struct  PktList  pkt; 


>; 

/* 

* A PK  ESK 

i s : 

* 0 1 

Version 

* 1 8 

Key  I D 

* 9 1 

PK  a Ig 

* 10 
* / 

static  i n t 

Algorithm  specific  data 

eskPubkeyValidateCbyte  const  *buf,  size_t  len) 
unsigned  bits; 


if  (len  < 1 ) 

return  PG P E R R_E S K_T 0 0 S H 0 R T ; 

if  (bufCOD  !=  2 88  bu  f [ 0 D !=  3 88  bufCOIl  !=  4)  / * Version  byte  * / 

return  P G P E R R_E S K_B A D V E R S I 0 N ; 
if  (len  < 10) 

return  PG P E R R_E S K_T00 S H 0 RT ; 
switch  (bufC9D)  { / * Algorithm  Byte  * / 

case  PG  P_PKA  LG_R  S A : 

bits  = ( (unsigned)bufC100<<8)  + bufCIID; 
if  (len  ! = 1 2+( bi ts+7 ) /8) 

return  len  < 1 2 + ( b i t s +7 ) / 8 ? PG P E R R_E S K_T 0 0 S H 0 R T : 

P G P E R R_E  S K_T  OOLONG; 

return  E S KT  Y P E_R  S A ; 


return  E S KT  Y P E_P  K + buf[9]; 
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> 

/ * 

* A SK  ESK  is: 

* 0 1 Version 

* 1 1 Cipher 

* 2 x StringToKey  (x  >=  1) 

* 2+x  y ESK  (y  >=  0) 

* / 

static  int 

e s k C on v k ey Va L i d a t e (byte  const  *buf,  si ze_t  ten) 

{ 

struct  PgpCipher  const  * c ; 
int  ret; 

if  (lien) 

return  E S KT Y P E_C 0 N V ; 
if  ( l e n < 3 ) 

return  PG P E R R_E S K_T0 0 S H 0 RT ; 
if  (bufCOH  !=  4)  /*  Version  byte  */ 

return  PG P E R R_E S K_B A D V E R S I ON ; 

/*  Try  to  decode  the  ESK  */ 
c = pgpCipherByNumber  (bufCID); 
if  ( ! c ) 

return  PG P E R R_E S K_B A D A LGO R I T H M ; 

/*  Decode  the  string  to  key  algorithm  */ 

ret  = pgpS2Kdecode  (NULL,  NULL,  buf+2,  len-2); 

if  (ret  < 0) 

return  ret; 
if  (ret  = = 0) 

return  PG P E R R_E S K_B A D A LG  0 R I T H M ; 
ten  -=  2+ret; 
if  (len  ==  0) 

return  E S KT Y P E_N E W C 0 N V ; 
if  (len  < c -> k ey s i z e + 1 ) 

return  PG P E R R_E S K_T00 S H 0 RT ; 
if  (len  > c -> k ey s i z e + 1 ) 

return  PG P E R R_E S K_T00 LONG ; 
return  E S KT Y P E_N E W C 0 N V ; 

> 

static  struct  PgpESK  ** 
e s k L i s t T a i l ( s t r u c t PgpESK  **head) 

while  (*head) 

head  = (struct  PgpESK  **)&(*head)->pkt.next; 
return  head; 

} 

/*  Add  an  PgpESK  to  a list  thereof  */ 
int 

pgpEskAdd(struct  PgpESK  **esklist,  int  type,  byte  const  *buf,  size_ 

C 

struct  PgpESK  *esk; 
int  i ; 

switch  (type)  C 


len) 
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case  PGPANN_SKCIPHER_ESK: 

i = eskConvkeyValidate(buf,  Len); 
if  ( i < 0 ) 

return  in- 
break; 

case  PGPANN_PKC I PHER_ESK : 

i = eskPubkeyValidate(buf,  len); 
if  ( i < 0 ) 

return  in- 
break; 
default: 

return  P G P E R R_E S K_B A D T Y P E ; 

} 

esk  = (struct  PgpESK  *)pgpPktListNew(i,  buf,  len); 
★eskListTail(esklist)  = esk; 
return  esk  ? 0 : P G P E R R_N 0 M E M ; 


/*  A few  trivial  access  functions  */ 


void 

pgpEskFreeLi st  (struct  PgpESK  * e s k l i s t ) 


pgpPktLi 


P k t L i s t 


> 


Oesklist); 


struct  PgpESK  * 

pgpEskNext  (struct  PgpESK  const  *esk) 
if  (esk) 

return  (struct  PgpESK  * ) e s k- > p k t . n e x t ; 
return  NULL; 

> 

i n t 

pgpEs kType ( s t r uc t PgpESK  const  *esk) 

{ 

return  esk->pkt.type  >>  8; 

> 

/*  Returns  P G P_P K A L G_x x x */ 
i n t 

pgpEskPKAlg(struct  PgpESK  const  *esk) 

{ 

assert(esk->pkt . type  >>  8 ==  PG P_E S KT Y P E_PUBKE Y ) ; 
return  e s k- > p k t . t y p e 8 255; 

byte  const  * 

pgpEskId8 ( st ruct  PgpESK  const  *esk) 

{ 

assert (esk->pkt . type  >>  8 ==  PG P_E S KT Y P E_PU BKE Y ) ; 
return  esk->pkt.buf+1; 

> 

/ * 

* Return  the  size  of  the  largest  possible  key  that  may 

* be  produced  as  output  from  and  e s kX Xd e c ry p t ( ) function. 
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*/ 

s i z e_t 

pg p E s kMa x Key S i z e (struct  PgpESK  const  *esk) 

{ 

switch  (pgpEskType  (esk)  ) { 
case  PGP_ESKTYPE_PASSPHRASE : 

return  (size_t)  (max  ((int)25,  (int)(((int)esk->pkt.len)-3))); 
case  P G P_E  SKTYPE_PUBKEY : 

/*  XXX  --  this  only  works  with  RSA,  no?  Need  a PgpSecKey 
object  to  do  better,  though.*/ 
return  max  (25,  esk->pkt.len-10); 

> 

return  0; 

> 


/ * 

* The  "key"  is  from  a pass  phrase.  Returns  the  Length  of  the  key, 

* which  is  <algorithm  i d e n t i f i e r> < k e y bits>.  The  actual  key  is 

* obtained  via  a s t r i n g- t o- ke y operation. 

*/ 


i n t 

pg p E s k C o n v D e c r y p t ( s t r u c t PgpESK  const  *esk,  struct  PgpEnv  const 

char  const  *pass,  size_t  plen,  byte  *buf) 


( 


struct  PgpStringToKey  *s2k  = NULL; 
struct  PgpCfbContext  *cfb  = NULL; 
int  ret  = 0; 


* e n v , 


switch  ( es k->pkt . type  & Oxff)  ( 

struct  PgpHash  const  *hash; 

struct  PgpCipher  const  *c; 

byte  * k e y ; 

byte  const  * o f f ; 

int  L e n ; 

case  0 : 

/*  Old-style  (non  ConvESK)  */ 

hash  = pg p H a s h By Numbe r ( PG P_H A S H_M D 5 ) ; 

if  ( ! h a s h ) 

return  P G P E R R_B A D_H A S H N U M ; 
c = p g p C i p h e r B y N urn b e r ( P G P_C I P H E R_I D E A ) ; 
if  ( ! c ) 

return  PG P E R R_B A D_C I P H E R N U M ; 
s2k  = pgpS2Ksimple  (env,  hash); 
bufLO:  = PGP_CIPHER_IDEA; 

ret  = pgpStringToKey  (s2k,  pass,  plen,  buf+1,  c->keysize); 
if  ( ! r e t ) 

ret  = c -> k ey s i z e + 1 ; 

break; 

case  1 : 

c = pgpCipherByNumber  (esk->pkt.bufC1D); 
if  ( ! c ) 

return  PG P E R R_B A D_C I P H E R N UM ; 

ret  = pgpS2Kdecode  ( & s 2 k , env,  esk->pkt.buf+2,  esk->pkt.len-2); 
if  (ret  < 0 ) 

return  ret; 
if  ( ! s 2 k ) 

return  PG P E R R_N 0M E M ; 
if  ( e s k-> p k t . I e n-2 - r e t !=  0)  ( 

/*  We  have  an  ESK  in  the  packet  */ 
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> 


off  = esk->pkt.buf+2+ret;  / * ESK  starts  here  * / 
ten  = esk->pkt.len-2-ret;  / * ESK  Length  * / 


> else 


> 

break; 

default: 


cfb  = pgpCfbCreate  ( c ) ; 
if  ( ! cf b)  £ 

ret  = PGPERR_NOMEM; 
break; 

> 

key  = (byte  OpgpMemAlloc  (c->keysize); 
if  ( ! k e y ) { 

ret  = PGPERR_NOMEM; 
break; 

> 


ret  = pgpStringToKey 
if  (ret)  £ 


( s 2 k , pass,  plen, 
c->keysize); 


memset  (key,  0,  c->keysize); 

pgpMemFree  (key); 

break; 


pgpCfblnit  (cfb,  key,  NULL); 
memset  (key,  0,  c->keysize); 
pgpMemFree  (key); 

pgpCfbDecrypt  (cfb,  off,  buf,  Len); 
pgpCfbWipe  (cfb); 
ret  = Len; 

£ 


/*  this  is  just  a key  to  use  */ 
bufCOD  = c->type; 

ret  = pgpStringToKey  (s2k,  pass, 

c->keysize) 


if  ( ! r e t ) 

ret  = c->keysize+1; 


p L en. 


key. 


bu  f + 1 , 


> 


ret  = P G P E R R_B  ADPARAM; 


if  ( s 2 k ) 

pgpS2Kdestroy  (s2k); 

if  (cfb) 

pgpCfbDestroy  (cfb); 


return  ret; 


/ * 


* Do  public-key  decryption  - buf  must  be  "big  enough"  as  defined  by 

* pgpSecKeyMaxDecrypted() . Returns  the  Length  of  the  decrypted  key, 

* <0  on  error. 


*/ 


i n t 

pgpEskPKdecrypt(struct 

struct 


£ 


PgpESK  const  *esk,  struct  PgpEnv  const  *env, 
PgpSecKey  *sec,  byte  *buf) 


s i z e_t  L e n ; 
i n t err; 


o r 
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> 


assert  (sec->decrypt); 

/*  XXX  should  "die"  gracefully,  here  */ 


err  = pg p S e c Ke y D e c ry p t ( s e c , env, 

esk->pkt  . 


if  (err) 


return  err; 
return  (int)  len; 


pgpEskPKAlg(esk), 
en-10,  buf,  & l e n , 


es  k->pkt  . buf + 1 0, 
NULL,  0); 
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esk.h 

/ * 

* esk.h  --  Encrypted  Session  Key  handler. 

★ 

* $Id:  esk.h, v 1.16  1996/11/12  02:18:27  mhw  Exp  $ 

* / 


#i  f ndef  PGP_ESK_H 
//define  PGP_ESK  H 


//include  " pg p / u s u a l s . h " 

/*  Return  values  from  eskType  */ 
^define  PG P_E S KT Y P E_P A S S P H R A S E 0 
//define  PG  P_E  S KT  Y P E_PUBKE  Y 1 

struct  PgpEnv; 

//ifndef  T Y P E_P  G P E N V 
//define  T Y P E_P  G P E N V 1 
typedef  struct  PgpEnv  PgpEnv; 
//end  i f 

struct  PgpESK; 

//ifndef  T Y P E_PG  P E S K 
//define  T Y P E_PG  P E S K 1 
typedef  struct  PgpESK  PgpESK; 
//endif 


struct  PgpSecKey; 

#ifndef  T Y P E_P G P S E C K E Y 
//define  T Y P E_PG  P S E C KE  Y 1 
typedef  struct  PgpSecKey  PgpSecKey; 
//endif  ' 


[*  Some  access  functions.  */ 

int  pgpEskType  (struct  PgpESK  const  *esk); 

1 n t pgpEskPKAlg  (struct  PgpESK  const  *esk); 
byte  const  *pgpEsk!d8  (struct  PgpESK  const^esk); 


/*  How  bl9  might  the  output  key  possibly  be?  */ 

S. 1 Z e— t PgpEskMaxKeySi  ze  (struct  PgpESK  const  *esk)  ■ 
/ * ' 


* The  "key"  is  a 

* is  <algorithm 
*/ 


passphrase.  Returns  the  length  of  the  key 
dent  i f i erxkey  bi  ts> 


which 


int  pg p E s k C o n v D e c r y p t 


(struct  PgpESK  const  *esk,  struct  PgpEnv  const 
char  const  *pass,  size_t  plen,  byte  *buf); 


* e n v 


/*  Do  public-key  decryption  */ 

int  pgpEskPKdecrypt  (struct  PgpESK  const  *esk,  struct 

struct  PgpSecKey  *sec,  byte  *buf) 


PgpEnv 


const  *env. 


struct  PgpESK  *pgpEskNext  (struct  PgpESK  const  *esklist); 

int  pgpEskAdd  (struct  PanFSK  **p<sH  net  + u 

void  pgpEskFreeList  ( s t r l c \ \ ^ ! I J J t } "s  \ , : 


//endif  /*  PGP_ESK_H  */ 


l e n ) ; 
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fixedlcey.c 

/ * 

* A single,  fixed  PGP  key  for  decryption  operations. 

* 

* $ I d : fixedkey.c,v  1.9  1 996/1  1 /1  2 02:1  8:27  mhw  Exp  $ 

* / 

tfifdef  HAVE_C0N F I G_H 
#i nc  l ude  " conf i g . h " 

U e nd  i f 

^include  "fixedkey.h" 


unsigned  char  const 
0xB8,  Ox  E 1 , 

>; 


f i x ed Key  I D C 8 3 = t 
0x21,  0 x 0 E , 0x88, 


0 x 0 C , 0x13,  0x99 


Version  (=  2 or  3) 

Timestamp 

Validity  (=  0 at  present) 
Algorithm  (=1  for  RSA) 

MPI  for  modulus 

MPI  for  exponent 

Encryption  algorithm  (0  for 

Encryption  IV:  0 or  8 bytes 

MPI  for  d 

MPI  for  p 

MPI  for  q 

MPI  for  u 

Checksum 


none,  1 for 


byte  const  fixedkeyCD  = ( 


PGPVERSIO  N_2 

, / * version  * / 

0,  0, 

0,  o. 

/ * timestamp  * / 

0,  0, 

/ * validity  * / 

1 , 

/*  algorithm  = RSA  */ 

0x02, 

0x00, 

/ * bits 

in  n (512)  * / 

Ox  D B , 

0x24, 

0x36,  0x7B, 

0x91,  0x82,  0 x 8 E , 

0 x 4 F , 

0x17, 

Ox  D4  , 

0xF7,  0x32, 

0xD8,  OxOA,  0x59, 

0x7  C , 

0x96  , 

0 x D 8 , 

OxCB,  0 x F 7 , 

0x29,  0 x C A , 0 x B 1 , 

0 x A 5 , 

0 x E 2 , 

0x09, 

0x27,  0 x D 1 , 

0xA4,  OxCD,  0xD7, 

0x6D  , 

OxFD, 

0x6A  , 

OxIA,  0xD4, 

0x80,  0x4D,  0x52, 

Ox  D 6 , 

0 x 2 B , 

0x29, 

0x99,  0 x F 9 , 

0x31,  0 x 3 F , 0x65, 

0x99, 

0x59, 

0x19, 

OxDF,  0x62, 

0x58,  0x88,  0x31, 

0xC9, 

Ox  B8  , 

0 x E 1 , 

0x21,  0 x 0 E , 

0x88,  OxOC,  0x13, 

0x99, 

0x00, 

0x06  , 

/ * bits 

in  e (512)  */ 

0x11  , 

# d e f i n e F I X E D KE Y_P UB L E N 

0, 

0x01 ,0xf 8, 

OxEB, 


0 x A F , 
0x56, 
Ox  F0, 
0x96, 


Ox 6 D , 
0 x A F , 
0 x D 0 , 
OxBC  , 


0xB7  , 
0x88, 
0x29, 
0xB5  , 
Ox  F0, 


( 12  + 64  + 1 ) 

/ * Unencrypted  * / 

/ * bits  in  d * / 

0x08 , 0x24 
0x6C,  0x78 
OxlF,  0x5E 
0xE5,  OxCD 
0x26,  0x10 


0x16, 
0x91  , 
OxBB, 
Ox  F 2 , 
0x12, 


OxOB, 
0x83, 
Ox 6 E , 
0x3C  , 
0 x 7 D , 


Ox  5 A , 
0 x 9 A , 
0x75, 
0x10, 
OxDA, 


IDEA) 
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0 x 4 F , 

0x11  , 

Ox  FI , 0x4A, 

OxAA, 

Ox  A C , 

OxBB, 

0 x D 4 

0x74, 

Ox  A C , 

0 x 9 E , OxBD, 

0x7B, 

Ox  F 3 , 

OxBA  , 

OxBE 

0x58, 

0x15, 

0 x B A , 0 x E 2 , 

0x77, 

0x75, 

0 x E 0 , 

OxE  F 

0x01  , 

0x00, 

/ * bits 

in  p 

*/ 

0 x E 9 , 

0x61  , 

0x7D,  0xF2, 

0x29, 

0x47, 

0x80, 

0x09 

0x44, 

OxDF, 

OxOD,  0x7B, 

0 x D 9 , 

0x01  , 

0x67, 

0x47 

0x34, 

0 x D 1 , 

0x5F,  Ox  D 1 , 

Ox  C 2 , 

0 x B 7 , 

OxAA, 

0x72 

OxBE, 

0 x 4 E , 

0xA6,  0xD2, 

Ox  D 4 , 

0x2C, 

OxCE, 

0 x 4 B 

0x01  , 

0x00  , 

/ * bits 

i n q 

*/ 

Ox  F0, 

0x61  , 

0x6C,  0x02, 

Ox  F 3 , 

OxBO, 

0 x D 1 , 

0 x D 7 

0x63, 

0x9C  , 

0x39,  0x12, 

Ox  AB, 

Ox  A7, 

0 x 5 E , 

OxCD 

0 x A B , 

0 x C C , 

OxEB,  0x67, 

0x59, 

0x38, 

0 x E A , 

0x61 

0x16, 

Ox  5 E , 

OxBB,  OxBO, 

0xA4, 

0x48, 

0x27, 

0 x 2 B 

0x01  , 

0x00  , 

/ * bits 

i n u 

* / 

Ox  D 7 , 

0x58, 

OxDF,  0x29, 

0x01  , 

0x82, 

Ox  A A , 

0 x 2 E 

0 x 2 A , 

Ox  5 A , 

0xF9,  0x82, 

0 x 8 F , 

0 x 4 D , 

0x94, 

0x55 

0x50, 

0 x 7 A , 

0 x A D , 0xB6, 

OxCO, 

0xA6, 

0xB8, 

0 x C 8 

0x57, 

0x47, 

0x45,  0x2F, 

0x55, 

Ox  3 D , 

OxDC, 

0x50 

0x52, 

Ox  C 7 

/ * Checksum  * / 

>; 


struct  PgpPubKey  * f i x e d Ke y P u b ( v o i d ) 

{ 

int  err;  / * Always  0 * / 


return  r s a P u b F r omB u f ( f i x e d k e y , F I X E D KE Y_PU B L E N , 


struct  PgpSecKey  * f i x e d K e y S e c ( v o i d ) 

{ 

int  err;  / * Always  0*/ 

return  r s a S e c F r omBu f ( f i x e d k ey  , s i zeof ( f i xedkey ) 

> 

#else  /*  Obsolete  code  */ 


#include  "pgp/keys.h" 


static  unsigned  char  const  n C 5 1 2 / 8 ] = { 


OxDB, 

0x24, 

0x36, 

0x7B, 

0x91  , 

0x82, 

0 x 8 E , 

0x4  F 

0x17, 

0 x D 4 , 

Ox  F7, 

0x32, 

Ox  D 8 , 

OxOA  , 

0x59, 

0 x 7 C 

0x96, 

0 x D 8 , 

OxCB, 

0 x F 7 , 

0x29, 

0 x C A , 

0 x B 1 , 

0 x A 5 

0 x E 2 , 

0x09, 

0x27, 

0 x D 1 , 

0xA4, 

OxCD, 

Ox  D7, 

0x6D 

OxFD, 

0x6  A , 

0 x 1 A , 

0xD4, 

0x80, 

Ox  4 D , 

0x52, 

Ox  D6 

Ox2B, 

0x29, 

0x99, 

Ox  F9, 

0x31  , 

0 x 3 F , 

0x65, 

0x99 

0x59, 

0x19, 

OxDF, 

0x62, 

0x58, 

0x88  , 

0x31  , 

0 x C 9 

0 x B 8 , 

0 x E 1 , 

0x21  , 

0 x 0 E , 

0x88, 

0 x 0 C , 

0x13, 

0x99 

>; 


static 


unsigned  char  const  dC51  2/8  — 1 II  = { 


OxEB, 

0xB7, 

0x16 

OxA  F , 

0 x 6 D , 

0x88  , 

0x91 

0x56, 

OxA  F, 

0x29, 

OxBB 

Ox  FO  , 

Ox  D 0 , 

0 x B 5 , 

Ox  F2 

0x96, 

OxBC, 

Ox  FO, 

0x12 

0x4  F , 

0x11, 

Ox  FI  , 

0x4A 

0x74, 

Ox  A C , 

0x9E, 

OxBD 

0x58, 

0x15, 

OxBA, 

Ox  E 2 

0x08, 

0x24, 

OxOB, 

0x5  A 

0 x 6 C , 

0x78, 

0x83, 

0 x 9 A 

0x1  F, 

Ox  5 E , 

0 x 6 E , 

0x75 

Ox  E 5 , 

OxCD, 

Ox  3 C , 

0x10 

0x26, 

0x10, 

0 x 7 D , 

0 x D A 

OxAA, 

Ox  AC  , 

OxBB, 

0 x D 4 

0x7B, 

Ox  F3, 

OxBA, 

OxBE 

0x77, 

0x75, 

0 x E 0 , 

OxE  F 

Serr); 


& e r r ) ; 
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>; 

static  unsigned  char  const  p[256/83  = { 


0 x E 9 , 

0x61  , 

0 x7 D , 

0 x F 2 , 

0x29, 

0x47, 

0x80, 

0x09 

0x44, 

OxDF, 

OxOD, 

0 x 7 B , 

0 x D 9 , 

0x01  , 

0x67, 

0x47 

0x34, 

Ox  D 1 , 

Ox  5 F , 

0 x D 1 , 

Ox  C 2 , 

0xB7  , 

OxAA, 

0x72 

OxBE, 

0 x 4 E , 

Ox  A6  , 

0 x D 2 , 

0xD4, 

Ox  2 C , 

OxCE, 

0 x 4 B 

static  unsigned  char  const  q[256/83  = { 


Ox  FO, 

0x61  , 

0 x 6 C , 

0x02, 

Ox  F 3 , 

OxBO  , 

0 x D 1 , 

0xD7, 

0x63, 

0x9  C , 

0x39, 

0x12, 

OxAB, 

0xA7, 

Ox  5 E , 

Ox  C D , 

OxAB, 

0 x C C , 

OxEB, 

0x67, 

0x59, 

0x38, 

0 x E A , 

0x61  , 

0x16, 

Ox  5 E , 

0 x BB  , 

OxBO, 

Ox  A4  , 

0x48, 

0x27, 

0 x 2 B 

static  unsigned  char  const  uC256/83  = { 


Ox  D7  , 

0x58, 

OxDF, 

0x29, 

0x01  , 

0x82, 

OxAA, 

Ox  2 E 

0x2  A, 

Ox  5 A , 

Ox  F9, 

0x82, 

0 x 8 F , 

0x4  D , 

0x94, 

0x55 

0x50, 

Ox  7 A , 

Ox  A D , 

0xB6  , 

Ox  C 0 , 

0xA6, 

0xB8, 

Ox  C 8 

0x57, 

0x47, 

0x45, 

0x2  F, 

0x55, 

0 x 3 D , 

0 x D C , 

0x50 

>; 

void 

f i x ed Key D e s t r oy ( s t r u c t PgpPubKey  *pub,  struct  PgpSecKey  *sec) 

if  (pub)  { 

bnEnd(8pub->n); 

bnEnd(8pub->e); 

> 

if  (sec)  f 

bnEnd ( 8sec->d  ) ; 
bnEnd(8sec->p); 
bnEnd ( 8sec->q  ) ; 
bnEnd(8sec->u); 

> 

> 

i nt 

f i xedKeyGet ( s t rue t PgpPubKey  *pub,  struct  PgpSecKey  *sec) 

if  ( pub ) <. 

bnBegin(8pub->n); 

bnBegin(8pub->e); 

if  ( bn  I n s e r t B i g By t e s ( 8pub-> n , n,  0,  sizeof(n))  < 0 || 

bn S e t Q ( &pub-> e , 17)  < 0)  { 

f i x e d Key D e s t r oy ( pub , (struct  PgpSecKey  *)0); 
return  - 1 ; 

> 

> 

if  (sec)  ( 

bnBegin(&sec->d); 
bnBegin(&sec->p); 
bnBegin(Ssec->q); 
bnBegi n(&sec->u) ; 

if  ( bn  I ns e r t B i gBy t e s ( &se c->d , d,  0,  sizeof(d))  < 0 || 
b n I n s e r t B i g By t e s ( 8 s e c -> p , p,  0,  sizeof(p))  < 0 || 
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} 


bn  I n s e r t B i g By t e s ( & s e c ->q , q,  0,  sizeof(q))  < 0 || 
bn  I n s e r t B i gBy t e s ( S s e c->u , u,  0,  sizeof(u))  < 0)  { 
fixedKeyDestroy(pub,  sec); 
return  - 1 ; 

> 


return  0; 

> 

#endif  /*  End  of  obsolete  code  */ 
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fixed  key.  h 

/ * 

* A single,  fixed  PGP  key  for  decryption  operations. 

* 

* $ I d : fixedkey.h,v  1.6  1 996/1  1 /1  2 02:18:28  mhw  Exp  $ 

* / 

struct  PgpPubKey; 

# i f nde  f T Y P E_PG P P UBKE Y 
#def i ne  T Y P E_PG P PU BKE Y 1 
typedef  struct  PgpPubKey  PgpPubKey; 
tt  e nd  i f 

struct  PgpSecKey; 

#i  f ndef  T Y P E_PG P S E C KE Y 

#de  f i ne  T Y P E_PG P S E C KE Y 1 

typedef  struct  PgpSecKey  PgpSecKey; 

#end i f 

struct  PgpPubKey  *fixedKeyPub(void); 
struct  PgpSecKey  *fixedKeySec(void); 

extern  unsigned  char  const  fixedKeyIDC8D; 
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keymisc.c 

/ * 

* keymisc.c 

* Miscellaneous  helper  functions  for  public  key  modules. 

* Including  packing  and  unpacking  for  PKCS  compatibility. 

* 

* Sid:  keymisc.c, v 1.5. 2.1  1 996/1  1 /1  4 04:09:38  cbertsch  Exp  $ 
*/ 


#ifdef  H A V E_C  0 N F I G H 


//include 
# e n d i f 

" c on  f i g . h " 

# i n c l ud  e 

<assert  . h> 

//include 

<stdarg.h> 

//include 

"keymisc.h" 

// i nc l ude 

"pgp/bn  . h" 

//include 

"pgp/ cf b . h" 

//include 

"pgp/ cipher. 

h" 

//include 

"pgp/hash  . h" 

//include 

"pgp/pgpmem  . 

h" 

//include 

"pgp/pgperr  . 

h" 

//include 

"pgp/pubkey . 

h" 

//include 

"pgp/ random . 

h" 

^include 

"pgp/str2key 

. h" 

//include 

"pgp/usuals. 

h" 

//ifndef  PKCS_COMPAT 

//define  PKCS_C0MPAT  1 
//end  i f 

/* 

* Given  a number  of  bits  in  a modulus,  compute  the 

* needed  to  provide  equivalent  security  from  small 

* Adding  padding  on  top  of  this  is  not  an  entirely 

* 

* This  is  based  on  a paper  from  Michael  Wiener  I 


* 

on  the  diff 

i c u 1 1 y of 

the  two  attacks 

, which 

★ 

* 

the  following  table: 

* 

★ 

Table  1 : 

Subgroup  Sizes  to  Match  F 

i e l d Sizes 

★ 

Size  of  p 

Cost  of 

each  attack 

Size  of  q 

* 

(bits) 

(instructions  or 

(bits) 

* 

* 

modular 

multiplies) 

•k 

512 

9 x 

N- 

< 

O 

1 1 9 

k 

768 

6 x 

1 0 A 2 1 

145 

k 

1 024 

7 x 

1 0A24 

165 

k 

1280 

3 x 

1^- 

r\j 

< 

o 

183 

k 

1536 

7 x 

1 0A29 

1 98 

k 

1 792 

9 x 

1 0 A 3 1 

212 

k 

2048 

8 x 

1 0A33 

225 

k 

2304 

5 x 

o 

> 

LaJ 

v_n 

237 

k 

2 5 60 

3 x 

1 0A37 

249 

k 

2816 

1 X 

1 0A39 

259 

k 

3072 

3 x 

o 

< 

o 

269 

minimum  exponent  size 
-exponent  attacks, 
evil  idea. 

This  extension  to 
the  table  is  not 
part  of  the  original. 

THIS  FUNCTION 

Output  Error 

(+  is  safe) 


1 37 

+ 18 

153 

+ 8 

1 69 

+ 4 

1 84 

+ 1 

1 98 

+ 0 

212 

+ 0 

225 

+ 0 

237 

+ 0 

249 

+ 0 

260 

+ 1 

270 

+ 1 
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★ 

3328 

8 

X 

1 0A41 

279 

| 280 

+ 1 

★ 

3584 

2 

X 

1 0A43 

288 

| 289 

+ 1 

★ 

3840 

4 

X 

1 0A44 

296 

| 297 

+ 1 

★ 

4096 

7 

X 

1 0A4  5 

305 

| 305 

+ 0 

★ 

4352 

1 

X 

1 0A47 

313 

| 313 

+ 0 

★ 

4608 

2 

X 

1 0A48 

320 

| 321 

+ 1 

★ 

4864 

2 

X 

1 0 A 4 9 

328 

| 329 

+ 1 

★ 

5120 

3 

X 

1 0A50 

335 

| 337 

+ 2 

★ 

■k 

This  function  fits 

a curve  to  this. 

which 

overestimates  the 

size 

* 

of  q required,  but 

by 

a very  small 

amount 

in  the  important 

1 000-4000 

★ 

bit  range.  It  is 

a 

quadratic  curve 

up  to 

3840  bits,  and  a 

linear 

★ 

curve  past  that. 

They 

are  designed 

to  be 

C ( 1 ) (have  the  same  value 

* 

and  the  same  slope) 

a t 

the  point  where  they  meet. 

*/ 


#def i ne 

AN 

1 

/ * 

a 

= - A N / A D / 6 5 5 36 , the  quadratic  coefficient  */ 

ft  define 

AD 

3 

ft  d e f i n e 

M 

8 

/* 

Slope  = 

M/256, 

i . e . 

1/32  where  li 

near  starts  */ 

U d e f i n e 

TX 

3840 

/ * 

X 

value 

a t 

the 

slope 

point,  where 

linear 

starts 

*/ 

#def i ne 
/ * 

TY 

297 

/* 

Y 

value 

a t 

the 

slope 

point,  where 

linear 

starts 

*/ 

* For  a slope  of  M at  the  point  (TX,TY),  we  only  have  one  degree  of 

* freedom  left  in  a quadratic  curve,  so  use  the  coefficient  of  xA2, 

* namely  a,  as  that  free  parameter. 

* 

* y = -AN/AD*( (x-TX)  / 2 5 6 ) A2  + M*(x-TX)/256  + TY 

* = -AN*(x-TX)*(x-TX)/AD/256/256  + M*x/256  - M*TX/256  + TY 

* = -AN*x*x/AD/256/256  + 2 * A N * x * T X / A D / 2 5 6 / 2 5 6 - A N * T X * T X / A D / 2 5 6 / 2 5 6 \ 

* + M*  x / 2 5 6 - M*TX/256  + TY 

* = -AN*(x/256  ) A2/AD  + 2 * A N * ( T X / 2 5 6 ) * ( x / 2 5 6 ) / A D + M*(x/256)  \ 

* - AN*(TX/256)  A2/AD  - M*(TX/256  ) + TY 

* = (AN*(2*TX/256  - x/256  ) + M * A D ) * x / 2 5 6 / A D - ( A N * ( T X / 2 5 6 ) / A D + M)*TX/  2 5 6 \ 

* + TY 

* = ( AN*(2*TX/2  56  - x/256  ) + M * A D ) * x / 2 5 6 / A D \ 

* - (AN*(TX/256)  + M*AD)*TX/256/AD  + TY 

* = ( ( M * A D + AN*(2*TX/256  - x/256  ))*x  - ( A N * ( T X / 2 5 6 ) + M * A D ) * T X ) / 2 5 6 / A D + TY 

* = ( ( M * A D + AN*(2*TX  - x)/256)*x  - ( A N * ( T X / 2 5 6 ) +M * A D ) * T X ) / 2 5 6 / A D + TY 

* = ((M*AD  + AN*(2*TX  - x)/256)*x  - (M*AD  + A N * T X / 2 5 6 ) * T X ) / 2 5 6 / A D + TY 

* = ( ( ( 256*M*AD  + 2*AN*TX-AN*x) /256  )*x  - ( M * A D + A N * T X / 2 5 6 ) * T X ) / 2 5 6 / A D + TY 

* 

* Since  this  is  for  the  range  0...TX,  in  order  to  avoid  having  any 

* intermediate  results  less  than  0,  we  need  one  final  rearrangement,  and 

* a compiler  can  easily  take  the  c o n s t a n t - f o l d i n g from  there... 

* 

* = JY  + ( ( (256*M*AD+2*AN*TX-AN*x)/256)*x  - ( M * A D + A N * T X / 2 5 6 ) * T X ) / 2 5 6 / A D 

* = TY  - ( ( M * A D + AN*TX/256)*TX  - ( ( 2 5 6 * M * A D + 2 * A N * T X - A N * x ) / 2 5 6 ) * x ) / 2 5 6 / A D 

*/ 

#define  BITS(x)  \ 

TY  - ( ( M * A D + AN*TX  / 2 56  ) *TX  - ( ( 2 5 6 * M * A D + A N * 2 * T X - A N * x ) / 2 5 6 ) * x ) / ( A D * 2 5 6 ) 


unsigned 

pgpDi screteLogExponentBi tslunsigned  modbi ts) 
unsigned  expbits; 
if  (modbits  > TX) 

expbits  = M * m o d b i t s / 2 5 6 - M*TX/256  + TY;  /*  Linear  */ 

else 
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expbits  = BITS(modbits); 
return  expbits; 

> 


#unde  f 

BITS 

#undef 

TY 

#undef 

TX 

#undef 

M 

#undef 

AD 

#undef 

AN 

/ * 

/ * Quadratic  * / 


* Fill  the  given  bignum,  from  bytes  high-1  through  Low  (where  0 is 

* the  least  significant  byte),  with  non-zero  random  data. 

* / 

static  i n t 

randomPadCstruct  P g p R a n d om C o n t e x t const  *rc,  struct  BigNum  *bn, 
unsigned  high,  unsigned  Low) 

{ 

unsigned  i,  L; 

byte  paddingC64D;  / * This  can  be  any  size  (>0)  whatsoever 


*/ 


high 

while 


} 


= Low; 

(high)  { 

L = high  < sizeof(padding)  ? high  : sizeof(padding); 
pgpRandomGetBytes(rc,  padding,  l); 

for  (i  = 0;  i < l;  i++)  { / * Replace  all  zero  bytes  * / 

w h i L e ( pa dd i ng C i ] ==  0) 

pgpRandomGetBytes(rc,  padding+i,  1 ) ; 

> 

high  - = L ; 

if  ( bn  I n s e r t B i gBy t e s ( bn , padding,  high  + Low,  L)  < 0) 
return  PG P E R R_N OM E M ; 


memset(padding,  0,  sizeof(padding)); 
return  0; 


/* 

* Fill  the  given  bignum,  from  bytes  high-1  through  Low  (where  0 is 

* the  Least  significant  byte),  with  a L L ones  (OxFF)  data. 

*/ 

static  int 

o n e s P a d ( s t r u c t BigNum  *bn,  unsigned  high,  unsigned  Low) 

( 

unsigned  L ; 

static  byte  const  paddingCD  = { 

255,255,255,255,255,255,255,255, 

255,255,255,255,255,255,255,255 

>; 

high  -=  Low; 
while  (high)  { 

L = high  < sizeof(padding)  ? high  : sizeof(padding); 
high  -=  l; 

if  ( bn  I n s e r t B i g By t e s ( bn , padding,  high  + Low,  L)  < 0) 
return  PG P E R R_N OM E M ; 

> 

return  0; 


1330 


lib/ pgp/ pubkey/keymisc.c 


> 


/ * 

* The  Basic  Encoding  Rules  (of  which  the  Distinguished  Encoding  Rules 

* are  a simple  m i n i ma  l -s i z ed  subset)  are  supposed  to  be  compact.  Humph. 

* Maybe  they  are,  but  the  ASN.1  they're  encoding  is  less  than  concise. 

* It's  sequence(sequence(object_id(1.2.840.113549.2.5)),octet_string(...)) 

* / 


static 


> ; 


byte  const  M D 5_p  r e f i x II  3 = L 
0x30,  /*  Universal,  Constructed,  Sequence  */ 

0x20,  /*  Length  32  (bytes  following)  */ 

0x30,  /*  Universal,  Constructed,  Sequence  */ 

0x0c,  /*  Length  12  */ 

0x06,  /*  Universal,  Primitive,  o b j e c t - i d e n t i f i e r */ 
0x08,  / * Length  8 * / 

0x2a,  /*  42  = IS0(1)*40  + Member  bodies(2)  */ 
0x86,  0x48,  /*  840  = US  (ANSI)  */ 

0x86,  0 x F 7 , 0 x 0 D , /*  1 1 3549  = RSADSI  */ 

0x02,  1*2-  Hash  functions  */ 

0x05,  /*  5 = M D 5 */ 

0x05,  /*  Universal,  Primitive,  NULL  */ 

0x00,  / * Length  0 * / 

0x04,  /*  Universal,  Primitive,  Octet  string  */ 

0x10  /*  Length  16  */ 

/*  16  MD5  digest  bytes  go  here  */ 


/*  This  is  the  PGP  2.2  M D 5 identification  byte  */ 
static  byte  const  pg p 2 2_M D 5_by t e = 1; 


/* 

•k 

* 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 

★ 


Wrap  a PKCS  wrapper  around  some  data. 

Type  1 is  for  signature,  type  2 for  encryption. 

Type  2 wrappers: 

If  the  modulus  is  n bytes  long,  with  the  most  significant  byte 
being  n-1  and  the  least  significant,  0,  the  wrapper  looks  like: 


Position  Value 

n-1  0 

n-2  2 

n-3.  . len  + 1 ??? 

I e n 0 

l en-1 . . 0 data 


Function 

This  is  needed  to  ensure  that  the  padded  number 
is  less  than  the  modulus. 

The  padding  type  (non-zero  random). 

Non-zero  random  padding  bytes  to  "salt"  the 
output  and  prevent  duplicate  plaintext  attacks. 
Zero  byte  to  mark  the  end  of  the  padding 
Supplied  payload  data. 


In  the  case  of  PGP,  the  payload  is  a byte  indicating  the  type  of 
conventional  cipher,  currently  always  set  to  1 to  indicate  IDEA, 
and  a 16-byte  IDEA  key  followed  by  a 16-bit  checksum. 

Versions  of  PGP  up  to  2.2  generated  a "broken"  version  of  this  format, 
which  had  the  components  (except  for  the  most  significant  zero  byte) 
in  the  opposite  order.  This  is  controlled  by  PKCS_C0MPAT. 

There's  no  security  difference,  it's  just  nice  if  everyone  does  it 
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★ 

★ 

★ 

★ 

★ 

★ 

★ 

* 

★ 

* 

* 

★ 

★ 

★ 

* 

★ 

★ 

★ 

★ 


the  same  way. 


Position  Value 

n-1  0 

n-2 . . n-  l en-1  data 
n-  l en-2  0 

n-  l en-3  . . 1 ? ? ? 

0 2 


Supplied  payload  data. 

Zero  byte  to  mark  the  end  of  the  padding 
Non-zero  random  padding  bytes  to  "salt"  the 
output  and  prevent  duplicate  plaintext  attacks. 
The  padding  type  (non-zero  random). 


On  decryption,  the  fact  that  the  first  (most  significant)  byte  of 
payload  data  is  1 for  the  <=  2.2  format,  and  a padding  type  of  1 
(fixed,  all  ones)  is  never  used  for  public-key  encryption  lets 
these  be  distinguished. 


There  really  should  be  several  bytes  of  padding,  although  this 
routine  will  not  fail  to  encrypt  unless  it  will  not  fit,  even 
with  no  padding  bytes. 


* 


* Type  1 padding: 

* 

★ 


* The  type  is  1,  and  the  padding  is  all  I's 

* (hex  OxFF).  In  addition,  if  the  data  is  a DER-padded  MD5  hash,  there 

* an  option  for  encoding  it  with  the  old  PGP  2.2  format,  in  which  case 

* that's  all  replaced  by  a 1 byte  indicating  MD5. 


* When  decrypting,  distinguishing  these  is  a bit  trickier,  since  the 

* second  most  significant  byte  is  1 in  both  cases,  but  in  general, 

* it  could  only  cause  confusion  if  the  PGP  hash  were  all  I's. 


★ 

To  summari 

z e , the 

* 

* 

Position 

Value 

★ 

n-1 

0 

* 

* 

n-2 

1 

★ 

n-3 . . 1 en  + 1 

255 

★ 

l e n 

0 

* 

l en-1  . .x 

ASN.1 

★ 

x - 1 . .0 

data 

* 

★ 

★ 

Position 

Value 

formats  are: 

Function 

This  is  needed  to  ensure  that  the  padded  number 
is  less  than  the  modulus. 

The  padding  type  (all  ones). 

All  ones  padding  to  ensure  signatures  are  rare. 
Zero  byte  to  mark  the  end  of  the  padding 
The  ASN.1  DER  magic  cookie  (18  bytes) 

The  payload  M D 5 hash  (16  bytes). 


★ 
★ 
★ 
* 
: k 
: k 
* 
★ 
★ 
★ 
★ 
★ 
★ 
★ 


n-1  0 

n-2  1 

n-2..n-len— 2 data 
n-len-2  0 

n-  l en-3  . . 1 25  5 

0 1 


"This  is  MD5" 

Supplied  payload  M D 5 hash  (len  ==  16). 
Zero  byte  to  mark  the  end  of  the  padding 
All  ones  padding. 

The  padding  type  (all  ones). 


The  reason  for  the  all  I's  padding  is  an  extra  consistency  check. 
A randomly  invented  signature  will  not  decrypt  to  have  the  long 
run  of  ones  necessary  for  acceptance. 

Oh...  the  public  key  isn't  needed  to  decrypt,  but  it's  passed  in 
because  a different  glue  library  may  need  it  for  some  reason. 


s 
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★ 

* TODO:  Have  the  caller  put  on  the  PKCS  wrapper.  We  can  notice  and 

* strip  it  off  if  we're  trying  to  be  compatible. 

*/ 


i n t 

pgpPKC S Pa c k ( s t rue t BigNum  *bn,  byte  const  *in,  unsigned  len,  byte 
unsigned  bytes,  struct  Pg p Ra ndom C o n t e x t const  *rc) 


if  (l  en  + 3 > bytes) 

return  PG P E R R_PU BKE Y_T00 S M A L L ; /*  data  won't  fit 


padtype. 


in  pubkey ! 


*/ 


/*  Set  the  entire  number  to  0 to  start  */ 
(void)bnSetQ(bn,  0); 


> 


if  (padtype  *=  P K C S_P  A D_E  NCRYPTED)  { 

/*  Random  padding  */ 

if  ( P KC  S_C  0 M P A T ||  i n E 0 3 !=  1)  i 

if  ( bn  I nse r t B i gBy t es ( bn,  Spadtype,  bytes-2,  1)  < 0 || 

r a nd omPa d ( r c , bn,  bytes-2,  len+1)  < 0 || 

bn  I n s e r t B i gBy t e s ( bn , in,  0,  len)  < 0) 
return  PGPERR_N0MEM; 

> else  { 

/*  Old  <=  2.2  broken  format  */ 

if  ( bn  I n s e r t B i g By t e s ( bn  , in,  bytes-len-1,  len)  < 0 || 

r a ndom Pa d ( r c , bn,  bytes-len-2,  1)  <0  || 

bn  I n s e r t B i gBy t e s ( bn , Spadtype,  0,  1)  < 0) 
return  PG  P E R R_N  0 M E M ; 

> 

> else  { 

assert  (padtype  ==  PKC S_P A D_S I G N E D ) ; 

/*  Constant  padding  */ 

if  (PKC  S_C  0 M P A T 

||  len  !=  s i z eo f ( MD 5_p r e f i x ) +1 6 

||  mememptin,  MD5_prefix,  s i z e o f ( M D 5_p r e f i x ) ) !=  0) 

if  ( bn  I n s e r t B i gBy t e s ( bn  , Spadtype,  bytes-2,  1)  <0  || 

onesPad(bn,  bytes-2,  len+1)  < 0 || 

bn  I n s e r t B i gBy t e s ( bn , in,  0,  len)  < 0) 
return  PGPERR_N0MEM; 

> else  { 

/*  Old  <=  2.2  format  - no  DER  prefix  */ 
len  -=  s i z eo f ( MD 5_p r e f i x ) ; 
in  +=  s i zeof ( MD5_pref i x ) ; 
if  (l  en  + 3 + 1 > bytes ) 

return  PG P E R R_PUBKE Y_T00 S M A L L ; /*  won't  fit  */ 
if  (bnInsertBigBytes(bn,  & p g p 2 2_M  D 5_by  t e , bytes-1,  1) 

<0  11 

bnlnsertBi gBytes (bn,  in,  bytes-len-2,  len)  < 0 || 

onesPad(bn,  bytes-len-2,  1)  < 0 || 

bnlnsertBi gBytes (bn,  Spadtype,  0,  1)  < 0) 

return  PG P E R R_N0M E M ; 

> 

> 

return  0; 


/* 
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* Searches  bytes,  beginning  with  start-1  and  progressing  to  0, 

* until  one  that  is  not  Oxff  is  found.  The  idex  of  the  last  Oxff 

* byte  is  returned  (or  start  if  start-1  is  not  Oxff.) 

*/ 

static  unsigned 

bnSearchNonOneFromHighCstruct  BigNum  const  *bn,  unsigned  start) 

{ 


byte  bufC16D;  /*  Size  is  arbitrary  */ 
unsigned  l ; 
unsigned  i; 


} 


while  (start)  { 

l = start  < sizeof(buf)  ? start  : sizeof(buf); 
start  -=  l; 

bnExtractBigBytes(bn,  buf,  start,  l); 
for  (i  = 0;  i < l;  i++)  { 

if  ( bu  f C i ] ! = Oxff)  { 

memset(buf,  0,  sizeof(buf)); 
return  start  + l - i; 


/ * Nothing  found  * / 
memset(buf,  0,  s i z e o f ( bu f ) ) ; 
return  0; 


/* 

* Searches  bytes,  beginning  with  start  and  going  up  (towards  more 

* significant  bytes),  until  one  that  is  not  Oxff  is  found.  Since 

* input  number  is  finite,  there  must  be  zeros  eventually. 

* The  index  of  the  first  non-Oxff  byte  is  returned. 

*/ 

static  unsigned 

bn S e a r c h Non  0 n e F r om Lo w ( s t r u c t BigNum  const  *bn,  unsigned  start) 

{ 


byte  bufC163;  / * Size  is  arbitrary  * / 
unsigned  i; 


the 


> 


for  (;;)  { 

bnExtractBigBytes(bn,  buf,  start,  sizeof(buf)); 
i = sizeof(buf); 
start  +=  i; 
do  { 

if  (buf[--iD  !=  Oxff)  { 

memset  (buf , 0,  s i z e o f ( bu f ) ) ; 
return  start  - i - 1; 

> 

> while  (i); 

} 

/★N0TREACHED*/ 


/* 

* Searches  bytes,  beginning  with  start-1 

* until  finding  one  that  is  zero,  or  the 

* The  index  of  the  last  non-zero  byte  is 


and  progressing  to  0, 
end  of  the  array, 
returned  (0  if  the  array 
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* is  all  non-zero,  or  start  it  start-1  is  zero). 

*/ 

static  unsigned 

bnSearchZeroFromHigh(struct  BigNum  const  *bn,  unsigned  start) 

byte  buf[16D;  / * Size  is  arbitrary  * / 
unsigned  l; 
unsigned  i; 


> 


while  (start)  { 

l = start  < sizeof(buf)  ? start  : sizeof(buf); 
start  -=  l; 

bnExtractBigBytes(bn,  but,  start,  l ) ; 
tor  (i  = 0;  i < l;  i++)  { 
it  CbutHi]  ==  0)  { 

memset(but,  0,  sizeof(buf)); 
return  start  + l - i; 

> 

> 


> 

/*  Nothing  found  */ 
memsetCbuf,  0,  sizeof(buf)); 
return  0; 


/ * 

* Searches  bytes,  beginning  with  start  and  going  up  (towards  more 

* significant  bytes),  until  one  that  is  zero  is  found.  Since  the 

* input  number  is  finite,  there  must  be  zeros  eventually. 

* The  index  of  the  first  zero  byte  is  returned. 

* / 


static  unsigned 

bn S ea r c h Z e ro F r omLow ( s t ru c t BigNum  const  *bn,  unsigned  start) 
{ 

byte  bufC16H;  / * Size  is  arbitrary  * / 
unsigned  i; 


> 


for  (;;)  ( 

bnExtractBigBytes(bn,  buf,  start,  sizeof(buf)); 
i = sizeof(buf); 
start  +=  i; 
do  { 

if  ( buf  C--i ] ==  0)  { 

memset (buf , 0,  sizeof(buf)); 
return  start  - i - 1; 

> 

> while  (i); 

> 

/★N0TREACHED*/ 


/ * 

* Performs  a PKCS  unpack  operation.  Returns  a prefix  of  the  unwrapped 

* data  in  the  given  buf.  Returns  the  length  of  the  untruncated 

* data,  which  may  exceed  "len".  Returns  <0  on  error. 

* 

* For  the  c o n s t a n t -pa dd i ng  (signature  checking)  case, 

* it  recongi zes  the  PGP  2.2  format,  but  not  in  all  its  generality; 

* only  the  one  case  (framing  byte  = 1,  length  = 16)  which  was  ever 
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* generated.  It  fakes  the  DER  prefix  in  that  case. 

*/ 
i n t 

pgpPKCSUnpackCbyte  *buf , unsigned  ten,  struct  BigNum  *bn,  byte  padtype, 
unsigned  bytes) 

{ 

byte  t m p C 2 3 ; 

bnExtractBigBytesCbn,  tmp,  bytes-2,  2 ) ; 
if  ( t mp  C 0 ] ! = 0)  { 

memsetCtmp,  0,  2 ) ; 
return  PGPERR_PK_CORRUPT; 

> 


if  (padtype  ==  P K C S_P  A D_E  N CRYPTED)  { 

/*  Decryption  case,  random  padding  */ 

/*  Special  case:  PGP  <=  2.2  hack  */ 

bnExtractBigBytesCbn,  tmp,  0,  1); 

if  ( t m p [ 1 2 ==  1 SS  tmpCO]  ==  padtype  SS 

bn S ea r c h Z e r o F r omLow  ( bn  , 1)  ==  by t e s - 1 - 1 -1 6-2 - 1 ) 

/*  Aha,  it's  PGP  <=  2.2  */ 
if  (ten  > 1+1 6+2 ) 

ten  = 1+16+2; 

bnExtractBigBytesCbn,  buf,  bytes-1-len,  ten); 
return  1+16+2; 

> 

/*  Okay,  assume  it's  PKCS.1  */ 
if  ( tmpC  1 3 !=  2)  C 

memset ( tmp,  0,  2 ) ; 
return  PG PE R R_PK_C 0 R R U PT ; 

memsetttmp,  0,  2); 

bytes  = bnSearchZeroFromHighCbn,  bytes-2); 
if  (bytes--  ==  0) 

return  P G P E R R_P K_C 0 R R U P T ; 

> else  { 

assert  (padtype  = = PKC  S_P  A D_S I G N E D ) ; 

/*  Signature  check,  constant  padding  */ 
if  CtmpCI]  !=  padtype)  { 

memsetCtmp,  0,  sizeof(tmp)); 
return  PG P E R R_PK_C 0 R R U PT ; 


/ * 

* Special-case  hack:  is  is  PGP  <=  2.2  format?  This  is 

* identified  by  a least  significant  byte  of  1,  a byte 

* of  0 between  the  16-byte  M D 5 hash  and  the  padding, 

* and  all  ones  padding. 

*/ 

bnExtractBigBytesCbn,  tmp,  0,  1);  /*  Should  be  1 if  <=  2.2  */ 

bnExtractBigBytesCbn,  tmp+1,  bytes-19,  1);  /*  zero  if  <=  2.2  */ 

if  CtmpCO]  ==  padtype  SS  tmpCIH  ==  0 SS 

bn S e a r c h N o n 0 n e F r om Lo w ( bn , 1)  ==  bytes-19) 

/*  Aha/  it's  PGP  <=  2.2  - fake  up  the  DER  prefix  */ 
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if  (len  <=  s i z e o f ( M D 5_p r e f i x ) ) f 

memcpy(buf,  MD5_prefix,  len); 

} else  -C 

memcpy(buf,  MD5_prefix,  s i z e o f ( M D 5_p r e f i x ) ) ; 
buf  +=  s i z e o f ( M D 5_p r e f i x ) ; 
len  -=  s i z e o f ( M D 5_p r e f i x ) ; 
if  (len  > 16) 

len  = 16; 

bnExt ractBi gBytes ( bn,  buf,  bytes-2-len,  len); 

> 

return  16  + s i z e o f ( M D 5_p r e f i x ) ; 


/*  Okay,  assume  it's  PKCS  format  thing.  */ 


bytes  = bnSearchNonOneFromHigh(bn,  bytes  2); 
if  (bytes  < 1) 

return  PG P E R R_PK_C 0 R R U PT ; 

bytes--; 
t m p C 1 3 = 0; 

bnExtractBigBytes(bn,  tmp,  bytes,  1); 
if  (tmpCOD  ! = 0)  { 

memset(tmp,  0,  sizeof(tmp)); 
return  PGPERR_PK_CORRUPT; 

/*  Note:  tmp  isn't  secret  any  more  because  it's  a constant!  */ 

> 

/*  Success!  Return  the  data  */ 
if  (len  > bytes) 

len  = bytes; 

bnExtractBigBytes(bn,  buf,  bytes-len,  len); 
return  bytes; 

> 

/ * 

* Convert  a big-endi 

* Returns  number  of 

* (Returns  0 if  the 
*/ 

i nt 

pgpBnGetPlain(struct 

unsigned  t; 

if  (size  < 2 ) 

return  0; 

t = ( ( uns i gned ) buf C03  <<  8)  + bufCI]; 
t = (t+7)/8; 
if  (size  < t+2) 

return  0; 

if  (bnlnsertBi gBytes (bn,  buf+2,  0,  t)  < 0) 
return  PG P E R R_N 0M E M ; 
return  (int)t+2; 

} 


an  byte  buffer  (with  bit-count  prefix)  to  an  MPI. 
bytes  read  from  buffer,  or  <=  0 on  error, 
buffer  is  too  short.) 

BigNum  *bn,  byte  const  *buf,  unsigned  size) 


/ * 

* Helper  function  for  key  unlocking. 
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* Convert  a big-endian  byte  buffer  to  an  MPI,  with  optional  decryption 

* checksums.  Accepts  cfb  ==  NULL  to  mean  "unencrypted". 

* Returns  number  of  bytes  read  from  buffer,  or  <=  0 on  error. 

* (Returns  0 if  the  buffer  is  too  short.) 

* 

* If  "old"  is  true,  this  does  it  in  the  PGP  2.x  way,  where  the  length 

* °f  ?ata  1S  unencrypted  and  the  CFB  is  resynced  each  step. 

* ^ 0 *•  ^ Ise,  this  assumes  that  just  everything  is  encrypted 

* a nd 

* / 
i n t 

p g p B n G e t ( s t r u c t BigNum  *bn,  byte  const 
struct  PgpCf bContext  *cfb,  unsi 


*buf,  unsigned  size, 
gned  *checksump,  int  old) 


byte  tmpC64D;  / * Thi 


unsigned  t. 

l; 

if  ( ! c f b ) { 

i n t 

i ; 

i = 

pgpBnGetP l 

i f ( 

i >=  0 88 
for  ( t 

> 


s can  be  any  (non-zero)  size 


a i n ( b n , buf,  size); 
checksump)  { 

= 0;  t < (unsigned)i;  t++) 
*checksump  + = bufCtU; 


> = 


2 */ 


> 


return  i ; 


and 


if  (size  < 2) 

return  0 ; 
if  (old)  { 

/*  Length  it  bits  is  not  encrypted  */ 

pgpCfbSync(cfb); 

if  (checksump) 

*checksump  + = (unsigned)bufC03  + b u f C 1 3 ; 
t = ((unsigned)bufCOD  <<  8)  + bufCID- 

> else  { 

/ * Length  in  bits  is  encrypted  * / 
pgpCfbDecrypt(cfb,  buf,  tmp,  2); 
if  (checksump) 

★checksump  +=  (unsigned)tmpCOH  + tmpCI]; 
^ t = ((unsigned)tmpLO]  <<  8)  + tmpCI]; 

buf  +=  2 ; 
t = ( t + 7 ) / 8 ; 
if  (size  < t+2) 

return  0; 

/* 

* Descrypt  and  convert  in  p 

* mos t-s i gn i f i cn t end  to  fo 

* number  all  at  once  rather 
*/ 

size  = t ; 
while  (size)  { 

l = size  < sizeof(tmp)  ? size  : sizeof (tmp); 

pgpCfbDecrypt(cfb,  buf,  tmp,  l); 
size  -=  l; 


ieces.  It's  done  from  the 
rce  allocation  of  the  result 
than  reallocating  it  bit  by  bit. 
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> 


buf  +=  L ; 

if  ( bn  I n s e r t B i g By t e s ( bn  , tmp,  size,  l)  < 0)  C 
memsetCtmp,  0,  sizeof(tmp)); 
return  PGPERR_N0MEM; 

> 


/* 
i f 


> 


Checksum  * / 

(checksump)  C 
do  { 

★checksump 
> while  ( l ) ; 


> 

memsetCtmp,  0,  sizeof(tmp)); 


tmpC--l3; 


return  (int)t+2; 


/ * 

* Read  the  2-byte  simple  checksum  (as  computed  above)  from  the 

* buffer  for  comparison.  Old-style  is  unencrypted,  new-style  is 

* enc  rypted  . 

*/ 

unsigned 

pg p C h e c k s umG e t ( by t e const  *buf,  struct  Pg p C f b C on t e x t *cfb,  int  old) 
{ 

byte  t mp C 2 ] ; 
unsigned  checksum; 


} 


if  (old  ||  !cfb)  C 

checksum  = ( ( uns i gned  ) buf CO] 

> else  ( 

pg p C f b D e c ry p t ( c f b , buf,  tmp, 
checksum  = ( ( un s i g n ed ) t mp C 0 ] 
memset(tmp,  0,  2); 

> 

return  checksum; 


<<  8)  + buf Cl  ] ; 

2); 

<<  8)  + t mp  C 1 ] ; 


/ * 

* Convert  an  MPI  to  a big-endian  byte  buffer,  with  a 

* Returns  number  of  bytes  put  into  buffer. 

* / 

unsigned 

pg pBn Pu t P l a i n ( s t ru c t BigNum  const  *bn,  byte  *buf) 

{ 

unsigned  t ; 


length  prefix. 


t = bnBits(bn); 
buf CO]  = (byte) (t>>8  & 255); 
bufCi:  = (byte)  (t  & 2 5 5 ); 
t = (t+7)/8; 

bnExtractBigBytes(bn,  buf+2,  0,  t); 
return  t+2; 


/ * 

* Helper  function  for  ChangeLock. 

* Convert  an  MPI  to  a big-endian  byte  buffer,  with  optional  encryption  and 
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* checksums.  Accepts  cfb  — NULL  to  mean  "unencrypted". 

* Returns  number  of  bytes  put  into  buffer. 

*/ 

unsigned 

pgpBnPut ( st ruct  BigNum  const  *bn,  byte  *buf, 

struct  PgpCf bContext  *cfb,  unsigned  *checksump/  int  old) 

unsigned  t , u ; 

t = pgpBnPutPlainlbn,  buf); 
if  (checksump) 

for  (u  = 0;  u < t;  u++) 

★ checksump  + = b u f [ u 3 ; 

if  (cfb)  C 

if  (old)  { 

pgpCfbSync(cfb); 

pgpCf bEncrypt (cfb,  buf+2,  buf+2,  t-2); 

> else  t 

pgpCfbEncrypt(cfb,  buf,  buf,  t ) ; 

> 

return  t ; 

> 

/* 

* Write  the  2-byte  simple  checksum  (as  computed  above)  to  the 

* buffer  for  comparison.  Old-style  is  unencrypted,  new-style  is 

* enc  rypted  . 

*/ 

void 

pgpC hec ksumPut ( uns i gned  checksum,  byte  *buf,  struct  Pg p C f b C o n t e x t *cfb 
i n t o l d ) ' 

bufCO]  = (byte)  (checksum>>8  & 2 5 5 ); 
bufCID  = (byte) (checksum  & 255); 
if  (cfb  &&  ! o l d ) 

pgpCf bEncrypt ( cfb,  buf,  buf,  2); 

/* 

* Generate  a random  bignum  of  the  specified  length,  with  the  given 

* high  and  low  8 bits.  "High"  is  merged  into  the  high  8 bits  of  the 

* number.  For  example,  set  it  to  0x80  to  ensure  that  the  number  is 

* eXaClly.  "bits"  bits  lon9  (i-e.  2A(bits-1)  <=  bn  < 2Abits). 

* Low  is  merged  into  the  low  8 bits.  For  example,  set  it  to 

* 1 to  ensure  that  you  generate  an  odd  number. 

* / 
int 

pgpBnGenRand(struct  BigNum  *bn,  struct  P g p R a n d om C o n t e x t const  *rc, 

^ unsigned  bits,  byte  high,  byte  low) 

unsigned  char  bufC640; 
unsigned  bytes; 
unsigned  l; 
int  err; 

bnSetQ(bn,  0); 

bytes  = (bits+7)  / 8; 
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L = bytes  < sizeof(buf)  ? bytes  : sizeof(buf); 
pgpRandomGetBytes(rc,  but,  L ) ; 

/*  Mask  off  excess  high  bits  */ 
bufCO:  &=  255  >>  (-bits  & 7); 

/*  Merge  in  specified  high  bits  */ 
buf[0]  |=  high  >>  (-bits  & 7 ) ; 
if  (bits  & 7) 

buftl]  |=  high  <<  (bits  & 7 ) ; 

for  (;;)  f 

bytes  -=  L ; 

if  (Ibytes)  /*  Last  word  - merge  in  Low  bits  */ 

bufCL-1H  |=  Low; 

err  = bn  I n s e r t B i g By t e s ( bn , buf,  bytes,  L); 
if  (Ibytes  ||  err  < 0) 
break; 

L = bytes  < sizeof(buf)  ? bytes  : sizeof(buf); 
pgpRandomGetBytes(rc,  buf,  L); 

> 


memset(buf,  0,  sizeof(buf)); 
return  err; 


/ * 

* Parse  a buffer  containing  n mpi  format  numbers  (two  bytes  of  Length  in  bits, 

* foLLowed  by  data).  Make  sure  data  is  weLL  formed  and  doesn't  exceed 

* buffer  Length.  Take  n pointers  to  offsets  where  the  n numbers  start 

* (pointers  may  be  nuLL  but  must  not  be  Left  off  arg  List). 

* Return  offset  past  Last  vaLue,  or  negative  for  error. 

*/ 

i n t 

pg pBn Pa r s e ( by t e const  *buf,  unsigned  size,  int  n,  ...) 

C 

va_List  ap; 
unsigned  nb; 
unsigned  off; 
unsigned  *poff; 

va_s  tart  (ap,  n); 
if  (size  < 2U*n) 

return  PG P E R R_KE Y_S H 0 RT ; 

off  = 0 ; 
whiLe  (n--)  { 

poff  = va_arg(ap,  unsigned  *); 

nb  = ((unsigned)bufCO+offO  <<  8)  + bufCI+off]; 


i f 

(!nb  ||  bufC2+offD 

>>  ( ( nb-1 ) 8 

7) 

1 : 

1 ) 

return 

P G P E R R_ 

KEY_MPI;  /* 

Bad 

b i t 

Length  */ 

n b 

= (nb+7)/8; 

/ * 

Need  nb+2  bytes  for 

this,  pLus 

2 * n 

for 

remai nder 

i f 

(size-off  < 

nb  + 2 

+ 2 * n ) 

return 

PG  P E R R_ 

K E Y_S  H 0 R T ; 

i f 

(poff) 

*pof  f 

= off; 

off  +=  nb+2; 

> 

v a_e  nd  ( a p ) ; 
return  off; 
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> 


/ * 

* Given  a cipher  algorithm  descriptor  in  (buf,len)  and  a passphrase, 

* initialize  the  passed-in  Pg p C f b C o n t e x t pointer  and  return  the 

* number  of  bytes  of  descriptor  used,  or  <0  on  error.  (In  which 

* case  *cfbp  is  NULL.) 

*/ 

i n t 

pg p C i p h e r S e t u p ( by t e const  *buf,  unsigned  len,  char  const  *phrase,  size 
struct  PgpEnv  const  *env,  struct  P g p C f b C o n t e x t **cfbp) 

{ 

struct  PgpCipher  const  * c i p h e r ; 
struct  PgpStringToKey  * s 2 k ; 
unsigned  a l g ; 
i n t a l g l e n ; 

byte  k e y C P G P_C I P H E R_M  AXKEYSIZE3; 


/*  First  things  first,  in  case  of  error...  */ 
* c f b p = NULL; 


if  (len  < 1 ) 

return  P G P E R R_K  E Y_S  H 0 R T ; 
alg  = bu  f [ 0 ] & 2 5 5 ; 


if  ( ! a l g ) 

return 


/*  The  key  isn't  encrypted;  just  read  it  in  * / 

i; 


if  (alg  ==  255)  { 

/ * New  style,  with  a separate  string-to-key  * / 

if  (ten  ==  1) 

return  PG P E R R_KE Y_S H 0 R T ; 
alg  = bufCID; 

alglen  = pgpS2Kdecode(Ss2k,  env,  buf+2,  len-2); 
if  (alglen  < 0) 

return  alglen; 
alglen  +=  2; 

if  (len  < (unsigned)alglen) 

return  P G P E R R_KE Y_S H 0 R T ; 

> else  { 

/*  Old-style  string-to-key  */ 

s 2 k = pgpS2Ksimple(env,  pg pH  a s h By N umbe r ( PG P_H A S H_M D 5 ) ) ; 
if  ( ! s 2 k ) 

return  P G P E R R_N  OMEM; 
alglen  = 1 ; 

> 

/*  Okay  now,  do  the  conversion  */ 
cipher  = pgpCipherByNumber(alg); 
if  (Icipher)  { 

pgpS2Kdestroy(s2k); 

return  PG P E R R_B A D_C I P H E R N UM ; 

> 

if  (len  < alglen  + c i p h e r-> b l o c k s i z e ) f 
pgpS2Kdestroy(s2k) ; 
return  PG P E R R_KE Y_S H 0 RT ; 

> 

*cfbp  = pgpCfbCreate(cipher); 


plen. 
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if  ( ! * c f bp  ) t 

pgpS2Kdestroy(s2k); 
return  P G P E R R_N  0 M E M ; 

> 

assert(cipher->keysize  < = sizeof(key)); 

pgpStringToKey(s2k,  phrase,  plen,  key,  cipher->keysize); 
pgpCfbInit(*cfbp,  key,  but  + alglen); 
memset ( key,  0,  sizeof(key)); 
pgpS2Kdestroy(s2k) ; 

return  alglen  + cipher->blocksize; 

> 
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keymisc.h 

/* 

* keymisc.h  - PKCS  packing  and  unpacking 

* 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  functions  in  an  application. 

* 

* $ I d : keymisc.h, v 1.7  1 996/1  1 /1  2 02:1  8:28  mhw  Exp  $ 

* / 

//ifndef  KE  Y M I S C_H 
//define  KE YM I S C_H 

^include  " pg p / u s u a l s . h " /*  for  byte  */ 

struct  BigNum; 
struct  PgpEnv; 
struct  PgpRandomContext; 
struct  PgpCfbContext; 

/*  For  future  expansion  to  ignore  certain  bits  of  alg  */ 

//define  ALGMASK(alg)  (alg) 

unsigned  pgpDiscreteLogExponentBitslunsigned  modbits); 

/*  Block  types  from  PKCS  */ 

//define  PKC S_P A D_Z E R 0 0 

//define  PKC S_P A D_S I G N E D 1 

//define  P K C S_P A D_E N C R Y P T E D 2 

int  p g p P K C S P a c k ( s t r u c t BigNum  *bn,  byte  const  *in,  unsigned  len,  byte  padtype, 
unsigned  bytes,  struct  PgpRandomContext  const  * r c ) ; 
int  pg p PKC S Un pa c k ( by t e *buf,  unsigned  len,  struct  BigNum  *bn,  byte  padtype, 
unsigned  bytes); 

int  pgpBnGetPlainCstruct  BigNum  * b n , byte  const  * b u f , unsigned  size); 
int  pgpBnGetCstruct  BigNum  * b n , byte  const  *buf,  unsigned  size, 

struct  PgpCfbContext  * c f b , unsigned  *checksump,  int  old); 

# d e f i n e pgpBnGetNewlbn, but, size, cfb,cs)  pgpBnGet(bn,buf,size,cfb,cs,0) 

//define  pgpBnGetOld(bn,buf,size,cfb,cs)  pgpBnGet(bn,buf,size,cfb,cs,1 ) 

unsigned  pgpChecksumGetCbyte  const  *buf,  struct  PgpCfbContext  *cfb,  int  old); 
//define  p g p C h e c k s u mG  e t N e w ( b u f , c f b ) p g p C h e c k s urn  G e t ( b u f , c f b , 0 ) 

#define  pg p C h e c k s umG e t 0 l d ( bu f , c f b ) pg p C h e c k s umG e t ( bu f , c f b , 1 ) 

unsigned  pgpBnPutPlainCstruct  BigNum  const  *bn,  byte  *buf); 
unsigned  pg pBn Pu t ( s t r u c t BigNum  const  *bn,  byte  *buf, 

struct  PgpCfbContext  *cfb,  unsigned  *checksump,  int  old); 

#def i ne  pg pBn P u t N e w ( bn , bu f , c f b , c s ) pg pBn P u t ( bn , bu f , c f b , c s , 0 ) 

//define  pg  pBn  P u 1 0 l d ( bn  , bu  f , c f b , c s ) pg  pBn  Pu  t ( bn  , bu  f , c f b , c s , 1 ) 

void 

pgpChecksumPut(unsigned  csum,  byte  * b u f , struct  PgpCfbContext  * c f b , int  old); 
//define  pgpChecksumPutNew(csum,buf,cfb)  pgpChecksumPut(csum,buf,cfb,0) 

#define  pgpChecksumPutOld(csum,buf,cfb)  pgpChecksumPut(csum,buf,cfb,1 ) 

int  pgpBnGenRand ( s t rue t BigNum  *bn,  struct  PgpRandomContext  const  *rc, 
unsigned  bits,  byte  high,  byte  low); 
int  pgpBnParseCbyte  const  *buf,  unsigned  size,  int  n,  ...); 
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i n t 

pgpc 

#end 


pherSetup(byte  const  * b u f , unsigned  Len,  char  const  *phrase,  size 
struct  PgpEnv  const  * e n v , struct  PgpCfbContext  **cfbp); 

f /*  KEYMISC  H */ 


p L e n , 
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Iceyspec.c 

/ * 

* $Id:  keyspec . c,v  1.3  1996/11/12  02:18:28  mhw  Exp  $ 

* / 

//include  "keyspec. h" 

//include  " pg p / pg pmem  . h " 

//include  " p g p / p g p e n v . h " 

//include  " p g p / pg  p e r r . h " 

//include  " p g p / t i m e d a t e . h " 

//include  " p g p / u s u a l s . h " 

/ * 

* The  things  in  a public  key  that  aren't  part  of  the  (algorithm-specific) 

* mathematical  public  key.  Personally,  I'd  prefer  that  this  didn't  exist! 

* / 

struct  PgpKeySpec  ( 

PgpVersion  version; 
word32  creation; 
word16  validity; 

>; 


struct  PgpKeySpec  * 

pg pKey S pe c C r e a t e ( s t r u c t PgpEnv  const  *env) 
{ 

struct  PgpKeySpec  * k s ; 


> 


k s 
i f 


> 


= (struct  PgpKeySpec  * ) pg pM em A l l o c ( s i z e o f ( * k s ) ) ; 

( ks  ) { 

/ * Default  values,  based  on  environment  * / 

ks->version  = pgpenvGetInt(env,  PG P E NV_V E R S I 0 N , NULL,  NULL); 
ks->creation  = pg pT i me S t amp ( pg pe n vG e 1 1 n t ( e n v , PG P E N V_T Z F I X , 

NULL,  NULL)); 

ks->validity  = 0;  / * Forever  */ 


return  ks; 


struct  PgpKeySpec  * 

pg pKey S p e c C o py ( s t r u c t PgpKeySpec  const  *ks) 

{ 

struct  PgpKeySpec  *ks2; 

ks2  = (struct  PgpKeySpec  *)pgpMemAlloc(sizeof(*ks2)); 
if  ( k s 2 ) 

memcpy(ks2,  ks,  sizeof(*ks2)); 
return  ks2; 

> 

void 

pg pKe y S pe c D e s t r oy ( s t r u c t PgpKeySpec  *ks) 

{ 

memset(ks,  0,  s i z e o f ( * k s ) ) ; 
pgpMemFree(ks); 

> 

PgpVersion 

pg pKey S pe c V e r s i o n ( s t r u c t PgpKeySpec  const  *ks) 

{ 
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return  ks->version; 

> 

wo  rd32 

pgpKeySpecCreationCstruct  PgpKeySpec  const  *ks) 

{ 

return  ks->creation; 

} 

wo  r d 1 6 

pg pKey S p e c V a L i d i t y ( s t r u c t PgpKeySpec  const  *ks) 
return  ks->validity; 

> 

i n t 

pg pKey S pe c S e t V e r s i o n ( s t r u c t PgpKeySpec  *ks,  PgpVers 
i 

switch(ver)  f 

case  PGPVERSIO  N_2 : 
case  PGPVERSI 0N_2_6 : 

ks->version  = ver; 
return  0; 

> 

/ * default  * / 

return  PG P E R R_KE Y_V E R S I 0 N ; 

> 

i n t 

pg pKe y S pe c S e t C r e a t i on  ( s t r u c t PgpKeySpec  *ks,  word32 

{ 

ks->creation  = creation; 
return  0; 

> 

i n t 

pg pKey S pe c S e t Va li d i t y ( s t r u c t PgpKeySpec  *ks,  word16 

ks->validity  = validity; 
return  0; 

> 


on  ver) 


creation) 


validity) 
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keyspec.h 

/* 

* $ I d : keyspec.h, v 1.3  1996/1  1 /1  2 02:1  8:29  mhw  Exp  $ 

*/ 

//ifndef  PG P_KE Y S P E C_H 
//define  PG P_KE Y S P E C_h 

//include  " pg  p / u s u a l s . h " 

struct  PgpKeySpec; 

//ifndef  T Y P E_PG PKE Y S P E C 

//define  T Y P E_PG  P KE  Y S P E C 1 

typedef  struct  PgpKeySpec  PgpKeySpec; 

//end i f 

struct  PgpEnv; 
ft  ifndef  T Y P E_P  G P E N V 
//define  T Y P E_P G P E N V 1 
typedef  struct  PgpEnv  PgpEnv; 
ft  e n d i f 

struct  PgpKeySpec  *pgpKeySpecCreate(struct  PgpEnv  const  * e n v ) ; 
struct  PgpKeySpec  *pgpKeySpecCopy(struct  PgpKeySpec  const  * k s ) ; 
void  pgpKeySpecDestroylstruct  PgpKeySpec  * k s ) ; 

PgpVersion  pgpKeySpecVersionlstruct  PgpKeySpec  const  *ks); 

word32  pgpKeySpecCreationCstruct  PgpKeySpec  const  *ks); 
w o r d 1 6 pgpKeySpecValidity(struct  PgpKeySpec  const  *ks); 

int  pgpKeySpecSetVersionCstruct  PgpKeySpec  *ks,  PgpVersion  ver); 
int  pgpKeySpecSetCreationlstruct  PgpKeySpec  *ks,  word32  creation); 
int  pgpKeySpecSetValidityCstruct  PgpKeySpec  *ks,  word16  validity); 

ft  end  i f /*  PGP_KEYSPEC  H */ 
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makesig.c 

/ * 

* $Id:  makesig.c, v 1.20  1996/11/12  02:18:29  mhw  Exp  $ 
*/ 


# i f d e f H A V E_C  0 N F I G_H 
//include  "config.h" 
//endi f 


# i n c l ud  e 


<assert.h> 


U i n c L ud e 
//include 
//include 
//include 
# i nc  l ude 
//include 


"makesig.h" 
"pgp/hash.h" 
"pgp/pgperr.h" 
"pgp/ pubkey . h " 
"pgp/sigspec . h" 
"pgp/usuals.h" 


/*  The  maximum  size  of  the  signature  */ 
i n t 

pg pMa ke S i g Ma x S i z e ( s t r u c t PgpSigSpec  const  *spec) 
{ 

unsigned  extralen; 


(void)pgpSigSpecExtra(spec,  Sextralen); 


> 


return  14  + extralen  + pg p S e c Key Ma x s i g ( pg p S i g S pe c S e c key ( s p e c ) , 

pgpSigSpecVersion(spec) ); 


/ * 

* Given  a buffer  of  at  least  " pg pMa ke S i g Ma x S i z e " bytes,  make  a signature 

* into  it  and  return  the  size  of  the  signature,  or  0. 

* 

* Format  of  signature  packets: 


★ 

Offset 

Length 

Meaning 

★ 

0 

1 

Version  byte  (=  2 or  3). 

★ 

1 

1 

Length  of  following  material  included  in  MD5  (x. 

★ 

2 

1 

Signature  type 

★ 

3 

4 

32-bit  timestamp  of  signature 

* 

MD5 

add  i t i 

onal  material  stops  here,  at  offset  7 

★ 

2 + x 

8 

Key  I D 

* 

1 0 + x 

1 

PK  algorithm  type  (1  = RSA) 

★ 

1 1 +x 

1 

MD  algorithm  type  (1  = MD5) 

★ 

1 2 + x 

2 

First  2 bytes  of  message  digest  (16-bit  checksum) 

★ 

* / 
i n t 

1 4 + x 

2 + ? 

MPI  of  PK-encrypted  integer 

= 5) 


pgpMakeSig  (byte  *buf,  struct  PgpSigSpec  const  *spec, 

struct  PgpRandomContext  const  *rc,  struct  Pg p H a s h C o n t e x t const  *hc) 


struct  PgpSecKey  * s e c = pgpSigSpecSeckey(spec); 

struct  PgpHashContext  *temp_hc; 

unsigned  extralen; 

byte  const  * e x t r a ; 

byte  const  * h a s h ; 

i n t i ; 

PgpVersion  version  = pgpSigSpecVersion(spec); 
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s i z e_t  s i g s i z e ; 

/*  XXX  should  "die"  gracefully  here  */ 
assert  (sec->sign); 

temp_hc  = pgpHashClone  (he); 
if  ( ! t emp_h  c ) 

return  PG P E R R_N OM E M ; 

extra  = pg p S i g S pe c E x t r a ( s p e c , Sextralen); 
assert(extralen  < 2 5 6 ); 

pgpHashUpdate  (temp_hc,  extra,  extralen); 
hash  = pg pH  a s h F i n a l ( t emp_h c ) ; 

/*  Copy  the  first  2 bytes  over  while  they're  available  */ 
memepy  (buf+12+extralen,  hash,  2); 

i = pg p S e c Ke y S i g n ( s e c , hc->hash,  hash,  bu f + 1 4 + e x t r a l en  , Ssigsize, 

re,  version); 
pgpHashDestroy  (temp_hc); 
if  (i  < 0)  -C 

bufC12+extralen]  = 0; 
bufH13+extralen]  = 0; 
return  i; 

> 

/*  Okay,  build  the  signature  packet  - lots  of  magic  numbers.  */ 

bufUOD  = (byte)pgpSigSpecVersion(spec); 

bufCI]  = extralen; 

memcpy(buf+2,  extra,  extralen); 

memcpy(buf+2+extralen,  sec->keyID,  8); 

bufCIO+extralen]  = sec->pkAlg; 
bufCII+extralenll  = hc->hash->type; 

/*  First  2 bytes  of  hash  are  already  copied  in  */ 
return  (int)sigsize+14+(int)extralen; 

> 


/ * Right  now  the  header 
i n t 

pgpMakeSigHeaderMaxSize 

{ 

(void)spec; 
return  13; 

> 


is  always  13  bytes  long  */ 
(struct  PgpSigSpec  const  *spec) 


/ * 

★ 

Given  a buffer  of  appropriate  length  (currently  13) 

, create  a 

★ 

single-pass 

signature 

header,  which  is  a "one-pass" 

signature 

that 

★ 

will  have  a 

real  signature  later  on.  Don't  forget 

that  you'll 

need 

★ 

"k 

the  packet 

header  (2 

more  bytes)  before  this.  The 

format  is: 

★ 

Offset 

Length 

Meaning 

★ 

0 

1 

Version  byte  (=4) 

★ 

1 

1 

Signature  type 

* 

2 

1 

Hash  Algorithm 

★ 

3 

1 

PK  Algorithm 

★ 

4 

8 

KeylD 

★ 

1 2 

1 

nested  flag 
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*/ 
i nt 

pgpMa keS i gHeade r (byte  *buf,  struct  PgpSigSpec  const  *spec,  byte  nest) 
{ 

struct  PgpHash  const  *h; 
struct  PgpSecKey  const  *seckey; 
byte  const  *extra; 
unsigned  extralen; 


> 


extra  = pgpSigSpecExtra  (spec,  Sextralen); 
h = pgpSigSpecHash  (spec); 
seckey  = pgpSigSpecSeckey  (spec); 


/*  XXX:  This  should  be  more  graceful  */ 

assert  (extra); 

assert  (h); 

assert  (seckey); 

assert  (seckey->sign); 


buflO]  = ( by t e ) pg p S i g S pe c Ve r s i on 

bufCI]  = *extra; 

bufC2]  = h->type; 

bufC3]  = seckey->pkAlg; 

memcpy(buf+4,  seckey->keyID,  8); 
b u f C 1 2 U = nest; 


(spec); 


return  13; 
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makesig.h 


/ ★ 


* makesig.h  --  Make  a signature  packet  from  a secret  key,  a hash,  and 

* extra  data. 

* 


* This  is  a PRIVATE 

* You  should  not  be 


header  file,  for  use  only  within  the  PGP 
using  these  functions  in  an  application. 


* $ I d : makesig.h, v 1.7  1 996/1  1 /1  2 02:1  8:29  mhw  Exp  $ 

*/ 

# i f nde  f PG P_M AKE S I G_H 
//define  PG P_M A KE S I G_H 

//include  " pg  p / u s ua  l s . h " 

struct  PgpSigSpec; 
struct  PgpHashContext; 
struct  PgpRandomContext; 

/*  The  maximum  size  of  the  signature  */ 

int  pgpMakeSigMaxSizelstruct  PgpSigSpec  const  * s p e c ) ; 

/* 

* Given  a buffer  of  at  least  " p g pM a k e S i g M a x S i z e " bytes,  make 

* into  it  and  return  the  size  of  the  signature,  or  0. 

* / 


Library. 


a signature 


i n t 

pgpMa keS i g ( by t e *buf,  struct  PgpSigSpec  const  *spec, 

struct  PgpRandomContext  const  * r c , struct  PgpHashContext  const  * h c ) ; 


/*  The  maximum  size  of  a signature  header  (one-pass  sig)  */ 
int  pgpMakeSi gHeaderMaxSi ze  (struct  PgpSigSpec  const  *spec); 

/*  Create  a one-pass  signature  header  block  for  "spec",  putting  it  in  buf  */ 
int  pgpMakeSigHeader  (byte  *buf,  struct  PgpSigSpec  const  *spec,  byte  nest); 

ft  end  i f /*  P G P_M  A K E S I G H */ 
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pkliist.c 

/ * 

* $ I d : pktlist.c, v 1.7  1 996/1  1 /1  2 02:1  8:30  mhw  Exp  $ 

* / 

//if  H A V E_C  0 N F I G_H 
//include  "config.h" 

// e nd i f 

//include  <string.h>  /*  For  memcpy  */ 

//include  <stddef.h>  /*  For  offsetof  */ 

//include  "pktlist.h" 

//include  " pg p / pg pmem . h " 

struct  PktList  * 

pg p P k t L i s t N e w ( i n t type,  byte  const  *buf,  si ze_t  len) 

{ 

struct  PktList  * p k l ; 


> 


pkl  = (struct  PktList  * ) pg pM em A l l o c ( l e n + of fsetof (struct  PktList, 

b u f ) ) ; 


if  (pkl  ) { 

pkl->next  = (struct  PktList  * ) 0 ; 
pkl->type  = type; 
pkl->len  = len; 
memcpy(pkl->buf,  buf,  len); 


> 


return  pkl; 


void 

pg p P k t L i s t F r e e On e ( s t r u c t PktList  *pkl) 

{ 

memset(pkl,  0,  pkl->len  + offsetof(struct  PktList,  buf)); 
pgpMemFree(pkl); 

> 


void 

pg p P k t L i s t F r e e L i s t ( s t r u c t PktList  *list) 

0 

struct  PktList  *cur; 
while  (list)  f 

/*  If  you  don't  understand  this,  yer  a wimp.  Belch.  Grunt.  */ 
list  = (cur  = list)->next; 

memset(cur,  0,  cur->len  + offsetof (struct  PktList,  buf)); 
pgpMemFree(cur); 

} 

> 
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pktlist.h 

/* 

* $ I d : pktlist.h, v 1.3  1 996/1  1 /1  2 02:1  8:30  mhw  Exp  $ 
*/ 

//ifndef  P G P_P KT L I S T_H 
//define  P G P_P KT L I S T_H 

//include  <stddef.h>  /*  For  size  t */ 


//include  "pgp/usua  Is  . h"  /*  For  byte  */ 


/* 

★ 

This  is  a t 

r i v i a l i 

nterface. 

You 

may  just 

access  the 

members 

★ 

directly. 

but  may 

change  from 

a n 

included 

buffer  to  a 

pointer 

★ 

at  some  po i 

n t , but 

that  should 

not 

r eq  u i re 

any  changes 

to  the 

ie 

* / 

source  code 

■ 

struct  PktList  { 

struct  PktList  *next; 
i n t type; 
s i z e_t  len; 

byte  but  11 ];  / * Extensible  * / 

>; 

struct  PktList  *pgpPktListNew(int  type,  byte  const  *buf,  size_t  len); 
void  pgpPktListFreeOneCstruct  PktList  * l i s t ) ; 
void  pgpPktListFreeListCstruct  PktList  * l i s t ) ; 

# e n d i f PGP  PKTLIST  H 
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pubkey.c 

/ * 

* $Id:  pubkey.  c , v 1.1  1 1996/11/12  02:18:30  mhw  Exp  $ 
*/ 


#include  " pgp / pgpe r r . h " 
^include  " pgp / pubkey . h " 
#include  "keymisc.h" 

^include  "rsakey.h" 

#include  "elgkey.h" 

^include  "dsakey.h" 

struct  PgpPkAlg  { 

byte  pkALg; 
i n t use; 

>; 

static  struct  PgpPkAlg  const 
{ P G P_P  K A L G_R  S A , 
i PG  P_P K A LG_R  S A_S I G , 
{ PGP_PKALG_RSA_ENC, 
{ PGP_PKAL  G_E  L G A M A L , 
{ P G P_P  K A L G_D  S A , 

>; 


pg pKno w n P k A l g s C 1 = { 

P G P_P  KU  S E_S I G N_E  N C R Y P T > 
PG  P_P  KU  S E_S I G N >, 
PGP_PKUSE_ENCRYPT  >, 

P G P_P  KU  SE_ENCRYPT  >, 

PGP  PKUSE  SIGN  > 


/*  Return  whether  an  algorithm  can  sign,  encrypt,  or  do  both  */ 

struct  PgpPkAlg  const  * 

pg p P ka  l g By N umb e r ( by t e pkalg) 

{ 

unsigned  i; 


pkalg  = ALGMASK(pkalg); 

for  (i  = 0;  i < sizeof(pgpKnownPkAlgs)/sizeof(*pgpKnownPkAlgs);  i + + ) { 

if  ( pgpKnownPkA l gs C i 0 . pkA l g ==  pkalg) 
return  pgpKnownPkAlgs  + i; 

> 

return  NULL; 


i n t 

pgpKeyUse ( st ruct  PgpPkAlg  const  *pkalg) 

C 

return  pkalg->use; 

> 

struct  PgpPubKey  * 

pgpPubKey F romBuf ( by t e pkAlg,  byte  const  *p,  size_t  len,  int  *error) 

t 

struct  PgpPubKey  *pub; 

Switch  (ALGMASK(pkAlg)  ) { 

case  P G P_P  K A LG_R  S A : 
case  PG  P_P  K A LG_R  S A_S I G : 
case  P G P_P  K A LG_RSA_ENC : 

pub  = rsaPubFromBuf (p,  ten,  error); 
if  ( pub ) 

pub->pkAlg  = pkAlg; 
return  pub; 

case  P G P_P  K A L G_E  LG  A M A L : 
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pub  = elgPubFromBufCp,  Len,  error); 
if  ( pub ) 

pub->pkAlg  = pkALg; 
return  pub; 
case  P G P_P  K A LG_D  S A : 

pub  = dsaPubFromBuf(p,  Len,  error); 
if  ( pub ) 

pub->pkAlg  = pkALg; 
return  pub; 
d e f a u L t : 

*error  = PGPERR_KEY_PKALG; 
return  0; 

> 

> 

struct  PgpSecKey  * 

pg p S e c Key F r omBu f ( by t e pkALg,  byte  const  *p,  si ze_t  Len,  int  *error) 

{ 

struct  PgpSecKey  *sec; 

swi t ch ( ALGMASKC pkA L g ) ) { 
case  P G P_P  K A LG_R  S A : 
case  PG  P_PKA  LG_RSA_SIG: 
case  P G P_P  K A L G_R  S A_E  N C : 

sec  = rsaSecFromBuf (p,  Len,  error); 
if  (sec) 

sec->pkALg  = pkALg; 
return  sec; 

case  P G P_P  K A L G_E  L G A M A L : 

sec  = eLgSecFromBuf(p,  Len,  error); 
if  (sec) 

sec->pkALg  = pkALg; 
return  sec; 
case  P G P_P  K A LG_D  S A : 

sec  = dsaSecFromBuf (p,  Len,  error); 
if  (sec) 

sec->pkALg  = pkALg; 
return  sec; 
d e f a u L t : 

★error  = P G P E R R_K E Y_P K A L G ; 
return  0; 

> 

> 

/ * 

* Scan  a buffer  and  return  the  size  of  the  part  which  corresponds  to 

* a pubLic  key.  This  is  intended  to  be  "Lightweight"  and  not  require 

* the  overhead  of  instantiating  a struct  PgpPubKey. 

* 

* This  rturns  0 if  the  size  is  unknown. 

★ / 

s i z e_t 

pgpPubKeyPref i xS i ze ( by t e pkALg,  byte  const  *p,  size_t  Len) 

{ 

swi t ch ( ALGMASK( pkA L g ) ) { 
case  PG  P_PKA  LG_R  S A : 
case  PGP_PKALG_RSA_S IG : 
case  P G P_P  K A L G_R  S A ENC: 
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> 


case 

case 


return  rsaPubKeyPrefixSize(p,  Len); 
P G P_PK A LG_E  LG  A M A L : 

return  e L g PubKe y P r e f i x S i z e ( p , Len); 
P G P_P  K A L G_D  S A : 

return  dsaPubKeyPrefixSize(p,  len); 


default: 


> 


return  0; 


/ * 

* The  "progress"  function  is  called  periodically  during  key 

* generation  to  indicate  that  *something*  is  happening. 

* The  "int  c"  gives  a bit  of  indication  as  to  *what*  is 

* happening.  In  fact,  this  is  just  the  character  that  text-mode 

* PGP  prints!  It  will  do  as  well  as  any  other  sort  of  enum 

* and  makes  life  simple. 

* 

* The  meaning  of  the  character  is  somewhat  type-dependent,  but 

* the  convention  so  far  is: 

* - Failed  p s e ud op r i ma  l i t y test 

* '/'  - Redoing  initial  setup  work 

* - Passed  p s e ud op r i ma  l i t y test,  further  work  needed 

* ' + ' - Passed  p s e ud o p r i ma  l i t y test,  further  work  needed 

* - Passed  pseudopr i ma  l i ty  test  - almost  done! 

* ' ' - Completed  part  of  key  generation,  on  to  next  phase. 

* (Sorry,  no  way  to  know  how  many  phases  there  are...) 

*/ 


struct  PgpSecKey  * 

pgpSecKeyGenerateCstruct  PgpPkAlg  const  *alg,  unsigned  bits, 

struct  PgpRandomContext  const  *rc, 

int  (*progress ) (void  *arg,  int  c),  void  *arg,  int  *error) 
C 

struct  PgpSecKey  *sec; 
byte  pkAlg  = alg->pkAlg; 


swi tch(ALGMASK(pkAlg) ) { 

case  P G P_P  K A L G_R  S A : 

sec  = rsaSecGenerate(bits,  re,  progress,  arg,  error); 
if  (sec) 

sec->pkAlg  = pkAlg; 
return  sec; 

case  PG  P_P  K A LG_E  LG  A M A L : 

sec  = elgSecGenerate(bits,  rc,  progress,  arg,  error); 
if  (sec) 

sec->pkAlg  = pkAlg; 
return  sec; 
case  P G P_P  K A LG_D  S A : 

sec  = dsaSecGenerate(bits,  rc,  progress,  arg,  error); 
if  (sec) 

sec->pkAlg  = pkAlg; 
return  sec; 
default: 

★ error  = PG P E R R_KE Y_PKA LG  ; 
return  0; 

> 

> 


1357 


lib/  pgp/ pubkey/ pubkey.c 


/* 

* Return  the  amount  of  entropy  needed  to  generate  this  key. 

* Entropy  is  a security  parameter,  controlling  the  amount  of 

* unpredictability  needed  in  the  key.  This  is  more  like 

* pg p D i s c r e t e Lo g E x pon e n t B i t s ( b i t s ) / 2 in  reality,  but  we 

* supply  *lots*  of  padding  here... 

* (The  +64  is  for  the  encryption  IV  when  it's  saved  out.) 

*/ 

u n s i g n e d 

pg p S e c Ke y E n t r o py ( s t r u c t PgpPkAlg  const  *pkAlg,  unsigned  bits) 
{ 


switch 

(ALGMASK(pkAlg->pkAlg) ) 

case 

PG  P_PKA  LG_R  S A : 

case 

PGP_PKALG_RSA_S I G : 

case 

P G P_P  K A L G_R  S A_E  N C : 

case 

P G P_P K A L G_E  L G AM A L : 

case 

P G P_P  K A LG_D  S A : 

return  bits  + 6 4; 

J 

return 

0; 
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pubkey.h 

/ * 

* pubkey.h  --  Structures  for  PGP  Pub  l i c / P r i va t e Keys 

★ 

* Written  by:  Derek  Atkins  < w a r L o rd3M I T . E DU> 

* 

* $Id:  pubkey.  h,v  1.35.2.1  1996/1  1 /1  4 04:09:39  cbertsch  Exp  $ 

*/ 

tfifndef  PGP_PUBKEY_H 
^define  PGP_PUBKEY_H 

#include  " pg p / u s u a l s . h " 

struct  PgpEnv; 
tfifndef  T Y P E_PG  P E N V 
^define  T Y P E_P  G P E N V 1 
typedef  struct  PgpEnv  PgpEnv; 

#endi f 

struct  PgpHash; 

# i f nd  e f T Y P E_P G P H A S H 
#def i ne  T Y P E_P G P H A S H 1 
typedef  struct  PgpHash  PgpHash; 
tie nd i f 

struct  PgpRandomContext; 

# i f ndef  T Y P E_P GPRANDOMCONTEXT 
^define  T Y P E_P  GPRANDOMCONTEXT  1 

typedef  struct  PgpRandomContext  PgpRandomContext; 

U e n d i f 

struct  Pg p S t r i ng T oKey ; 

#ifndef  T Y P E_P  GPSTRINGTOKEY 
#def i ne  T Y P E_PG P S T R I NGTO KE Y 1 

typedef  struct  PgpStringToKey  PgpStringToKey; 

# e nd i f 

struct  PgpPkAlg; 

# i f nde  f T Y P E_PG P PK A LG 

# d e f i n e T Y P E_PG P P KA LG  1 

typedef  struct  PgpPkAlg  PgpPkAlg; 

# e nd  i f 

struct  PgpPubKey  { 

struct  PgpPubKey  *next; 
byte  pkAlg; 
byte  keyIDC8H; 
void  *priv; 

void  (*destroy)  (struct  PgpPubKey  *pubkey); 

/*  The  size  of  buffer  required  for  encrypt  */ 

si ze_t  (*maxesk)  (struct  PgpPubKey  const  *pubkey,  PgpVersion  version); 
int  (*encrypt)  (struct  PgpPubKey  const  *pubkey,  byte  const  *key, 

si ze_t  keylen,  byte  *esk,  si ze_t  *esklen, 

struct  PgpRandomContext  const  *rc,  PgpVersion  version); 
int  (*verify)  (struct  PgpPubKey  const  *pubkey,  int  sigtype, 

byte  const  *sig,  size_t  siglen, 
struct  PgpHash  const  *h,  byte  const  *hash); 
size_t  (*bufferLength)(struct  PgpPubKey  const  *pubkey); 
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void  (*toBuffer) (struct  PgpPubKey  const  *pubkey,  byte  *buf); 

>; 

# i f nd  e f T Y P E_P  GPPUBKEY 
//define  T Y P E_PG P P UBKE Y 1 
typedef  struct  PgpPubKey  PgpPubKey; 
ft  e n d i f 

struct  PgpSecKey  f 
byte  pkAlg; 
byte  keyIDC8D; 
void  * p r i v ; 

void  (*destroy)  (struct  PgpSecKey  * s e c k e y ) ; 

struct  PgpPubKey  * (*pubkey)  (struct  PgpSecKey  const  *seckey ) ; 
int  (*islocked)  (struct  PgpSecKey  const  *seckey); 

int  (*unlock)  (struct  PgpSecKey  *seckey,  struct  PgpEnv  const  *env, 

char  const  *phrase,  si ze_t  plen); 
void  ( * l o c k ) (struct  PgpSecKey  *seckey); 

si ze_t  (*maxdecrypted)  (struct  PgpSecKey  const  * s e c k e y ) ; 

int  (*decrypt)  (struct  PgpSecKey  *seckey,  struct  PgpEnv  const  *env, 

int  esktype,  byte  const  *esk,  size_t  esklen, 
byte  *key,  si ze_t  *keylen,  char  const  *phrase, 
s i z e_t  plen); 

si ze_t  (*maxsig)  (struct  PgpSecKey  const  *seckey,  PgpVersion  version); 
int  (*sign)  (struct  PgpSecKey  *seckey,  struct  PgpHash  const  *h, 
byte  const  *hash,  byte  *sig,  si ze_t  *siglen, 
struct  PgpRandomContext  const  *rc,  PgpVersion  version); 
int  ( * c h a n g e Lo c k ) ( s t r u c t PgpSecKey  *seckey,  struct  PgpEnv  const  *env, 

struct  PgpRandomContext  const  *rc, 
char  const  *phrase,  size_t  plen); 
si ze_t  ( * b u f f e r L e n g t h ) ( s t r u c t PgpSecKey  const  * s e c k e y ) ; 
void  (*toBuffer)  (struct  PgpSecKey  const  *seckey,  byte  * b u f ) ; 

>; 

# i f nde  f T Y P E_PG P S E C KE Y 
//define  T Y P E_PG P S E C KE Y 1 
typedef  struct  PgpSecKey  PgpSecKey; 
ft  e n d i f 

//define  PGP  PKALG  R S A 1 


/ * 

* These  are  ViaCrypt's  "restri 

c t ed  " 

versions  of 

RSA.  There  are 

reasons 

* to  want  PGP  to 

limit  you  in 

this 

way.  Some  forces  which 

might 

try 

* to  force  disci 

osure  of  your 

key  (such  as  courts)  can  be 

dissuaded  on 

* the 

★ 

grounds  that  nothing  is 

being 

hidden  by  the  keys. 

* The 

★annoying* 

thing,  however,  is 

that  ViaCrypt  chose  to 

leave 

the 

* encrypted  session  kay  and  signature  packets  with  a pkalg 

byte 

of  1 . 

* Which  means  that  various  bits  of 

code  contain 

kludges  to 

deal 

with 

* this 

* / 

//define 

fact. 

P G P_PK A L G. 

_RSA_ENC 

2 

//define 

P G P_P  K A L G. 

_R  S A_S I G 

3 

#def i ne 

PGP_PKALG. 

_E  LG AM A L 

0x10 

/*  A.K.A. 

Diffie-Hellman 

*/ 

ft  d e f i n e 

PGP_PKALG. 

_D  S A 

0x11 

ft  define 

PGP_PKUSE. 

_S  I G N 

0x01 

#def i ne 

PGP_PKUSE. 

_ENCRYPT 

0x02 

ft  d e f i n e 

PGP_PKUSE. 

_S I G N_E  N CRYPT 

(PGP. 

_P  KU  S E_S I G N | 

PGP_PKUSE. 

.ENCRYPT) 
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#d  e f i n e 
tt  d e f i n e 
ft  d e f i n e 
ft  d e f i n e 
ft  define 
ft  d e f i n e 
tt  d e f i n e 


pg p P u b Ke y N e x t ( p ) (p)->next 

pgpPubKeyDestroy(p)  (p)->destroy(p) 

pgpPubKeyMaxesk(p,v)  (p)->maxesk(p,v) 

pgpPubKeyEncrypt(p,k,kl,e,el,r,v)  (p)->encrypt(p,k,kl,e, 

pgpPubKeyVerify(p,t,s,sl,h,ha)  (p)->verify(p,t,s,sl,h,ha) 
pgpPubKeyBufferLength(p)  (p)->bufferLength(p) 

pgpPubKeyToBuffer(p,b)  (p)->toBuffer(p,b) 


tt  define 
tt  define 
tt  define 
tt  d e f i n e 
tt  d e f i n e 
#de  f i ne 
tt  d e f i n e 

tt  d e f i n e 
tt  d e f i n e 
#d e f i n e 
tt  d e f i n e 
tt  define 


pgpSecKeyDestroy(s) 

pgpSecKeyPubkey(s) 

pgpSecKeylslocked(s) 

pgpSecKeyUnlock(s,e,p, 

pgpSecKeyLock(s) 

pgpSecKeyMaxdecryptedC 

pgpSecKeyDecrypt(s,env 

t,e,el,k,kl,p, 

pgpSecKeyMaxsig(s,v) 

pgpSecKeySign(s,h,ha,s 

pgpSecKeyChangel_ock(s, 

pgpSecKeyBufferLengthC 

pgpSecKeyToBuffer(s/b) 


(s)->destroy(s) 

(s)->pubkey(s) 

(s)->islocked(s) 


pi) 

( s 

)- 

> u n l o c k ( 

s,e,p. 

pi) 

( s 

) ->  l o c k ( 

s ) 

s ) 

( s 

)- 

>maxdecr 

y p t e d ( 

s ) 

,t,e 

, e l , k , k l 

, P 

, p l ) 

( s 

) ->dec  rypt ( s 

pi) 

( s 

) ->ma  x s i 

g < 

s , v ) 

i , s i 

l , r, v ) 

(s)- 

> s i g n ( 

s,h,ha,si,si 

e,r,p,pl)  (s)->changel_ock(s,e,r,p,pl) 
s)  ( s ) -> bu f i e r Le n g t h ( s ) 

(s)->toBuffer(s/b) 


struct  PgpPkAlg  const  *pgpPkalgByNumber(byte  pkalg); 
int  pg pKey U s e ( s t r u c t PgpPkAlg  const  *pkAlg); 

si ze_t  pg p Pu bKe y P r e f i x S i z e ( by t e pkAlg,  byte  const  *p,  size_t  ten); 
struct  PgpPubKey  * 

pgpPubKeyFromBufCbyte  pkAlg,  byte  const  *p,  si ze_t  ten,  int  *error); 
struct  PgpSecKey  * 

pgpSecKeyFromBuflbyte  pkAlg,  byte  const  *p,  size_t  ten,  int  *error); 


unsigned  pg p S e c Key E n t r o py ( s t r u c t PgpPkAlg 
struct  PgpSecKey  * pg p S e c Ke y G e n e r a t e ( s t r u c t 
unsigned  bits, 

struct  PgpRandomContext  const  *rc, 
void  *arg,  int  *error); 


const  *pkAlg,  unsigned  bits) 
PgpPkAlg  const  *pkAlg, 

int  (*progress) (void  *arg. 


#end i f /*  PGP  PUBKEY  H */ 


l / r , v ) 


e n v , \ 

, r,v) 


n t c ) , 
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rsaglue.c 

/ * 

* rsaglue.c  - The  interface  between  bignum  math  and  RSA  operations. 

* This  layer's  primary  reason  for  existence  is  to  allow  adaptation 

* to  other  RSA  math  libraries  for  legal  reasons. 

* 

* Written  by  Colin  Plumb. 

★ 

* Sid:  rsaglue.c, v 1.19.2.1  1996/11/14  04:09:39  cbertsch  Exp  $ 

*/ 


# i f d e f HAVE  CONFIG  H 


# i nc l ude 
//end  i f 

"config.h" 

//include 

"rsagtue.h" 

//include 

"keymisc.h" 

//include 

"pgp/bn.h" 

//include 

"pgp/pgperr.h" 

//include 

"pgp/ random,  h" 

U i n c l u d e 

"pgp/usuals.h" 

/* 

* This 

is  handy  for  debugging. 

* it  n i 

★ / 

cely  prints  every  detai 

//define 

BNDEBUG  0 

VERY  VERY  DANGEROUS  for 
your  secret  key! 


production  - 


//if  BNDEBUG 

/ * Some  debugging  hooks  which  have  been  left  in  for  now.  * / 

//include  " pg  p / bn  p r i n t . h " 

//define  b n d P u t ( p r omp  t , bn)  ( f p u t s ( p r omp  t , stdout),  b n P r i n t ( s t d o u t , bn), 

putcharl 1 \n ' ) ) 


//define  bndPrintf  printf 
//else 

//define  bnd  Pu  t ( p r omp  t , bn)  ( ( vo  i d ) ( p r omp  t ) , ( v o i d ) ( bn  ) ) 

// i f GNUC > 1 

/*  Non-ANSI,  but  supresses  warnings  about  expressions  with  no  effect  */ 

//define  bnd  P r i n t f ( a r g . . . ) (void)0 

//else 


/*  A N S I - c o mp l i a n t - cast  entire  comma  expression  to  void  */ 
//define  bndPrintf  (void) 

//end  i f 
//end  i f 


\ 


/ * 

* If  you're  using  a legally  encumbered  library  (ugh!)  this  will  be 

* printed  in  the  program  banner. 

* / 

char  const  banner_legalese[]  = 

/* 

* This  returns  TRUE  if  the  key  is  too  big,  returning  the 

* maximum  number  of  bits  that  the  library  can  accept.  It 

* is  used  if  you  want  to  use  something  icky  from  RSADSI,  whose 

* code  is  known  to  have  satatic  limits  on  key  sizes.  (BSAFE  2.1 

* advertises  2048-bit  key  sizes.  It  lies.  It's  talking  about 

* conventional  RC4  keys,  whicah  are  useless  to  make  anything  like 

* that  large.  RSA  keys  are  limited  to  1024  bits. 
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* / 
i n t 

r s a KeyTooB i g ( s t r u c t RSApub  const  *pub,  struct  RSAsec  const  *sec) 

(void)pub; 

(void)sec; 

return  0;  / * Never  too  big!  * / 

> 


i n t 

rsaPublicEncrypt(struct  BigNum  * b n , byte  const  * i n , unsigned  len, 

struct  RSApub  const  *pub,  struct  Pg p R a nd om C o n t e x t const  *rc) 

{ 

unsigned  bytes  = (bnBits(&pub->n)+7)/8; 

pg p PKC S P a c k ( bn , in,  Len,  PKC S_P A D_E N C R Y PT E D , bytes,  rc); 

bndPrintf("RSA  encrypting. \ n " ) ; 
bndPutC" plaintext  = ",  bn); 

return  bnExpModCbn,  bn,  &pub->e,  &pub->n); 

> 


/ * 

* This  performs  a modular  exponentiation  using  the  Chinese  Remainder 

* Algorithm  when  the  modulus  is  known  to  have  two  relatively  prime 

* factors  n = p * q,  and  u = pA-1  (mod  q)  has  been  precomputed. 

* 

* The  Chinese  remainder  algorithm  lets  a computation  mod  n be  performed 

* mod  p and  mod  q,  and  the  results  combined.  Since  it  takes 

* (considerably)  more  than  twice  as  long  to  perform  modular  exponentiation 

* mod  n as  it  does  to  perform  it  mod  p and  mod  q,  time  is  saved. 

* 

* If  x is  the  desired  result,  let  xp  and  xq  be  the  values  of  x mod  p 

* and  mod  q,  respectively.  Obviously,  x = xp  + p * k for  some  k. 

* Taking  this  mod  q,  xq  ==  xp  + p*k  (mod  q),  so  p*k  ==  xq-xp  (mod  q) 

* and  k ==  pA-1  * (xq-xp)  (mod  q),  so  k = u * (xq-xp  mod  q)  mod  q. 

* After  that,  x = xp  + p * k. 

ic 

* Another  savings  comes  from  reducing  the  exponent  d modulo  phi(p) 

* and  phi(q).  Here,  we  assume  that  p and  q are  prime,  so  phi(p)  = p-1 

* and  phi(q)  = q-1 . 

*/ 

static  i n t 

bnExpMod C RA ( s t ru c t BigNum  *x,  struct  BigNum  const  *d, 

struct  BigNum  const  *p,  struct  BigNum  const  *q,  struct  BigNum  const  *u) 

{ 

struct  BigNum  xp,  xq,  k; 
i n t i ; 

bndPrintf(" Performing  Chinese  Remainder  Algorithm\n"); 

bndPut("x  = ",  x ) ; 

bndPut("p  = ",  p); 

bndPut("q  = ",  q); 

bndPutC d = ",  d); 

bndPut ( "u  = ",  u); 

bnBegin(&xp); 

bnBegin(Sxq); 
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bnBegin(Sk); 


/*  Compute  xp  = (x  mod 

P > 

A (d 

mod 

p-1  ) 

mod  p * / 

if  (bnCopy(Sxp,  p)  < 0) 

/ * 

First,  use  xp  tc 

i hold 

P- 

1 */ 

goto  fail; 

(void)bnSubQ(Sxp,  1 ) ; 

/* 

P > 

1,  so  subtracting 

i s 

safe. 

if  (bnMod(Sk,  d,  Sxp)  < 

0) 

/ * 

k = 

d mod  (p-1) 

* / 

goto  fail; 

bnd  Pu  t ( 

"d  mod  p-1  = ",  Sk); 

if  (bnMod(Sxp,  x,  p)  < 

0) 

/ * 

Now 

xp  = ( x mod 

p ) * / 

goto  fail; 

bnd  Pu  t ( 

"x  mod  p = ",  Sxp); 

if  ( bnExpMod ( Sxp,  Sxp, 

Sk, 

p)  < 

0) 

/ * x p = ( X 

mod  p ) 

A k 

mod  p 

goto  fail; 

bndPut  ( 

"xp  = xAd  mod  p = ",  Sxp); 

/*  Compute  xq  = (x  mod 

q ) 

A (d 

mod 

q-1  ) 

mod  q * / 

if  (bnCopy(Sxq,  q)  < 0) 

/* 

First,  use  xq  to 

hold 

q- 

1 */ 

goto  fail; 

( vo i d ) bnSubQ ( Sxq  , 1); 

/* 

q > 

1,  so  subtracting 

i s 

safe. 

if  (bnMod(Sk,  d,  Sxq)  < 

0) 

/ * 

k = 

d mod  (q-1) 

*/ 

goto  fail; 

bnd  Pu  t ( 

"d  mod  q-1  = ",  Sk); 

if  (bnMod(Sxq,  x,  q)  < 

0) 

/* 

Now 

x q = ( x mod 

q ) * / 

goto  fail; 

bnd  Pu  t ( 

"x  mod  q = ",  Sxq); 

if  (bnExpMod(Sxq,  Sxq, 

Sk, 

q ) < 

0) 

/ * x q = ( x 

mod  q ) 

A k 

mod  q 

goto  fail; 

bndPut("xq  = xAd  mod  q = ",  Sxq); 

/*  xp  < p and  PGP  has  p < q,  so  this  is  a no-op,  but  just  in  case  */ 
if  (bnMod(Sk,  Sxp,  q)  < 0) 
goto  fail; 
bndPut("xp  mod  q = ",  Sk); 

i = bnSubl&xq,  S k ) ; 
bndPut("xq  - xp  = ",  Sxq); 
bndPrintf("With  sign  %d\n",  i); 
if  ( i < 0) 

goto  fail; 

if  ( i ) { 

/* 

* Borrow  out  - xq-xp  is  negative,  so  bnSub  returned 

* xp-xq  instead,  the  negative  of  the  true  answer. 

* Add  q back  (which  is  subtracting  from  the  negative) 

* so  the  sign  flips  again. 

* / 

i = bnSub(Sxq,  q); 
if  ( i < 0) 

goto  fail; 

bndPut("xq  - xp  mod  q = ",  Sxq); 

bndPri ntf ( "Wi  th  sign  %d\n",  i);  /*  Must  be  1 */ 

> 

/*  Compute  k = xq  * u mod  q */ 
if  (bnMul(Sk,  u,  Sxq)  < 0) 
goto  fail; 

bndPutC" (xq-xp)  * u = ",  Sk); 

if  (bnMod(Sk,  Sk,  q)  < 0) 
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goto  fail; 

bndPut("k  = (xq-xp)*u  % q = ",  &k); 


/*  Now  x = k * p + xp  is  the  final  answer  */ 
if  (bnMulCx,  &k,  p)  < 0) 
goto  fail; 

bndPut("k  * p = ",  x); 

if  (bnAddCx,  Sxp)  < 0) 
goto  fail; 

bndPut("k*p  + xp  = ",  x); 

#if  BNDEBUG  /*  333  DEBUG  - do  it  the  slow  way  for  comparison  */ 

if  (bnMul(&xq,  p,  q)  < 0) 
goto  fail; 
bndPut("n  = p*q  = ",  Sxq); 

if  ( bn E x pMod ( &x p , x,  d,  Sxq)  < 0) 
goto  fail; 

bndPut("xAd  mod  n = ",  Sxp); 

if  (bnCmpCx,  Sxp)  !=  0)  { 
bndPrintfl" Nasty!  ! ! \ n " ) ; 

goto  fail; 

> 

bnSetQCSk,  17); 
bnExpModCSxp,  Sxp,  Sk,  Sxq); 
bndPut("xA17  mod  n = ”,  Sxp); 

U e nd i f 

bnEnd(Sxp)  ; 
bnEnd(Sxq); 
bnEnd(Sk); 
return  0; 

fail: 

bnEnd(Sxp); 

bnEnd(Sxq); 

bnEnd(Sk); 

return  PG P E R R_N OM E M ; 

> 


/ * 

* This  does  an  RSA  signing  operation,  which  is  very  similar,  except 

* that  the  padding  differs.  The  type  is  1,  and  the  padding  is  all  1 ' s 

* (hex  OxFF).  In  addition,  if  the  data  is  a DER-padded  MD5  hash,  there's 

* an  option  for  encoding  it  with  the  old  PGP  2.2  format,  in  which  case 

* that's  all  replaced  by  a 1 byte  indicating  MD5. 

* 

* When  decrypting,  distinguishing  these  is  a bit  trickier,  since  the 

* second  most  significant  byte  is  1 in  both  cases,  but  in  general, 

* it  could  only  cause  confusion  if  the  PGP  hash  were  all  1 ' s . 


To  summarize,  the  formats  are 


★ 

Position 

Value 

Function 

★ 

n-1 

0 

This  is  needed  to  ensure  that  the  padded 

★ 

is  less  than  the  modulus. 

★ 

n-2 

1 

The  padding  type  (all  ones). 

★ 

n-3.  . len  + 1 

255 

All  ones  padding  to  ensure  signatures  are 

★ 

l e n 

0 

Zero  byte  to  mark  the  end  of  the  padding 

★ 

l en-1  . .x 

A S N . 1 

The  ASN.1  DER  magic  cookie  (18  bytes) 

rare 
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* x - 1 . . 0 data 

* 

* 

* Position  Value 

* n - 1 0 

* n-2  1 

* n-2..n-len-2  data 

* n-  l en-2  0 

* n-  l en-3 . . 1 255 

* 0 1 

* 


The  payload  MD5  hash  (16  bytes). 


"This  is  MD5" 

Supplied  payload  MD5  hash  (len  ==  16). 
Zero  byte  to  mark  the  end  of  the  padding 
All  ones  padding. 

The  padding  type  (all  ones). 


* 

* The  reason  for  the  all  I's  padding  is  an  extra  consistency  check. 

* A randomly  invented  signature  will  not  decrypt  to  have  the  long 

* run  of  ones  necessary  for  acceptance. 

* 

* Oh...  the  public  key  isn't  needed  to  decrypt,  but  it's  passed  in 

* because  a different  glue  library  may  need  it  for  some  reason. 

* 

* TODO:  Have  the  caller  put  on  the  PKCS  wrapper.  We  can  notice  and 

* strip  it  off  if  we're  trying  to  be  compatible. 

*/ 

static  const  byte  signedType  = 1 ; 


i n t 

rsaPrivateEncrypt(struct  BigNum  *bn,  byte  const 
struct  RSAsec  const  *sec) 

{ 


unsigned  bytes  = (bnBits(Ssec->n)+7)/8; 


* i n , 


unsigned 


len. 


pgpPKCSPack(bn,  in,  len,  PKC S_P A D_S I GN E D , bytes, 

(struct  PgpRandomContext  const  *)NULL); 

bndPrintf("RSA  signing. \n"); 
bndPut(" plaintext  = ",  bn); 

return  bnExpModCRA(bn,  &sec->d,  &sec->p,  &sec->q,  &sec->u); 

> 


/ * 

* Decrypt  a message  with  a public  key. 

* These  destroy  (actually,  replace  with  a decrypted  version)  the 

* input  bignum  bn. 

* 


* It  recongizes  the  PGP  2.2  format,  but  not  in  all  its  generality; 

* only  the  one  case  (framing  byte  = 1,  length  = 16)  which  was  ever 

* generated.  It  fakes  the  DER  prefix  in  that  case. 

* 


* Performs  an  R S A signature  check.  Returns  a prefix  of  the  unwrapped 

* data  in  the  given  buf.  Returns  the  length  of  the  untruncated 

* data,  which  may  exceed  "len".  Returns  <0  on  error. 

* / 


i n t 

r s a Pu b l i c D e c ry p t ( by t e *buf, 
struct  RSApub  const 

{ 


unsigned  bytes; 


unsigned 
*pub ) 


len,  struct  BigNum  *bn. 


bnd P r i n t f ( " R S A signature  c h e c k i ng . \ n " ) ; 

if  ( bn E x pMod ( bn , bn,  &pub->e,  &pub->n)  < 0) 
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return  PGPERR_NOMEM; 
bndPutC" decrypted  = ",  bn); 

bytes  = (bnBits(Spub->n)+7)/8; 

return  p g p P K C S U n p a c k ( b u f , Len,  bn,  PKC S_P A D_S I GN E D , bytes); 

> 


/ * 

* Performs  an  RSA  decryption.  Returns  a prefix  of  the  unwrapped 

* data  in  the  given  buf.  Returns  the  Length  of  the  untruncated 

* data,  which  may  exceed  "Len".  Returns  <0  on  error. 

*/ 

i nt 

r s a P r i v a t e D e c ry p t ( by t e *buf,  unsigned  Len,  struct  BigNum  *bn, 
struct  RSAsec  const  *sec) 


unsigned  bytes; 


bnd P r i n t f ( " R S A decrypt i ng\n" ) ; 

if  ( bn E x pM od C R A ( b n , &sec->d,  &sec->p,  &sec->q,  &sec->u)  < 0) 
return  P G P E R R_N  0 M E M ; 
bnd Pu t ( " d e c r y p t e d = ",  bn); 

bytes  = (bnBits(8sec->n)+7)/8; 

return  p g p P KC S U n pa c k ( bu f , Len,  bn,  PKC S_P A D_E N C R Y PT E D , bytes); 

> 
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rsaglue.h 

/* 

* rsaglue.h  - RSA  encryption  and  decryption 

* 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  functions  in  an  application. 

* 

* Sid:  rsaglue.h, v 1.9  1996/11/12  02:18:31  mhw  Exp  $ 

* / 

//  i f nd  e f R S A G L U E_H 
//define  R S A G L 1)  E_H 

//include  "pgp/bn.h" 

//include  "pgp/usua  Is  . h" 


struct  PgpRandomContext; 


/*  A structure 

to  hold 

a 

public 

key 

* / 

struct  RSApub 
struct 

i 

BigNum 

n; 

/* 

The 

public  modulus  */ 

struct 

>; 

BigNum 

e; 

/* 

The 

public  exponent  */ 

/*  A structure 

to  hold 

a 

secret 

key 

*/ 

struct  RSAsec 

struct 

BigNum 

n; 

/* 

Copy 

of  public  parameters  */ 

struct 

struct 

BigNum 

B i g N urn 

e; 

d; 

/* 

Decryption  exponent  */ 

struct 

BigNum 

p; 

/* 

The 

smaller  factor  of  n */ 

struct 

BigNum 

q; 

/ * 

The 

larger  factor  of  n */ 

struct 

>; 

Bi gNum 

u; 

/* 

1/P 

(mod  q ) * / 

/ * Declarations  * / 

int  rsaKeyTooBiglstruct  RSApub  const  *pub,  struct  RSAsec  const  * s e c ) ; 

/ * Encrypt  * / 

int  rsaPub l i c Enc rypt ( s t r uc t BigNum  *bn,  byte  const  *in,  unsigned  len, 

struct  RSApub  const  *pub, 

struct  PgpRandomContext  const  * r c ) ; 

/ * Sign  * / 

int  r sa P r i va t eEnc rypt ( s t rue t BigNum  *bn,  byte  const  *in,  unsigned  len, 

struct  RSAsec  const  *sec); 

/ * Verify  * / 

int  rsaPubl  i cDecrypt (byte  *buf,  unsigned  len,  struct  BigNum  *bn, 

struct  RSApub  const  * p u b ) ; 

/ * Decrypt  */ 

int  rsaPrivateDecryptCbyte  * b u f , unsigned  len,  struct  BigNum  * b n , 

struct  RSAsec  const  * s e c ) ; 

//end  i f /*  1RSAGLUE  H */ 


1368 


lib/ pgp/ pubkey/ rsaglue2.c 


rsaglue2.c 

/ * 

* rsag  lue2 . c - Interface  to  RSAREF  Cryptographic  toolkit  from 

* RSA  Data  Security,  Inc. 

* 

* This  is  an  alternative  to  rsaglue.c,  and  should  be  used  if  the 

* use  of  the  RSAREF  library  is  required  for  legal  reasons. 

* 

* This  file  uses  RSAREF  to  perform  the  actual  encryption  and  decryption 

* It  must  be  linked  with  the  RSAREF  library  (rsaref.a,  rsaref.lib, 

* or  whatever  it's  called  on  your  system)  to  function. 

* 

* This  code  only  accepts  PKCS-style  padding.  Very  old  versions  of  PGP 

* used  a different  padding  style,  which  will  not  be  compatible  with 

* this  module. 

* 

* $Id:  rsaglue2.c,v  1.2  1996/11/12  02:18:31  mhw  Exp  $ 

*/ 


//  i f d e f H A V E_C  0 N F I G_H 

# i nc  l ude 

# e nd  i f 

" c o n f i g . h " 

//include 

<assert.h> 

//include 

"rsaglue.h" 

ft i n c l ude 

"rsakey.h" 

//include 

"keymisc.h" 

//include 

"pgp/bn.h" 

//include 

"pgp/pgperr  . h" 

//include 

"pgp/pubkey.h" 

//include 

"pgp/random.h" 

ft  i nc  l ude 

"pgp/usuals.h" 

/* 

* If  you 

're  using  a legally  encumbered 

* printed  in  the  program  banner. 

★ / 

library  this  will  be 


char  const  banner_legalese[]  = "\ 

Uses  the  RSAREF(tm)  Toolkit,  which  is  copyright  RSA  Data  Security,  Inc.  \n\ 
Distributed  by  the  Massachusetts  Institute  of  Technology.  \n"; 


/*  Include  files  from 
//include  <global.h> 
//include  <rsaref.h> 
//include  <rsa.h> 


RSAREF  */ 


/ * 

* 

* 

* 

* 

* 

*/ 


The  functions  we  call 
RSAPublicEncrypt 
RSAPri vateEncrypt 
RSAPubli cDecrypt 
RSAPrivateDecrypt 


in  rsa.h  are 


/ * 
* 
* 


This  returns  TRUE 
max i mum  numbe  r of 


if  the  key  is 
bits  that  the 


too  big,  returning 
library  can  accept 


the 
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*/ 
i n t 

rsaKeyTooBi g ( s t rue t RSApub  const  *pub,  struct  RSAsec  const  *sec) 

{ 

unsigned  maxsize  = M A X_R  S A_M  0 D U LU  S_B ITS; 
if  ( bnB i t s ( 8pub->n  ) > maxsize) 
return  maxsize; 

if  ( bnB i t s ( 8pub->e  ) > maxsize) 
return  maxsize; 

if  (bnBits(8sec->d)  > maxsize) 
return  maxsize; 

if  (bnBi ts(8sec->p)  > M A X_R  S A_P  RIM  E_B ITS) 
return  maxsize; 

if  (bnBi ts(Ssec->q)  > M A X_R  S A_P  R I M E_B ITS) 
return  maxsize; 

if  ( bnBi t s ( 8sec->u  ) > M A X_R  S A_P  R I M E_B ITS) 
return  maxsize; 

/*  Else  OK  */ 
return  0; 

> 

/*  Initialize  RSAREF  pubkey  structure  from  a struct  RSApub.  */ 
static  void 

rpubk_ini t ( R_R S A_P U B L I C_K E Y *rpubk,  struct  RSApub  const  *pub) 
f 

memsetCrpubk,  0,  sizeof  ( * r p u b k ) ) ; 
rpubk->bits  = bnBits(8pub->n); 

bnExtractBi  g By t e s ( 8 p u b-> n , rpubk->modulus,  0,  M A X_R  S A_M  ODl)LUS_LEN); 
bnExt ractBi gBy tes (8pub->e,  r p u b k- > e x p o n e n t , 0,  M A X_R S A_M 0 D U LU S_L E N ) ; 


/*  Initialize  RSAREF  privkey  structure  from  a struct  RSAsec.  */ 
static  void 

rpri vk_i ni t ( R_R S A_P R I V A T E_KE Y *rprivk,  struct  RSAsec  const  *sec) 

{ 

struct  BigNum  dmodp,  dmodq,  tmp; 

memsetCrprivk,  0,  sizeof  ( * r p r i v k ) ) ; 

/*  Calculate  d mod  p-1  and  d mod  q-1  */ 

bnBegin(Sdmodp); 

bnBegin(Sdmodq); 

bnBegin(Stmp); 

bnCopyC&tmp,  &sec->p); 

bnSubGK&tmp,  1); 

bnMod ( Sdmodp,  Ssec->d,  Stmp); 

bnCopyC&tmp,  &sec->q); 

bnSubQCStmp,  1); 

bnModC&dmodq,  &sec->d,  Stmp); 

/*  Fill  in  structure  */ 
rprivk->bits  = bnBits(Ssec->n); 

bn E x t ra c t B i gBy t e s ( S s e c-> n , r p r i v k->mod u l u s , 0,  M A X_R  S A_M  0DULUS_LEN); 
bn E x t r a c t B i g By t e s ( 8 s e c -> e , r p r i v k-> pu b l i c E x pon e n t , 0, 

M A X_R  S A_M  ODULUS_LEN); 

bnExtractBi gBytes (8sec->d,  rprivk->exponent,  0,  M A X_R  S A_M  0DULUS_LEN) ; 
/*  RSAREF  uses  convention  p > q,  the  opposite  of  ours  */ 
bn  Ex t ra c t B i gBy t e s ( 8s e c->q , r p r i v k- > p r i m e C 0 ] , 0,  M A X_R  S A_P  R I M E_L  E N ) ; 
bnEx t ra c t B i gBy t es ( 8s e c->p,  r p r i v k - > p r i m e C 1 D , 0,  M A X_R S A_P R I M E_L E N ) ; 
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bn E x t r a c t B i g By t e s ( Sdmodq  , r p r i v k - > p r i m e E x p o n e n t C 0 ] , 0, 

MAX_RSA_PRIME_LEN) ; 

bn E x t r a c t B i g By t e s ( Sdmod p , r p r i v k - > p r i m e E x p o n e n t C 1 3 , 0, 

M A X_R  S A_P  RIME_LEN) ; 

bn E x t r a c t B i g By t e s ( & s e c -> u , rp r i v k-> c o e f f i c i e n t , 0,  M AX_R S A_P R I M E_L E N ) ; 

bnEnd ( Sdmodp  ) ; 
bnEnd(Sdmodq); 
bnEnd(Stmp)  ; 

> 

/ * 

* Encrypt  a buffer  holding  a session  key  with  an  RSA  public  key 

★ / 
i n t 

r s a P u b l i c E n c r y p t ( s t r u c t BigNum  *bn,  byte  const  *in,  unsigned  len, 

struct  RSApub  const  *pub,  struct  Pg p R a ndom C o n t e x t const  *rc) 

R_R  S A_P  U B L I C_K  E Y rpubk; 

R_RANDOM_STRUCT  rrs; 
byte  buf C M A X_R S A_M 0 D U L U S_L E N ] ; 
unsigned  int  bufsize; 
i n t err; 

/*  Set  the  return  number  to  0 to  start  */ 

( v o i d ) b n S e t Q( b n , 0); 

/*  Initialize  RSAREF  public  key  structure  */ 
rpubk_init(Srpubk,  pub); 

/*  Initialize  RSAREF  random  numbers  */ 

R_R andomlnitl&rrs); 
do  { 

R_G  etRandomBytesNeededl&bufsize,  Srrs); 
if  (bufsize  > sizeof(buf)) 

bufsize  = sizeof(buf); 
if  (bufsize)  { 

pgpRandomGetBytes(rc,  buf,  bufsize); 

R_R a nd omU pd a t e ( S r r s , buf,  bufsize); 

> 

> while  (bufsize); 

/*  Pad  and  encrypt  */ 

err  = R S A P u b l i c E n c r y p t ( bu f , Sbufsize,  in,  len,  Srpubk,  Srrs); 
R_RandomFinal(8rrs); 

if  (err)  { 

memsetlbuf,  0,  sizeof(buf)); 
memset (Srpubk,  0,  sizeof(rpubk)); 
if  (er r==RE_LEN ) 

return  PG P E R R_P UBKE Y_T00 S M A L L ; 
return  PG P E R R_G E N E R I C ; 

> 

/*  Return  to  bn  format  */ 
bnInsertBigBytes(bn,  buf,  0,  bufsize); 
memset(buf,  0,  sizeof(buf)); 
memset(Srpubk,  0,  sizeof(rpubk)); 
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> 


return  0; 


/ * 

* Do  an  RSA  signing  operation  using  the  secret  key 

* / 
i n t 

r s a P r i v a t e E n c r y p t ( s t r u c t BigNum  *bn,  byte  const  *in,  unsigned  ten, 
struct  RSAsec  const  *sec) 

{ 

R_R  S A_P  R I V A T E_K  E Y rprivk; 
byte  but HMAX_RSA_MODULUS_LEN]; 
unsigned  int  bufsize; 
i n t err; 

/*  SET  the  return  number  to  0 to  start  */ 

(void)bnSetQ(bn,  0 ) ; 

/*  Initialize  RSAREF  private  key  structure  */ 
r p r i v k_i n i t ( & r p r i v k , sec); 

err  = RSAPrivateEncrypt(buf,  Sbufsize,  in,  ten,  Srprivk); 
if  (err)  { 

memset (buf , 0,  s i z e o f ( bu f ) ) ; 
memsetC&rprivk,  0,  sizeof(rprivk)); 
if  (err  = = R E_L E N ) 

return  P G P E R R_P U B K E Y_T 0 0 S M A L L ; 
return  P G P E R R_G E N E R I C ; 

> 

/*  Return  to  bn  format  */ 
bnlnsertBi gBytesCbn,  buf,  0,  bufsize); 
memsetCbuf,  0,  sizeof(buf)); 
memsetCSrprivk,  0,  sizeof(rprivk)); 

return  0; 

> 

/* 

* These  destroy  (actually,  replace  with  a decrypted  version)  the 

* i nput  bi gnum  bn . 

* 

* Performs  an  RSA  signature  check.  Returns  a prefix  of  the  unwrapped 

* data  in  the  given  buf.  Returns  the  length  of  the  untruncated 

* data,  which  may  exceed  "len".  Returns  <0  on  error. 

*/ 

int 

r s a Pu b l i c D e c ry p t ( by t e *outbuf,  unsigned  len,  struct  BigNum  *bn, 
struct  RSApub  const  *pub) 

{ 

R_RSA_PUBLIC_KEY  rpubk; 
byte  buf [MAX_RSA_M0DULUS_LEN]; 
unsigned  int  bufsize; 
int  err; 

/*  Initialize  RSAREF  public  key  structure  */ 
rpubk_init(&rpubk,  pub); 
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bufsize  = (bnBits(bn)  + 7 ) / 8; 

if  (bufsize  > sizeof(buf)) 

bufsize  = sizeof(buf); 
bnExtractBigBytesCbn,  buf,  0,  bufsize); 

err  = RSAPublicDecrypt(buf,  Sbufsize,  buf,  bufsize,  &rpubk); 
if  (err)  C 

memset(buf,  0,  sizeof(buf)); 
memset (Srpubk,  0,  sizeof(rpubk)); 
if  (err-  = R E_L  E N ) 

return  P G P E R R_P  U B K E Y_T  00SMALL; 
return  PG P E R R_G E N E R I C ; 

> 

/*  Copy  result  to  buffer  */ 
if  (ten  > bufsize) 

len  = bufsize; 
mem c py ( o u t bu f , buf,  len); 

memset(buf,  0,  sizeof(buf)); 
memset (Srpubk,  0,  sizeof(rpubk)); 

return  bufsize; 

> 

/ * 

* Performs  an  RSA  decryption.  Returns  a prefix  of  the  unwrapped 

* data  in  the  given  buf.  Returns  the  length  of  the  untruncated 

* data,  which  may  exceed  "len".  Returns  <0  on  error. 

*/ 

i n t 

r s a P r i va t e D e c r y p t ( by t e *outbuf,  unsigned  len,  struct  BigNum  *bn, 
struct  RSAsec  const  *sec) 

{ 

R_R  S A_P  R I V A T E_K  E Y rprivk; 
byte  buf [ M A X_R S A_M 0 D U L U S_L E N ] ; 
unsigned  int  bufsize; 
i n t err; 

/*  Initialize  RSAREF  private  key  structure  */ 
rprivk_init(8rprivk,  sec); 

bufsize  = (bnBits(bn)  + 7)  / 8; 
if  (bufsize  > sizeof(buf)) 

bufsize  = sizeof(buf); 
bnExtractBigBytes(bn,  buf,  0,  bufsize); 

err  = RSAPrivateDecrypt(buf,  Sbufsize,  buf,  bufsize,  Srpri vk)  ; 
if  (err)  { 

memset(buf,  0,  s i z e o f ( bu f ) ) ; 
memset(8rprivk,  0,  sizeof(rprivk)); 
if  (err==RE_LEN) 

return  PG P E R R_PUBKE Y_T00 S M A L L ; 
return  PG P E R R_G E N E R I C ; 

> 

/*  Copy  result  to  buffer  */ 
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if  (len  > bufsize) 

Len  = bufsize; 
memcpyCoutbuf,  buf,  len); 

memsetlbuf,  0 , sizeof(buf)); 
memsetCSrprivk,  0 , sizeof(rprivk)); 

return  bufsize; 

> 


/ * 

* Optional  code  to  replace  RSAREF's  N N_M o d E x p with  code  from  the 

* BigNum  library,  which  is  much  faster. 

* Note  that  we  are  still  using  RSAREF,  but  we  are  just  using  a faster 

* modulo  exponentiation  routine. 

* If  you  comment  out  the  following  block  of  code,  you  get  a (much  slower) 

* pure  RSAREF  version. 

*/ 

flifdef  USEMPILIB 
typedef  word32  N N_D I G I T ; 

/* 

* Within  the  RSAREF  NN  module,  values  are  stored  in  32  bit  units, 

* in  little-endian  order.  Unfortunately  this  does  not  map  well  onto 

* our  bignum  format  and  we  have  to  do  some  shuffling. 

*/ 

/*  Convert  an  RSAREF  NN  number  to  a struct  BigNum  */ 
static  void 

nntobnCstruct  BigNum  *bn,  NN_DIGIT  *nn,  unsigned  nnlen) 

{ 

byte  buf C M A X_R S A_M0 D U L U S_L E N 3 ; 
byte  *bp  = buf; 
unsigned  i; 

assert  (nnlen*4  <=  M A X_R S A_M 0 D U L U S_L E N ) ; 
for  (i=0;  i<nnlen;  + + i ) { 
word32  v = n n C i ] ; 

* b p + + = v SOxff; 

*bp++  = (v  >>  8)  & Oxff; 

*bp++  = (v  >>  16)  & Oxff; 

*bp++  = (v  >>  24)  8 Oxff; 

> 

bnlnsertLittleBytesCbn,  buf,  0,  nnlen*4); 

> 

/*  Convert  a struct  BigNum  to  an  RSAREF  NN  number  */ 
static  void 

b n t o n n ( s t r u c t BigNum  *bn,  NN_DIGIT  *nn,  unsigned  nnlen) 

{ 

byte  buf E M A X_R S A_M 0 D U L U S_L E N ] ; 
byte  *bp  = buf; 
unsigned  i ; 

assert  (nnlen*4  <=  M A X_R  S A_M  0DULUS_LEN) ; 
bnExtractLi tt leBytesCbn,  buf,  0,  nnlen*4); 
for  (i=0;  i<nnlen;  ++i)  { 
word32  v = *bp++; 
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V 

| = ( * bp  + + ) 

<< 

8; 

V 

|=  (*bp++) 

<< 

16; 

V 

| = ( *bp  + + ) 

<< 

24; 

n n 

Ci 3 = v; 

> 

> 


/* 

* Calculate  b to  the  c 
*/ 

void 

N N_M o d E x p ( N N_D I G I T *a, 
N N_D I G I T *d. 


mod  d,  result  in  a. 

N N_D I G I T *b,  NN_DIGIT  *c,  unsigned 
unsigned  dDigits) 


struct  BigNum  bnres,  bnbase,  bnexp,  bnmod; 


cDigits, 


> 


bnBegin(Sbnres); 
bnBegin(Sbnbase); 
bnBegin(Sbnexp); 
bnBegin(Sbnmod)  ; 


nntobnC&bnbase,  b , dDigits); 
nntobnC&bnexp,  c,  cDigits); 
nntobn(Sbnmod,  d,  dDigits); 


bn E x pMod ( & bn r e s , Sbnbase, 


Sbnexp,  Sbnmod); 


bntonnC&bnres, 


a,  dDigits); 


bnEnd(Sbnres); 

bnEndC&bnbase); 

bnEnd(&bnexp); 

bnEnd(&bnmod); 


#end  i f 
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rsakey.c 

/* 

* rsakey.c 

★ 

* $ I d : rsakey.c, v 1.49  1 996/1  1 /1  2 02:1  8:32  mhw  Exp  $ 

*/ 

//ifdef  HAVE  CONFIG  H 


//include 

" c o n f i g . h " 

# e n d i f 

//include 

<assert . h> 

//include 

"keymisc.h" 

//include 

"rsaglue.h" 

//include 

"rsakey.h" 

//include 

"pgp/bn.h" 

//include 

"pgp/cfb.h" 

//include 

"pgp/cipher.h" 

//include 

"pgp/hash.h" 

//include 

"pgp/ pgpmem  . h " 

//include 

"pgp/pgperr  . h" 

//include 

"pgp/prime.h" 

//include 

"pgp/pubkey.h" 

//include 

"pgp/random.h" 

U i nc l ude 

"pgp/str2key.  h" 

//include 

"pgp/usuals.h" 

# i f n d e f 

NULL 

//define 

NULL  0 

//end  i f 

//define  R S A_D  E F A U L T_E  X PON  E N T 17 

//define  A S S E R T R S A ( a l g ) a s s e r t ( ( A L G M A S K ( a L g ) ) = = PG  P_P  K A L G_R  S A ||  \ 

(ALGMASK(alg) )==PG  P_P  K A L G_R  S A_E  N C ||  \ 

(ALGMASK(alg) ) = = P G P_P K A L G_R S A_S I G ) 
//define  A S S E R T R S A S I G ( a L g ) a s s e r t ( ( A L G M A S K ( a L g ) ) = = P G P_P  K A LG_R  S A ||  \ 

(ALGMASK(alg) ) = = P G P_P  K A L G_R  S A_S I G ) 
//define  A S S E R T R S A E N C ( a l g ) a s s e r t ( ( A L G M A S K ( a l g ) ) = = PG  P_P K A L G_R  S A ||  \ 

(ALGMASK(alg) ) == P G P_P K A L G_R S A_E N C ) 


/*  A PgpSecKey ' s priv  points  to  this,  an  RSAsec  plus  the  encrypted  form...  */ 
struct  RSAsecPlus  { 

struct  RSAsec  s; 
byte  *cryptkey; 
si ze_t  ckalloc,  cklen; 
int  locked; 

>; 


/**  Public  key  functions  **/ 
static  void 

r s a Pub De s t roy ( s t r u c t PgpPubKey  *pubkey) 

{ 

struct  RSApub  *pub  = (struct  RSApub  * ) p u b k e y- > p r i v ; 
ASSERTRSA(pubkey->pkAlg); 
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bnEnd(&pub->n)  ; 
bnEnd(Spub->e); 
memset(pub,  0,  sizeof(pub)); 
pgpMemFree(pub) ; 

memset(pubkey,  0,  sizeof(pubkey)); 
pgpMemFree(pubkey) ; 

> 

U if  0 

static  void 

r s a Pu b I d 8 ( s t r u c t PgpPubKey  const  *pubkey,  byte  *buf) 

{ 

struct  RSApub  const  * p u b = (struct  RSApub  *)pubkey->priv; 

ASSERTRSA(pubkey->pkALg); 
bnExtractBigBytes(&pub->n,  but,  0,  8); 

> 

#end i f 

/*  Return  the  Largest  possible  PgpESK  size  for  a given  key  */ 
static  si z e_t 

r s a Ma x e s k ( s t r u c t PgpPubKey  const  *pubkey,  PgpVersion  version) 

{ 

struct  RSApub  const  * p u b = (struct  RSApub  *)pubkey->priv; 
(void)version; 

ASSERTRSAENC(pubkey->pkAlg); 
return  2 + (bnBits(8pub->n)+7)/8; 

> 

/ * 

* Given  a buffer  of  at  Least  "maxesk"  bytes,  make  an  PgpESK 

* into  it  and  return  the  size  of  the  PgpESK,  or  <0. 

*/ 

static  i n t 

rsaEncrypt(struct  PgpPubKey  const  *pubkey,  byte  const  *key, 
si ze_t  keylen,  byte  *esk,  si ze_t  *esklen, 
struct  PgpRandomContext  const  *rc,  PgpVersion  version) 

C 

struct  RSApub  const  *pub  = (struct  RSApub  *)pubkey->priv; 
struct  BigNum  bn; 
unsigned  t; 
i n t i ; 

/*  We  don't  need  these  arguments,  although  other  algorithms  may...  */ 
(void)rc; 

(void)version; 

ASSERTRSAENC(pubkey->pkAlg); 
t = bnBits(&pub->n); 
if  (t  > Oxffff) 

return  P G P E R R_P  U B K E Y_T  0 0 B I G ; 
if  (keylen  > t) 

return  P G P E R R_P  U B K E Y_T  00SMALL;  /*  data  too  big  for  pubkey  */ 

/*  Add  checksum  to  key,  place  temporarily  in  esk  buffer  */ 
t = 0; 

eskCO]  = keyCOD; 
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for  (i  = 1;  i < (int)keylen;  i + + ) 
t +=  e s k E i ] = k e y E i ] ; 
eskCkeylen]  = (byte)(t  >>  8 & 2 5 5 ); 
e s kE key l e n + 1 ] = (byte)(t  & 255); 

bnBegin(Sbn); 

i = rsaPubl  i cEncrypt (8bn,  esk,  keylen+2,  pub,  rc); 
if  ( i < 0 ) E 

bnEnd(Sbn); 

memsetCesk,  0,  keylen+2) ; 
return  i ; 

> 

t = pgpBnPutPlain(8bn,  esk); 
bnEnd(Sbn); 

if  (esklen) 

*esklen  = (size_t)t; 
return  0; 

> 

/* 

* Return  1 if  (sig,sigten)  is  a valid  MPI  which  signs 

* hash,  of  type  h.  Check  the  DER-encoded  prefix  and  the 

* hash  itself. 

* / 

static  i n t 

rsaVerifyCstruct  PgpPubKey  const  *pubkey,  int  sigtype,  byte  const  *sig, 
size_t  siglen,  struct  PgpHash  const  *h,  byte  const  *hash) 

{ 

struct  RSApub  const  * p u b = (struct  RSApub  *)pubkey->priv; 
struct  BigNum  bn; 

byte  bufE64D;  / * largest  hash  size  + DER  prefix  * / 
int  i ; 
unsigned  t; 

(void)sigtype; 

ASSERTRSASIG(pubkey->pkAlg) ; 
t = ((unsigned)sigE0II<<8)  + sigEIH; 
t = ( t + 7 ) / 8 ; 
if  (siglen  ! = t + 2) 

return  siglen  < t+2  ? PG P E R R_S I G_T00 S H 0 R T 

: PGPERR_S IG_T00L0NG ; 

bnBegin(Sbn); 

if  (bnInsertBigBytes(&bn,  sig+2,  0,  t)  < 0)  { 
bnEnd(Sbn); 
return  PG P E R R_N0M E M ; 

> 

i = rsaPublicDecrypt(buf,  sizeof(buf),  8bn,  pub); 
bnEnd(Sbn); 

if  (i  >=  0)  { 

/*  Check  that  the  returned  data  is  correct  */ 
t = h->DERprefixsize; 
i = ( s i z e_t ) i <=  sizeof(buf) 

&&  (unsigned)i  ==  h->hashsize  + t 
88  memcmp ( buf , h->DERprefix,  t)  = = 0 
88  memcmp(buf  + t,  hash,  h->hashsize)  = = 0; 
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> 

memset(buf,  0,  sizeof(buf)); 

return  i ; 

> 

/* 

* Turn  a PgpPubKey  into  the  algorithm-specific  parts  of  a public  key. 

* A public  key's  RSA-specific  part  is: 

* 

* 0 2 + i MPI  for  modulus 

* 2+i  2+t  MPI  for  exponent 

* 4+i +t 
*/ 

static  s i z e_t 

r s a P ubB u f f e r L e n g t h ( s t r u c t PgpPubKey  const  *pubkey) 

{ 

struct  RSApub  const  * p u b = (struct  RSApub  *)pubkey->priv; 
return  4 + ( bnB i t s ( Spub->n ) +7 ) / 8 + ( bnB i t s ( &pub->e ) +7 ) / 8; 

> 

static  void 

rsaPubToBuf ferlstruct  PgpPubKey  const  *pubkey,  byte  *buf) 

{ 

struct  RSApub  const  * p u b = (struct  RSApub  *)pubkey->priv; 
unsigned  i,  t; 

i = bnBits(&pub->n); 
assert(i  <=  Oxffff); 
bufCO]  = (byte)(i  >>  8); 
bufCID  = (byte)i; 
i = ( i + 7 ) / 8 ; 

bnExtractBigBytes(&pub->n/.  buf  + 2,  0,  i); 

t = bnBits(&pub->e); 

asserttt  < = Oxffff); 

bufC2+iD  = (byte)(t  >>  8); 

bufC3+iD  = (byte)t; 

t = (t+7)/8; 

bnExtractBigBytes(8pub->e,  buf+4+i,  0,  t); 


/*  A little  helper  function  that's  used  twice  */ 
static  void 

r s a F i l l P ub k ey ( s t r u c t PgpPubKey  *pubkey,  struct  RSApub  *pub) 


pubkey->next 

= 

N U L L ; 

pubkey->pkA  l g 

= 

PGP_PKALG_RSA; 

pubkey->pri  v 

= 

pub; 

pubkey->destroy 

= 

rsaPubDest  roy; 

# i f 0 

pubkey->id8 

- 

rsaPubId8; 

# e nd  i f 

pubkey->maxes  k 

= 

rsaMaxesk; 

pubkey->encrypt 

= 

rsaEncrypt; 

pubkey-> ve  r i f y 

= 

rsaVeri fy; 

pubkey->bufferLength  = rsaPubBufferLength; 

> 

pubkey->toBuffer 

— 

rsaPubToBuffer; 
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/ * 

* Turn  the  a l g o r i t h m- s pe c i f i c parts  of  a public  key  into  a PgpPubKey 

* structure.  A public  key's  RSA-specific  part  is: 

* 

* 0 2 + i MPI  for  modulus 

* 2+i  2+t  MPI  for  exponent 

* 4 + i + t 

* / 

struct  PgpPubKey  * 

rsaPubF  romBuf ( byte  const  *buf,  si ze_t  size,  int  *error) 

{ 

struct  PgpPubKey  *pubkey; 
struct  RSApub  *pub; 
unsigned  i,  t; 

bnlnitC); 

if  (size  < 4) 

return  NULL; 

i = ((unsigned)bufC03  <<  8)  + b u f C 1 3 ; 
if  ( ! i ||  b u f L 2 3 >>  ( ( i - 1 ) & 7)  !=  1)  { 

★ error  = P G P E R R_K  E Y_M  ODMPI; 

return  NULL;  / * Bad  bit  length  * / 

> 

i = ( i +7  ) / 8 ; 
if  (size  < 4+i)  { 

★error  = PG P E R R_K E Y_S H 0 R T ; 
return  NULL; 

> 

if  ((bufC1+i3  & 1)  ==  0)  { /*  Too  small  or  even  modulus  */ 

★error  = P G P E R R_K E Y_M 0 D E V E N ; 
return  NULL; 

> 

t = ( ( u n s i g n ed  ) bu f C 2 + i 3 <<  8)  + bufC3  + i3; 
if  ( ! t ||  bufC4  + i 3 >>  ( ( t - 1 ) & 7)  !=  1)  { 

★ error  = PG P E R R_KE Y_E X PM P I ; 

return  NULL;  /*  Bad  bit  length  */ 

} 

t = (t+7)/8; 
if  (size  < 4+i+t)  { 

★error  = P G P E R R_K E Y_S H 0 R T ; 
return  NULL; 

} 


pub  = (struct  RSApub  * ) pg pM em A l l o c ( s i z eo f ( ★ pu b ) ) ; 
if  ( pub ) { 

pubkey  = (struct  PgpPubKey  *)pgpMemAlloc(sizeof(*pubkey)); 
if  (pubkey)  { 

bnBegin(8pub->n)  ; 
bnBegin(Spub->e); 

if  ( bn  I n s e r t B i g By t e s ( &pu b-> n , buf  + 2,  0,  i)  >=  0 

&&  bnInsertBigBytes(&pub->e,  buf+4+i,  0,  t)  >=  0) 

{ 


rsaFi  llPubkey(pubkey,  pub); 


★error  = 0; 
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> 


return  pubkey; 

> 

/*  Failed  = clean  up  and  return  NULL  */ 

bnEnd(&pub->n); 

bnEnd(&pub->e); 

pgpMemFree(pubkey); 

> 

pgpMemFree(pub) ; 

> 

★error  = PG P E R R_N0M E M ; 
return  NULL; 


/ * 

* Return  the  size  of  the  public  portion  of  a key  buffer. 
*/ 
i n t 

r s a Pu bKey P r e f i x S i z e ( by t e const  *buf,  size_t  size) 

{ 

return  pgpBnParselbuf,  size,  2 , NULL,  NULL); 

> 


/**  Secret  key  functions  **/ 
static  void 

r s a S e c D e s t r o y ( s t r u c t PgpSecKey  *seckey) 

{ 

struct  RSAsecPlus  *sec  = (struct  RSAsecPlus  *)seckey->priv; 

ASSERTRSA(seckey->pkAlg); 

bnEnd(8sec->s.n); 

bnEnd(&sec->s.e); 

bnEnd(Ssec->s.d); 

bnEnd(&sec->s.p); 

bnEnd(Ssec->s.q); 

bnEnd(&sec->s.u); 

memset(sec->cryptkey,  0,  sec->ckalloc); 
pgpMemFree(sec->cryptkey); 
memsetCsec,  0,  sizeof(sec)); 
pgpMemFree(sec); 

memsetCseckey,  0,  sizeof (seckey)  ); 
pgpMemFree(seckey); 

> 

# i f 0 

static  void 

r s a S e c I d8 ( s t r u c t PgpSecKey  const  *seckey,  byte  *buf) 

{ 

struct  RSAsecPlus  const  *sec  = (struct  RSAsecPlus  *)seckey->priv; 
ASSERTRSA(seckey->pkAlg); 

bnExtractBigBytes(Ssec->s.n,  buf,  0,  8); 

> 

ft  e nd  i f 
/ * 

* Generate  a PgpPubKey  from  a PgpSecKey 


1381 


lib/ pgp/ pubkey/ rsakey.c 


*/ 

static  struct  PgpPubKey  * 

rsaPubkeyCstruct  PgpSecKey  const  *seckey) 

{ 

struct  RSAsecPLus  const  * s e c = (struct  RSAsecPLus  * ) seckey->pri v; 
struct  PgpPubKey  *pubkey; 
struct  RSApub  * p u b ; 


> 


ASSERTRSA(seckey->pkAlg); 

pub  = (struct  RSApub  *)pgpMemAlloc(sizeof(*pub)); 
if  ( pub ) { 

pubkey  = (struct  PgpPubKey  *)pgpMemAlloc(sizeof(*pubkey)); 
if  (pubkey)  { 

bnBegin(Spub->n); 

bnBegin(Spub->e); 

if  ( bn C opy ( &pub->n  , &sec->s.n)  >=  0 

&&  bn C opy ( Spu b-> e , &sec->s.e)  >=  0) 

{ 


rsaFi  L LPubkey(pubkey,  pub); 
pubkey->pkAlg  = seckey->pkAlg; 
memcpy(pubkey->keyID,  seckey->keyID, 
sizeof(pubkey->keyID)); 
return  pubkey; 

> 

/*  Failed  = clean  up  and  return  NULL  */ 

bnEnd(Spub->n); 

bnEnd(&pub->e); 

pgpMemFree(pubkey); 


> 


pgpMemFree(pub); 


return  NULL; 


/* 

* Yes,  there  *is*  a reason  that  this  is  a function  and  no  a variable. 

* On  a hardware  device  with  an  automatic  timeout, 

* it  actually  might  need  to  do  some  work  to  find  out. 

* / 

static  int 

r s a I s l o c ked ( s t r u c t PgpSecKey  const  *seckey) 

{ 

struct  RSAsecPlus  const  *sec  = (struct  RSAsecPLus  * ) seckey->pri v; 

ASSERTRSA(seckey->pkAlg); 
return  sec->locked; 


/ * 

* Try  to  decrypt  the  secret  key  wih  the  given  passphrase.  Returns  >0 

* if  it  was  the  correct  passphrase.  =0  if  it  was  not,  and  <0  on  error. 

* Does  not  alter  the  key  even  if  it's  the  wrong  passphrase  and  already 

* unlocked.  A NULL  passphrae  will  work  if  the  key  is  unencrypted. 

* 

* A (secret)  key's  RSA-specific  part  is: 

* 

* 0 2+u  MPI  for  modulus 

* 2+u  2+v  MPI  for  exponent 
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* 4 + u + v 

* 5 + u + v 

* 5+t+u+v 

* 7+t+u+v+w 

* 9+t+u+v+w+x 

* 11 +t+u+v+w+x+y 


★ 


1 

Encryption 

t 

Encryption 

2 + w 

MPI  for  d 

2 + x 

M P I for  p 

2 + y 

MPI  for  q 

2 + z 

MPI  for  u 

2 

Checksum 

algorithm  (0  for  none, 
IV:  0 or  8 bytes 


for 


* Actually,  that's  the  old-style,  if  pgpS2Ko l dVers  is  true. 

* If  it's  false,  the  a Igoruthm  is  255,  and  is  followed  by  the 

* algorithm,  then  the  ( va r a i b l e- l e n g t h , s e l f -d e l i m i t i n g ) 

* s t r i n g- t o- k ey  descriptor. 

*/ 


IDEA) 


static  i n t 

rsaUnlockCstruct  PgpSecKey  *seckey,  struct  PgpEnv  const 
char  const  *phrase,  si ze_t  plen) 


*env. 


struct  RSAsecPlus  * s e c = (struct  RSAsecPlus  *)seckey->priv; 

struct  BigNum  d,  p,  q,  u,  bn; 

struct  PgpCipher  const  * c i p h e r ; 

struct  PgpCfbContext  * c f b ; 

struct  PgpStringToKey  * s 2 k ; 

byte  k e y C PG  P_C I P H E R_M  AXKEYSIZED; 

unsigned  v , t; 

unsigned  alg; 

unsigned  checksum; 

i n t i ; 


ASSERTRSA(seckey->pkAlg); 

bnlnitC); 


if  (sec->cklen  < 5) 

return  PG P E R R_KE Y_S H 0 R T ; 

v = ((unsigned)sec->cryptkeyCO]  <<  8)  + sec->cryptkey[13; 
v = (v+7)/8; 
if  (sec->cklen  < 5+v) 

return  PG P E R R_KE Y_S H 0 R T ; 

if  ( bn  I n s e r t B i gBy t e s ( & s e c-> s . n , s e c-> c r y p t k ey  + 2 , 0,  v)  < 0) 
return  PG P E R R_N 0M E M ; 

t = ((unsigned)sec->cryptkeyL2+v3  <<  8)  + sec->cryptkey[3+vD; 
t = ( t + 7 ) / 8 ; 
if  (sec->cklen  < 4+v+t) 

return  PG P E R R_KE Y_S H 0 RT  ; 

if  (bnlnsertBi gBytes (&sec->s . e,  s e c-> c r y p t k e y +4+ v , 0,  t)  < 0) 
return  PG P E R R_N0M E M ; 
v + = t + 5 ; 
if  (sec->cklen  < v) 

return  PG P E R R_KE Y_S H 0 R T ; 

/*  Get  the  encryption  algorithm  (cipher  number).  0 ==  no  encryption  */ 
alg  = sec->cryptkeyCv-1 ]; 

/*  If  the  phrase  is  empty,  set  it  to  NULL  */ 
if  ( ! phrase  ||  plen  ==  0) 
phrase  = NULL; 

/ * 

* We  need  a pass  if  it  is  encrypted,  and  we  cannot  have  a 


1383 


lib/pgp/ pubkey/ rsakey.c 


* password  if  it  is  NOT  encrypted.  I . e . , this  is  a Logical 

* xor  (AA) 

*/ 

if  (! phrase  !=  ! a L g ) 

return  0 ; 


# i f 0 


if  ( ! a L g ) { 

/ * The  key  isn't  encrypted;  just  read  it  in  * / 
cfb  = NULL; 

> else  { 

if  (a  Lg  ==  2 5 5 ) { 

/*  New  style,  with  a separate  s t r i ng - t o- k ey  */ 
if  (sec->cklen  ==  v) 

return  PG P E R R_KE Y_S H 0 R T ; 
alg  = sec->cryptkeylv++]; 

i = p g p S 2 Kd e c od e ( & s 2 k , env,  s e c -> c r y p t k e y+ v , 

sec->cklen-v); 

if  ( i < 0 ) 


return  i ; 

v +=  i ; 

if  (sec->cklen  < v) 

return  PG P E R R_KE Y_S H 0 R T ; 

} else  { 

/*  Old-style  s t r i n g- t o- key  */ 

s 2 k = pgpS2Ksimple(env,  pgpHashByNumberCPG  P_H  A S H_M  D 5 ) ) ; 
if  ( ! s 2 k ) 


return  P G P E R R_N 0 M E M ; 

> 

/*  Okay  now,  do  the  conversion  */ 
cipher  = pgpCipherByNumber(alg); 
if  (Icipher)  { 

pgpS2Kdestroy(s2k); 

return  P G P E R R_B A D_C I P H E R N U M ; 

> 

if  (sec->cklen  < v+ c i p h e r - > b l o c k s i z e ) { 
pgpS2Kdestroy(s2k); 
return  PG  P E R R_K  E Y_S  H 0 R T ; 

> 

cfb  = pgpCfbCreate(cipher); 
if  ( ! c f b ) { 

pgpS2Kdestroy(s2k); 
return  PG P E R R_N 0 M E M ; 

> 

assert(cipher->keysize  < = sizeof(key)); 

pgpStringToKey(s2k,  phrase,  plen,  key,  cipher  — >keysize); 
p g p C f b I n i t ( c f b , key,  sec->c rypt key  + v ) ; 
memset ( key,  0,  s i z e o f ( k e y ) ) ; 
pgpS2Kdestroy(s2k); 

v +=  cipher->blocksize;  /*  Skip  over  IV  */ 


y else  { /*  Old-style  */ 

/*  The  key  is  encrypted;  create  a cfb  context  */ 
cipher  = pgpCipherByNumber(alg); 
if  (Icipher) 

return  PG P E R R_B A D_C I P H E R N UM ; 
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if  (sec->cklen  < v + c i p h e r-> b L o c k s i z e ) 
return  PG P E R R_KE Y_S H 0 RT ; 
cfb  = pgpCfbCreate(cipher); 
if  ( ! c f b ) 

return  PG P E R R_N0M E M ; 

s2k  = pg p S 2 K s i mp L e ( pg p H a s h By N umb e r ( PG P_H A S H_M D 5 ) ) ; 
if  ( ! s 2 k ) { 

pgpCfbDestroy(cfb); 
return  P G P E R R_N  0 M E M ; 

> 

he  = pg pH  a s h C r e a t e ( pg pH  a s h By N umbe r ( PG P_H A S H_M D 5 ) ) ; 
if  ( ! he  ) { 

pgpCfbDestroy(cfb)  ; 
return  PG P E R R_N OM E M ; 

> 

if  ( c i p h e r-> k e y s i z e > h c -> h a s h-> h a s h s i z e ) { 
pgpCfbDestroy(cfb); 
return  PG P E R R_B A D_C I P H E R N UM ; 

> 

pg p H a s h U pda t e ( h c , (byte  const  *)phrase,  plen); 
pgpCfbInit(cfb,  pgpHashFinal(hc),  sec->cryptkey+v); 
pgpHashDestroy(hc); 
v +=  cipher->blocksize; 

> 

ft  e nd  i f 


checksum  = 0; 
bnBegin(Sd); 
bnBeg i n ( Sp  ) ; 
bnBeg i n ( Sq  ) ; 
bnBegin(Su); 
bnBegin(Sbn); 

i = pg pBn G e t 0 l d ( 8d , sec->c rypt key  + v,  sec->cklen  - v,  cfb, 
if  ( i <=  0) 

goto  fail; 

v +=  i ; 

if  (bnCmp(8d,  Ssec->s.n)  >=  0) 

goto  badpass;  / * Wrong  passphrase:  d must  be  < n 
i = pg pBn G e 1 0 L d ( &p , s e c -> c r y p t k e y + v,  sec->cklen  - v,  cfb, 
if  ( i <=  0) 

goto  fail; 

if  ( ( b n L S W o r d ( Sp ) & 1)  ==  0) 
goto  badpass; 

v +=  i ; 

i = pg pBnGe t 0 l d ( &q , s e c - > c r y p t k e y + v,  sec->cklen  - v,  cfb, 
if  (i  <=  0) 

goto  fail; 

if  ( ( bn L S Wo r d ( Sq  ) & 1)  ==  0) 
goto  badpass; 

v +=  i ; 

/*  Extremely  high-powered  check.  Verify  that  p*q  ==  n */ 
if  (bnMulCSbn,  &p,  Sq)  < 0) 
goto  nomem; 

if  (bnCmp(Sbn,  Ssec->s.n)  !=  0) 
goto  badpass; 

/*  Verify  that  d*e  ==  1 mod  p-1  */ 


Schecksum); 


* / 

Schecksum); 


Schecksum); 
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( v o i d ) bn S u bQ ( 8p , 1); 

if  (bnMuKSbn,  Sd,  Ssec->s.e)  < 0 ||  bnMod(8bn,  &bn,  &p)  < 0) 
goto  nomem ; 

if  (bnCmpQ(8bn,  1)  !=  0) 

goto  badpass; 

( vo i d ) bn AddQ ( 8p , 1); 

/*  Verify  that  d*e  ==  1 mod  q-1  */ 

(void)bnSubQ(Sq,  1 ) ; 

if  (bnMuKSbn,  Sd,  8sec->s.e)  < 0 ||  bnMod(8bn,  Sbn,  8q)  < 0) 
goto  nomem; 

if  (bnCmpQ(8bn,  1)  !=  0) 

goto  badpass; 

(void)bnAddQ(Sq,  1); 

i = pgpBnGet0ld(8u,  sec->cryptkey  + v,  sec->cklen  - v,  cfb,  Checksum); 

if  ( i < = o ) 

goto  fail; 

v +=  i ; 


/*  Check  that  we  ended  in  the  right  place  * / 
if  (sec->cklen  - v !=  2)  { 

i = P G P E R R_K  E Y_L  0 N G ; 
goto  fail; 

> 

checksum  S=  Oxffff; 

if  (checksum  !=  ( ( u n s i g n e d ) s e c - > c r y p t k e y C v D < < 8 ) + s e c - > c r y p t k e y C 1 + v ] ) 
goto  badpass; 


/*  Verify  that  u = pA-1  mod  q is  less  than  q */ 

if  (bnCmpCSu,  Sq)  >=  0) 
goto  badpass; 

/*  Verify  that  u * p ==  1 mod  q */ 

if  CbnMuKSbn,  8p,  8u)  <0  ||  bnModCSbn,  Sbn,  Sq)  < 0) 
goto  nomem; 

if  (bnCmpGKSbn,  1)  !=  0) 

goto  badpass; 


/ ★ 

* Okay,  we've  verified  every  single  value  in  the  secret  key, 

* against  the  public  key,  so  it  is  *definitely*  the  right 

* secret  key.  Note  that  the  "nomem"  case  calls  bnEndO 

* more  than  once,  but  this  is  guaranteed  harmless. 

*/ 


bnEnd (Sbn  ) ; 
if  (bnCopy (Ssec->s  . d, 
goto  nomem; 
bnEnd(Sd); 

if  (bnCopy(Ssec->s . p, 
goto  nomem; 
bnEnd(Sp); 

if  ( bn C o py ( S s e c -> s . q , 
goto  nomem; 
bnEnd(Sq); 

if  ( bn  Copy ( Ss e c-> s . u , 
goto  nomem; 
bnEnd(Su); 


Sd)  < 0) 

Sp)  < 0) 

Sq)  < 0) 

Su)  < 0) 


i = 1;  /*  Decrypted!  */ 
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sec->locked  = 0 ; 

return  1;  /*  Decrypted  */ 

nomem : 

i = P G P E R R_N  0 M E M ; 
goto  done; 

badpa  s s : 

i = 0;  / * Incorrect  passphrase  * / 

goto  done; 

fail: 

if  ( ! i ) 

i = PGPERR_KEY_SHORT; 
goto  done; 

done  : 

bnEnd(&bn); 

bnEnd(Su); 

bnEnd(Sq); 

bnEnd(Sp); 

bnEnd(Sd); 

return  i ; 

> 

/* 

* Relock  the  key. 

* / 

static  void 

rsaLocklstruct  PgpSecKey  *seckey) 

{ 

struct  RSAsecPlus  * s e c = (struct  RSAsecPlus  *)seckey->priv; 

ASSERTRSA(seckey->pkAlg); 
sec-> locked  = 1 ; 

/*  bnEnd  is  documented  as  also  doing  a bnBegin  */ 

bnEnd(&sec->s  . d ) ; 

bnEnd(&sec->s  .p); 

bnEnd(&sec->s  .q); 

bnEnd(&sec->s  . u ) ; 

> 

/ * 

* Return  the  size  of  the  buffer  needed,  worst-case,  for  the  decrypted 

* output.  A trivially  padded  key  (random  padding  length  = 0) 

* can  just  be  0 2 0 <key>. 

*/ 

static  s i z e_t 

r s a Ma x d e c ry p t ed ( s t r u c t PgpSecKey  const  *seckey) 

{ 

struct  RSAsecPlus  const  *sec  = (struct  RSAsecPlus  *)seckey->priv; 
s i z e_t  size; 

ASSERTRSAENC(seckey->pkAlg); 
size  = (bnBits(&sec->s.n)+7)/8; 
return  size  < 3 ? 0 : size-3; 

> 

/ * 

* Try  to  decrypt  the  given  esk.  If  the  key  is  locked,  try  the  given 

* passphrase.  It  may  or  may  not  leave  the  key  unlocked  in  such  a case. 

* (Some  hardware  implementations  may  insist  on  a password  per  usage.) 
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*/ 

static  int 

rsaDecryptCstruct  PgpSecKey  *seckey,  struct  PgpEnv  const  *env, 
int  esktype,  byte  const  *esk,  size_t  esklen, 
byte  *key,  si ze_t  *keylen,  char  const  *phrase, 
s i z e_t  p L e n ) 

{ 

struct  RSAsecPLus  *sec  = (struct  RSAsecPlus  *)seckey->priv; 
struct  BigNum  bn; 
int  i , j ; 
unsigned  t; 
s i z e_t  max; 

(void)esktype; 

ASSERTRSAENC(seckey->pkALg)  ; 
if  (sec->Locked)  { 

i = rsaUnlockCseckey,  env,  phrase,  plen); 
if  ( i <=  0) 

return  i ? i : PG P E R R_KE Y_I S LO C KE D ; 
assertC  ! sec->locked); 

> 

if  (esklen  < 2 ) 

return  PG P E R R_E S K_T 0 0 S H 0 R T ; 
t = ( ( u n s i g n e d ) e s k C 0 1 <<8  ) + eskEID; 
t = (t+7)/8; 
if  (esklen  ! = t + 2 ) 

return  esklen<t+2  ? PG P E R R_E S K_T 00 S H 0 R T : P G P E R R_E S K_T 0 0 LO N G ; 
bnBegin(Sbn); 

if  (bnInsertBigBytes(&bn,  esk+2,  0,  t)  < 0)  { 
bnEnd(Sbn); 
return  PG P E R R_N0M E M ; 

> 

max  = rsaMaxdecrypted(seckey); 

i = rsaPr i vateOecrypt ( key,  max,  Sbn,  &sec->s); 

bnEnd(Sbn); 

if  ( i < 0 ) 

return  i ; 

if  ( ( si ze_t ) i > max  ||  i < 3) 

return  PG P E R R_R S A_C 0 R R U P T ; 

/*  Check  checksum  (should  this  be  here?)  */ 
t = 0; 

for  (j  = 1;  j < i-2;  j + + ) 
t +=  keyCj]; 

if  (t  !=  ((unsigned)key[i-2D<<8)  + keyCi-ld) 
return  PG P E R R_R S A_C 0 R R U P T ; 
memset(key+i-2,  0,  2); 

/*  The  actual  key  */ 
if  (keylen) 

★keylen  = (size_t)i-2; 
return  0; 

> 

static  size_t 

rsaMaxsig(struct  PgpSecKey  const  *seckey,  PgpVersion  version) 

{ 

struct  RSAsecPlus  const  *sec  = (struct  RSAsecPlus  *)seckey->priv; 
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(void)version; 

ASSERTRSASIG(seckey->pkAlg); 
return  (bnBits(8sec->s.n)+7)/8  + 2 ; 

> 

static  i n t 

rsaSignCstruct  PgpSecKey  *seckey,  struct  PgpHash  const  *h,  byte  const  *hash, 
byte  *sig,  size_t  *siglen,  struct  PgpRandomContext  const  *rc, 
PgpVersion  version) 

{ 

struct  RSAsecPLus  *sec  = (struct  RSAsecPLus  * ) seckey->pri v; 
struct  BigNum  bn; 
unsigned  t; 
i n t i ; 

/*  We  don't  need  these  arguments,  although  other  algorithms  may...  */ 
(void)rc; 

(void)version; 

ASSERTRSASIG(seckey->pkAlg); 
if  (sec->locked) 

return  PG P E R R_KE Y_I S LO C KE D ; 

t = h->DERprefixsize; 

if  ( t + h -> h a s h s i z e > r s a Ma x s i g ( s e c key , version)) 
return  PG P E R R_PU BKE Y_T00 S M A L L ; 
memcpyCsig,  h->DERprefix,  t ) ; 
memcpy ( s i g + t , hash,  h -> h a s h s i z e ) ; 
t +=  h->hashsize; 

bnBeg i n ( 8bn  ) ; 

i = rsaPrivateEncrypt(8bn,  sig,  t,  8sec->s); 
memset(sig,  0,  t); 
if  ( i >=  0)  f 

t = bnBits(Sbn); 
sigCOD  - (byte)Ct  >>88  255); 
sigEI]  = (by te ) ( t 8 255); 
t = (t+7)/8; 

bnExtractBigBytes(8bn,  sig+2,  0,  t); 
if  ( s i g l e n ) 

*siglen  = (size_t)t+2; 

i = 0; 

> 

bnEnd(8bn) ; 
return  i; 

> 

/ * 

* Re-encrypt  a PGpSecKey  with  a new  urn  a PgpSecKey  into  a secret  key. 

* A secret  key  is,  after  a non-specific  prefix: 

* 0 1 Version  (=  2 or  3) 

* 1 4 Timestamp 

* 5 2 Validity  (=0  at  present) 

* 7 1 Algorithm  (=1  for  RSA) 

* The  following: 

* 0 2+u  MPI  for  modulus 
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* 

* 

* 

* 

* 

* 

★ 

* 

★ 

* 

★ 

* 

* 

* 

* 

* 


2 + u 

2 + v 

MPI 

for 

exponent 

4 + u + v 

1 

En  c rypt i 

o n 

a l g 

ori 

t h m 

(0  for  none,  1 

5 + u + v 

t 

Encrypt i 

on 

IV  : 

0 

or  8 

bytes 

5+t+u+v 

2 + w 

MPI 

for 

d 

7+t+u+v+w 

2 + x 

MPI 

for 

P 

9+t+u+v+w+x 

2 + y 

MPI 

for 

q 

1 1 +t+u+v+w+x+y 

2 + z 

MPI 

for 

u 

1 3+t+u+v+w+x+y+z 

2 

C h e c 

ksum 

(big- 

end 

i a n 

sum  of  all  the 

for  IDEA) 


bytes) 


The  Encryption  algorithm  is  the  cipher  algorithm  for  the  old-style 
string-to-key  conversion.  For  the  new  type,  it's  255,  then  a cipher 
algorithm,  then  a string-to-key  algorithm  ( v a r i a b l e - l e n g t h ) , 
then  the  encryption  IV.  That's  16  bytes  plus  the  string-to-key 
conversion  length. 


* On  initial  key  generation  we  rely  on  calling  this  with  env=NULL  being 

* OK  if  phrase=NULL. 

* / 


static  i n t 

rsaChangeLocklstruct  PgpSecKey  *seckey,  struct  PgpEnv  const  *env, 

struct  PgpRandomContext  const  *rc,  char  const  *phrase,  si ze_t  plen) 

{ 


struct 

RSAsecPlus  *sec  = (struct 

R S A s e c P l 

u s 

*)seckey->priv; 

struct 

Pgp S t r i ng ToKey  *s2k  = NULL 

; / 

★ 

Shut 

up 

warnings 

*/ 

struct 

PgpCipher  const  *cipher  = 

NULL;  / 

★ 

Shut 

up 

warnings 

*/ 

struct 

PgpCf bContext  *cfb  = NULL; 

/ 

★ 

This 

i s 

realy  needed 

byte  * p ; 
int  oldf  = 0; 

/ 

★ 

Shut 

up 

warnings 

*/ 

unsigned  len; 
unsigned  checksum; 

ASSERTRSA(seckey->pkAlg)  ; 
if  (sec->locked) 

return  P G P E R R_K E Y_I S L 0 C K E D ; 

len  = bnBy t es ( Sse c->s  . n ) + b n By t e s ( & s e c - > s . e ) + 
bnBytes(&sec->s .d)  + bnBytes (Ssec->s . p)  + 
bnBytes (Ssec->s . q)  + bnBy t es (Ssec->s . u)  + 15; 
if  (phrase)  { 

s2k  = pgpS2Kdefault(env,  re); 
if  ( ! s 2 k ) 

return  PG P E R R_N OM E M ; 
cipher  = pgpCipherDefaultKey(env); 
assert(cipher); 
if  (Icipher)  { 

pgpS2Kdestroy(s2k) ; 
return  P G P E R R_N 0 M E M ; 

> 

len  +=  cipher->blocksize; 
cfb  = pgpCfbCreate(cipher); 
if  ( ! cf b)  { 

pgpS2Kdestroy(s2k); 
return  PG P E R R_N 0 M E M ; 

> 

oldf  = pg p S 2 K i s 0 l d V e r s ( s 2 k ) ; 
if  ( ! o l d f ) 

len  + = 1 + s2k->encodelen; 
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> 


> 

p = sec->cryptkey; 
if  (len  > s e c -> c ka L L o c ) { 

p = (byte  * ) pgpMemRea  l l oc ( p,  len); 
if  ( ! p)  C 

pgpCfbDestroy(cfb); 
pgpS2Kdestroy(s2k); 
return  P G P E R R_N 0 M E M ; 

> 

sec->cryptkey  = p; 
sec->cka  l loc  = (size_t) len; 

> 

sec->cklen  = len; 

/*  Okay,  no  more  errors  possible!  Start  installing  data  */ 
p +=  pgpBnPutPlain(&sec->s.n,  p); 
p +=  pgpBnPutPlain(Ssec->s.e,  p); 


/*  Encryption  parameters  */ 
if  ( ! phrase)  { 

*p++  = 0;  / * Unencrypted  * / 

> else  { 

if  (oldf)  { 


* p + + = cipher->type; 

> else  { 

*p++  = 255; 

*p++  = cipher->type; 

memcpylp,  s 2 k-> e n c od i ng  , s 2 k-> e n c ode  l e n ) ; 
p +=  s2k->encode  len; 

> 


/*  Create  IV  */ 

pgpRandomGetBytesCrc,  p,  cipher->blocksize); 

/*  Use  data  buffer  as  temp  holding  space  for  key  */ 
assert(sec->ckalloc-cipher->blocksize  > = cipher->keysize); 
pg p S t r i n g T oKe y ( s 2 k , phrase,  plen,  p + c i p h e r -> b l o c k s i z e , 
cipher->keysize); 

pgpCfblnitlcfb,  p+cipher->blocksize,  p); 
pgpS2Kdestroy(s2k); 
p +=  cipher->blocksize; 

/*  Wipe  key  * i mmed i a t e l y*  */ 
memsetCp,  0,  cipher->keysize); 


/*  Now  install  d,  p,  q and 
checksum  = 0; 

p +=  pg pBn Pu t 0 l d ( & s e c-> s . d , 
p +=  pg pBn Pu t 0 l d ( S s e c -> s . p , 
p +=  pg pBn Pu t 0 l d ( & s e c-> s . q , 
p +=  pg pBn Pu t 0 l d ( S s e c-> s . u , 
pgpChecksumPutOldCchecksum, 
P +=  2; 

a s s e r t ( ( p t r d i f f _t ) l e n ==  p 


u,  encrypted  */ 

p,  cfb,  Schecksum) 
p,  cfb,  Schecksum) 
p,  cfb,  Schecksum) 
p,  cfb,  Schecksum) 
p , cfb); 

- sec->cryptkey); 


if  (cfb) 

pgpCfbDestroy(cfb); 
return  0;  /*  Success  * / 


static  size  t 
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rsaSecBuf ferLengthCstruct  PgpSecKey  const  *seckey) 

{ 

struct  RSAsecPLus  const  *sec  = (struct  RSAsecPlus  *)seckey->priv; 
return  sec->cklen; 

> 


static  void 

rsaSecToBufferCstruct  PgpSecKey  const  *seckey,  byte  *buf) 

{ 

struct  RSAsecPlus  const  * s e c = (struct  RSAsecPlus  *)seckey->priv; 


memcpy(buf,  sec->cryptkey,  sec->cklen); 


# if  0 


# e n d i f 
> 


/*  Return  only  algorithm-dependent  portion  */ 


if  (ver  > PGPVERSI0N_2_6) 

ver  = PGPVERSIO  N_2_6 ; 
else  if  (ver  < PG P V E R S I 0N_2 ) 
ver  = PGPVERSIO  N_2 ; 
bufCO]  = (byte)ver; 
bufCI]  = ( by t e ) ( t s t amp  >>  24); 
bufC2D  = (byteMtstamp  >>  16); 
b u f [ 3 ] = (byte)(tstamp  >>  8); 
bufC4]  = (byte)tstamp; 

/*  Round  validity  up  to  the  nearest 


validity  = (validity  + 86399)/86400; 
b u f [ 5 3 = (byte) (validity  >>  8); 
b u f C 6 3 = (byte)validity; 
b u f [ 7 3 = P G P_P  K A L G_R  S A ; 


day 


60*60*24  seconds  */ 


# i f 0 
/* 

* Format  of  signature  packets: 

★ 


* Offset 

* 0 

* 1 

* 2 

* 3 

*  M D 5 

* 2 + x 

* 1 0 + x 

* 1 1 +x 

* 1 2 + x 

* 1 4 + x 

* 1 6 + x + y 


* / 


Length 

1 

1 

1 

4 

a dd i t i 
8 
1 
1 
2 

2 + y 


Meaning 

Version  byte  (=  2 or  3). 

x.  Length  of  following  material  included  in  M D 5 ( = 5) 
Signature  type  (=0  or  1) 

32-bit  timestamp  of  signature 

onal  material  stops  here,  at  offset  2+x  

Key  I D 

PK  algorithm  type  (1  = R S A ) 

MD  algorithm  type  (1  = MD5) 

First  2 bytes  of  message  digest  (16-bit  checksum) 

MPI  of  PK-encrypted  integer 


static  i n t 

rsaSigValidate(int  type,  byte  const  *sig,  si ze_t  len) 


unsigned  extra,  bits; 
struct  PgpHash  const  *hash; 


if  (len  < 1 ) 

return  PG P E R R_S I G_T00 S H 0 R T ; 

if  (sigCOD  !=  PGPVERSI0N_2  &&  s i g [ 0 ] !=  PG P V E R S I 0 N_2_6 ) 
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return  PG P E R R_S I G_B A D V E R S I 0 N ; 
it  (Len  < 2 ) 

return  P G P E R R_S I G_T 0 0 S H 0 R T ; 
extra  = s i g C 1 3 ; 
it  (Len  < 1 1+extra) 

return  PG P E R R_S I G_TOO S H 0 R T ; 
it  (sigCIO+extral  !=  PG P_PK A LG_R S A ) 

return  P G P E R R_S I G_B A D A L G 0 R I T H M ; 
hash  = hashByNumber(sigH11+extra3); 
if  ((hash) 

return  PG P E R R_S I G_B A D A LGO R I TH M ; 
if  (Len  < 1 6 + ext  ra  ) 

return  PG P E R R_S I G_T 0 0 S H 0 RT ; 
bits  = ((unsigned)sigC14+extraH<<8)  + sigC15+extraD; 
if  (Len  !=  1 6 + e x t r a + ( b i t s + 7 ) / 8 ) 

return  Len  < 1 6 + e x t r a + ( b i t s + 7 ) / 8 ? PG P E R R_S I G_TO 0 S H 0 R T : 

PGPERR_SIG_TOOLONG; 

if  (bits  &&  s i g C 1 6 + e x t r a 3 >>  (bits  & 7)  !=  1) 

return  PG P E R R_S I G_B I T S W R 0 N G ; 
return  0; 

> 

# e nd  i f / * 0 * / 


/*  FiLL  in  secret  key  structure  */ 
static  void 

rsaFi L LSecKey(struct  PgpSecKey  *seckey,  struct  RSAsecPLus  *sec) 
{ 


seckey->pkALg 

seckey->priv 

seckey->destroy 

ft  i f 0 


PGP_PKALG_RS A; 
sec; 

rsaSecDestroy; 


seckey->id8 

#end  i f 


rsaSec!d8; 


seckey->pubkey 

seckey->i s Locked 

seckey->un  Lock 

sec  key->  Lock 

seckey->maxdecrypted 

sec  key->dec  rypt 

seckey->maxsig 

sec  key->s i gn 

seckey->changeLock 

seckey->bufferLength 

seckey->toBuf f er 


rsaPubkey; 

rsalsLocked; 

rsaUnLock; 

rsaLock; 

rsaMaxdecrypted; 

rsaDecrypt; 

rsaMaxsig; 

rsaSign; 

rsaChangeLock; 

rsaSecBufferLength; 

rsaSecToBuffer; 


struct  PgpSecKey  * 

rsaSecFromBuf (byte  const  *buf,  si ze_t  size,  int  *error) 

{ 

struct  PgpSecKey  *seckey; 
struct  RSAsecPLus  *sec; 
byte  *cryptk; 

bnlnit(); 

cryptk  = (byte  * ) pgpMemA L L oc  ( s i ze  ) ; 
if  (cryptk)  { 

sec  = (struct  RSAsecPLus  *)pgpMemALLoc(sizeof(*sec)); 
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if  (sec)  { 

seckey  = (struct  PgpSecKey  *) 

pgpMemAL  Loc(sizeof(*seckey)); 
if  (seckey)  { 

memcpy(cryptk,  buf,  size); 
bnBegin(Ssec->s.n); 
bnBegin(&sec->s.e); 
bnBegin(Ssec->s .d)  ; 
bnBegin(Ssec->s.p); 
bnBegin(Ssec->s  .q)  ; 
bnBegin(Ssec->s.u); 
sec->cryptkey  = cryptk; 
sec->cklen  = s e c -> c k a l l o c = size; 
sec->locked  = 1; 

/*  We  only  need  this  to  try  unlocking...  */ 
seckey->pkAlg  = P G P_P K A L G_R S A ; 
seckey->priv  = sec; 


if  (rsaUnlock(seckey,  NULL,  NULL,  0)  >=  0)  { 
rsaFillSecKey(seckey,  sec); 

*error  = 0 ; 

return  seckey;  / * Success!  * / 

> 


> 


> 

★error 

return 


/*  Ka-boom.  Delete  and  free  everything. 
memset(cryptk,  0,  size); 
memset(sec,  0,  sizeof (*sec)); 
pgpMemFree(seckey) ; 

> 

pgpMemFree(sec); 

> 

pgpMemFree(cryptk); 

= PGPERR_NOMEM; 

N U L L ; 


*/ 


/* 

* PgpRandomContext  to  use  for  primeGen  callback.  We  really  should  enhance 

* primeGen  to  pass  an  arg  parameter  along  with  the  limit  value 
*/ 

static  struct  PgpRandomContext  const  *staticrc; 


/*  Random  callback  for  primeGen  */ 

static  unsigned  randcallback(unsigned  limit) 

return  pgpRandomRange(stati crc.  Limit) ; 

> 


/ * 

* Generate  an  R S A secret  key  with  modulus  of  the  specified  number  of  bits. 

* We  choose  public  exponent  from  the  ^define  value  above. 

* The  high  two  bits  of  each  prime  are  always 

* set  to  make  the  number  more  difficult  to  factor  by  forcing  the 

* number  into  the  high  end  of  the  range. 

* Make  callbacks  to  progress  function  periodically. 

* Secret  key  is  returned  in  the  unlocked  form,  with  no  passphrase  set. 

* / 

struct  PgpSecKey  * 
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rsaSecGenerateCunsigned  bits,  struct  Pg p R a nd om C o n t ex t const  *rc, 
int  progressCvoid  *arg,  int  c),  void  *arg,  int  *error) 

{ 

struct  PgpSecKey  *seckey; 
struct  RSAsecPLus  *sec; 

struct  BigNum  t;  / * temporary  * / 

int  i ; 

int  exp  = RSA_DEFAU  LT_E  XPONENT; 

★error  = 0 ; 

/*  Initialize  local  pointers  (simplify  cleanup  below)  */ 
sec  key  = NULL; 
sec  = NULL; 
bnBegin(&t); 

/*  Allocate  data  structures  */ 

seckey  = (struct  PgpSecKey  *)pgpMemAlloc(sizeof(*seckey)); 
if  ( ! seckey ) 

goto  memerror; 

sec  = (struct  RSAsecPlus  *)pgpMemAlloc(sizeof(*sec)); 
if  ( ! s e c ) 

goto  memerror; 

bnBegin(&sec->s.n); 
bnBegi n(Ssec->s . e) ; 
bnBegin(&sec->s.d); 
bnBegin(Ssec->s.p); 
bnBegin(Ssec->s.q); 
bnBegin(&sec->s.u); 

if  ( bn S e t Q ( & s e c -> s . e , exp)) 
goto  bnerror; 

/*  Find  p - choose  a starting  place  */ 

if  ( pg pB nG e n R a nd ( S s e c -> s . p , rc,  bits/2,  OxCO,  1)  < 0) 
goto  bnerror; 

/*  And  search  for  a prime  */ 
staticrc  = rc; 

i = bnPrimeGen(&sec->s.p,  randcallback,  progress,  arg,  exp,  0); 
if  ( i < 0) 

goto  bnerror; 

assert(bnModQ(&sec->s.p,  exp)  !=  1 ) ; 

/*  Make  sure  p and  q aren't  too  close  together  */ 
do  { 

/*  Visual  separator  between  the  two  progress  indicators  */ 
if  (progress) 

progresstarg,  ' '); 

if  ( pg pBnG e n R a nd ( & s e c -> s . q , rc,  (bits+1)/2,  OxCO,  1)  < 0) 
goto  bnerror; 

if  ( b n C o py ( S s e c -> s . n , &sec->s.q)  < 0) 
goto  bnerror; 

if  ( b n S u b ( S s e c -> s . n , &sec->s.p)  < 0) 
goto  bnerror; 

/*  Note  that  bnSub(a,b)  returns  abs(a-b)  */ 

} while  ( bnB i t s ( & s e c -> s . n ) < bits/2-5); 
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i = bnPrimeGen(Ssec->s.q,  randcallback,  progress,  arg,  exp,  0 ) ; 
i f ( i < 0) 

goto  bnerror; 

a s s e r t ( bnModQ ( Ss e c -> s . p,  exp)  !=  1); 

/*  Wash  the  random  number  pool.  */ 
pgpRandomSti r(rc); 

/*  Ensure  that  q is  larger  */ 
if  ( bnCmp ( &sec->s . p,  &sec->s.q)  > 0) 
bnSwap(Ssec->s.p,  Ssec->s.q); 

/* 

* Now  we  compute  d, 

* the  decryption  exponent,  from  the  encryption  exponent. 

*/ 

/*  Decrement  q temporarily  */ 

(void)bnSubGKSsec->s.q,  1 ) ; 

/*  And  u = p-1,  to  be  divided  by  gcd(p-1,q-1)  */ 
if  (bnCopy (&sec->s . u,  &sec->s.p)  < 0) 
goto  bnerror; 

(void)bnSubQ(&sec->s.u,  1 ) ; 

/*  Use  t to  store  gcd(p-1,q-1)  */ 
if  ( bnGcd (St , &sec->s.q,  &sec->s.u)  < 0)  { 
goto  bnerror; 

> 

/*  Let  d = (p_1)  / gcd(p-1,q-1)  (n  is  scratch  for  the  remainder)  */ 
i = bnDivMod(&sec->s.d,  &sec->s.n,  &sec->s.u,  & t ) ; 
if  ( i < 0) 

goto  bnerror; 

assert(bnBits(&sec->s.n)  ==  0); 

/*  Now  we  have  q-1  and  d = (p-1)  / gcd(p-1,q-1)  */ 

/*  Find  the  product,  n = lcm(p-1,q-1)  = c * d */ 
if  (bnMu  l (&sec->s . n,  Ssec->s.q,  &sec->s.d)  < 0) 
goto  bnerror; 

/*  Find  the  inverse  of  the  exponent  mod  n */ 
i = bn  I n v ( Sse c->s  . d , &sec->s.e,  &sec->s.n); 
if  ( i < 0 ) 

goto  bnerror; 

a s s e r t ( ! i ) ; / * We  should  NOT  get  an  error  here  * / 

/ * 

* Now  we  have  the  comparatively  simple  task  of  computing 

* u = pA-1  mod  q. 

* / 

/*  But  it  *would*  be  nice  to  have  q back  first.  */ 
(void)bnAddQ(Ssec->s.q,  1); 

/*  Now  compute  u = pA-1  mod  q */ 
i = bnlnv(&sec->s.u,  &sec->s.p,  &sec->s.q); 
if  ( i < 0) 

goto  bnerror; 

assertC  ! i );  /*  p and  q had  better  be  relatively  prime!  */ 
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/*  And  finally,  n = p * q */ 

if  ( bnMu l ( & s e c -> s . n , &sec->s.p,  &sec->s.q)  < 0) 
goto  bnerror; 

/*  And  that's  it...  success!  */ 

/ * Fill  in  structs  * / 
s e c -> c r y p t k ey  = NULL; 
sec->cka  lloc  = sec->cklen  = 0 ; 
sec->locked  = 0 ; 
rsaFillSecKeyCseckey,  sec); 

/*  Fill  in  cryptkey  structure,  unencrypted  */ 
rsaChangeLock  (seckey,  NULL,  re,  NULL,  0); 

goto  done; 


bnerror: 

bnEnd(&sec->s.n); 
bnEnd(&sec->s  . e); 
bnEnd(&sec->s  .d); 
bnEnd(Ssec->s.p); 
bnEnd(Ssec->s  . q ) ; 
bnEnd(Ssec->s.u); 

/*  Fall  through  */ 
memerror : 

pgpMemFree(seckey); 
pgpMemFree(sec); 
seckey  = NULL; 

♦error  = PG P E R R_N0M E M ; 
/*  Fall  through  */ 

done: 

bnEnd(St); 
return  seckey; 
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rsakey.h 

/* 

* $ I d : rsakey.h, v 1.8  1 996/  1 1 /1  2 02:1  8:32  mhw  Exp  $ 
*/ 

//ifndef  P G P_R  SAKE  Y_H 
//define  P G P_R  S A KE  Y_H 

//include  " pg p / u s u a L s . h " /*  For  byte  */ 

//include  <stddef.h>  / * For  size_t  * / 

struct  PgpPubKey ; 
struct  PgpSecKey ; 
struct  PgpRandomContext; 


struct  PgpPubKey  *rsaPubFromBuf (byte  const  *buf,  size_t 
struct  PgpSecKey  *rsaSecFromBuf (byte  const  *buf,  si ze_t 
int  rsaPubKeyPrefixSize(byte  const  *buf,  si ze_t  size); 


l e n , int 
ten,  int 


struct  PgpSecKey  * 

rsaSecGenerate(unsigned  bits,  struct  PgpRandomContext  const  *rc, 
int  progresstvoid  *arg,  int  c),  void  *arg,  int  *error); 

//endif  /*  P G P_R  S A KE  Y H */ 


*error); 

★error); 
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sig.c 

/* 

* $ I d : 
*/ 

sig.c, v 1.38.2.1 

1 996/1 1/14  04:09:39 

flifdef  H A V E_C  0 N F I G_H 

ft  i n c l ud  e 
# e n d i f 

" c on  f i g . h " 

//include 

<assert  . h> 

/^include 

" p k t l i s t . h " 

^include 

" s i g . h " 

//include 

"pgp/annotate.h" 

//include 

"pgp/hash.h" 

//include 

"pgp/pgperr . h" 

//include 

"pgp/pubkey. h" 

//include 

"pgp/usuals.h" 

//define 

SIGVERSIO  N_1 PASS 

( PGPVERSI0N_2_6  + 1) 

//define 

S I G B U F_1 P A S S ( b , l ) 

( (b)C03==SIGVERSION 

# d e f i n e 

S I G PKT_1 PASS(p)  SIGBUF_1 PASSC (p)->pkt 

1 PASS  ) 


struct  PgpSig  0 

struct  PktList  pkt; 

>; 


/* 

* 

4. 

Format  of 

one-pass  s 

ignature  packets: 

A 

* 

Offset  Length 

Meaning 

★ 

0 

1 

Version  byte  (=4) 

★ 

1 

1 

Signature  type 

★ 

2 

1 

Hash  Algorithm 

★ 

3 

1 

PK  Algorithm 

k 

4 

8 

Key  I D 

•k 

k 

1 2 

1 

nested  flag 

k 

k 

k 

Format  of 

regular  si 

gnature  packets: 

* Offset 

* 0 

* 1 

* 2 

* 3 

*  M D 5 

* 2 + x 

* 1 O + x 

* 1 1 +x 

* 1 2 + x 

* 1 4 + x 

* 1 6+x+y 


* / 


Length 

1 

1 

1 

4 

add i t i 


8 

1 

1 

2 


2 + y 


M e a n i ng 

Version  byte  (=  2 or  3). 

x.  Length  of  following  material  included  in  MD5  ( 
Signature  type  (=0  or  1) 

32-bit  timestamp  of  signature 

onal  material  stops  here,  at  offset  2+x  

Key  I D 

PK  algorithm  type  (1  = RSA) 

MD  algorithm  type  (1  = MD5) 

First  2 bytes  of  message  digest  (16-bit  checksum) 
MPI  of  PK-encrypted  integer 


= 5 ) 


static  int 

s i g Va l i da t e ( by t e const  *sig,  size_t  len,  byte  *pkalg) 


unsigned  extra,  bits; 
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byte  alg; 

struct  PgpHash  const  *hash; 


ft  i f 0 


#e  nd  i f 


> 


if  (pkalg) 

★pkalg  = 0 ; 
if  ( l e n < 1 ) 

return  PG P E R R_S I G_T 0 0 S H 0 RT  ; 
if  ( SIGBUF_1 PASS ( si g,  ten))  { 

/*  One-pass  signature  packet  */ 
if  ( L en  < 13) 

return  PG P E R R_S I G_T 0 0 S H 0 R T ; 
if  (Len  > 13) 

return  PG P E R R_S I G_TOO LON G ; 
alg  = s i g [ 3 ] ; 
if  (pkalg) 

★pkalg  = alg; 

hash  = pgpHashByNumber(sigE2]); 
if  ('.hash) 

return  P G P E R R_B A D_H A S H N U M ; 
return  0 ; 

> 

if  (sigEO]  !=  PGPVERSI0N_2  &&  sigEO]  !=  P G P V E R S I 0 N_2_6 ) 
return  P G P E R R_S I G_B A D V E R S I 0 N ; 
if  (len  < 2 ) 

return  P G P E R R_S I G_T 0 0 S H 0 R T ; 
extra  = s i g E 1 □ ; 
if  (len  < 11+extra) 

return  P G P E R R_S I G_T 0 0 S H 0 R T ; 
alg  = sigEIO+extra]; 
if  (pkalg) 

★pkalg  = alg; 

if  (alg  ! = P G P_P K A L G_R S A ) 

return  P G P E R R_S I G_B A D A LG 0 R I T H M ; 

hash  = pgpHashByNumber(sigE11+extra]); 
if  ( ! h a s h ) 

return  P G P E R R_B A D_H A S H N U M ; 

/*  This  part  here  gets  RSA-specific  ★/ 
if  (len  < 16+extra) 

return  P G P E R R_S I G_T 0 0 S H 0 R T ; 
if  (alg==PGP_PKALG_RSA)  { 

bits  = ((unsigned)sigE14+extra]<<8)  + sigE15+extraD; 
if  (len  !=  1 6+ex t ra+ ( b i t s+7 ) / 8 ) 

return  len  < 1 6 + ex t r a + ( b i t s + 7 ) / 8 ? P G P E R R_S I G_T 00 S H 0 R T 

: PGPERR_S IG_T  OOLONG ; 

if  (bits  &&  sigE16+extra3  >>  ((bits— 1)  8 7)  !=  1) 

return  PG P E R R_S I G_B I T S W R 0 NG ; 

> 

return  0; 


static  struct  PgpSig  ** 
s i g L i s t T a i l ( s t r u c t PgpSig  **head) 

{ 

while  (*head) 

head  = (struct  PgpSig  ★★)&(*head)->pkt.next; 
return  head; 

> 
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i n t 

pgpS i gS i gType  (byte  const  *buf,  si ze_t  ten) 

{ 

i n t i ; 

i = sigValidateCbuf,  ten,  NULL); 
if  (i  < 0) 

return  i ; 

if  (SIGBUF_1 PASSCbuf,  len))  { 
return  bufCIII; 

> 

if  (bufCf:  < 1) 

return  PG P E R R_S I G_B A D E X T R A ; 
return  b u f C 2 D S 2 5 5 ; 

> 

i n t 

pgpSigAdd  (struct  PgpSig  **siglist,  int  type,  byte  const  *buf,  si ze_t  Len) 
{ 

struct  PgpSig  * s i g ; 
struct  PgpSig  * * p s i g 2 ; 
byte  pkalg; 
byte  * b 2 ; 
int  err; 

switch  (type)  f 

case  PGPANN_SIGNED_SIG: 

err  = sigValidate  (buf,  len,  Spkalg); 
if  (err) 

return  err; 

sig  = (struct  PgpSig  * ) pg p P k t L i s t New ( p ka L g , buf,  Len); 
if  ( ! s i g ) 

return  P G P E R R_N 0 M E M ; 

*sigListTail(siglist)  = sig; 
return  0; 

case  P G P A N N_S IGNED_SIG2 : 

/*  Second  packet,  should  be  merged  with  an  existing  one  */ 
if  ( S IGBU F_1 PASS ( buf , Len)) 

return  PG P E R R_S I G_B A D T Y P E ; 
if  (bufCIJ  !=  5)  /*  extra  bytes  must  be  standard  */ 

return  P G P E R R_S I G_B A DT Y P E ; 
err  = sigValidate  (buf,  Len,  Spkalg); 
if  (err) 

return  err; 

/*  Search  for  matching  1-pass  signature  on  the  List  */ 
for  (psig2=siglist;  *psig2; 

psig2  = (struct  PgpSig  * * ) S ( * p s i g 2 ) -> p k t . n e x t ) { 
if  ( ! SIGPKT_1 PASS(*psig2) ) 
continue; 

b2  = (*psig2)->pkt.buf; 
if  ( b 2 C 1 □ !=  bufC23)  /*  sig  type  */ 

continue; 

if  ( b 2 C 2 □ ! = buf Cl 1+buf LI ::)  /*  hash  alg  */ 

continue; 

if  (b2C3!l  !=  buf  C 1 0 + buf  C 1 ] ] ) /*  pkalg  */ 

continue; 

if  ( memcmp ( b2+4 , buf +2+buf C 1 ] , 8))  /*  key  id  */ 

continue; 
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/*  Here  we  have  a match  */ 
break; 

} 

/*  Error  if  found  no  match  */ 
if  ( ! * p s i g 2 ) 

return  P G P E R R_S I G_B A D T Y P E ; 

/*  Replace  *psig2  with  new  sig  */ 

sig  = (struct  PgpSig  *)pgpPktl_istNew(pkalg,  buf,  len); 
if  ( ! s i g ) 

return  PG P E R R_N 0 M E M ; 
sig->pkt.next  = (*psig2)->pkt.next; 
pgpPktListFreeOne((struct  PktList  *)*psig2); 

*psig2  = sig; 

return  0 ; 

> 


> 


return  PG P E R R_S I G_B A D T Y P E ; 


/*  Return  true  if  this  signature  is  followed  immediately  by  signed 
i n t 

pg pS i gN e s t F l a g ( by t e const  *buf,  si ze_t  len) 

{ 


> 


(void)  len; 

if  (SIGBUF_1 PASS(buf , l 
return  bu  f C 1 2 ] ; 

else 


return  1 ; 


e n ) ) 

/ * nest  flag  * / 

/ * always  true  for 


o l d 


packets 


★ / 


data 


*/ 


/*  How  here  come  some  access  functions  */ 
i nt 

pg p S i g PKA l g ( s t r u c t PgpSig  const  *sig) 

{ 

assert(sig); 
if  (SIGPKT_1 PASS(sig)  ) 

return  sig->pkt.bufC3d; 


else 


return  sig->pkt.bufC10+sig->pkt.bufC1]D 


struct  PgpHash  const  * 
pg pS i g Ha s h ( s t r u c t PgpSig  const  *sig) 
{ 

i n t a l g ; 


> 


assert(sig) ; 

if  (SIG  PKT_1 PASS(sig) ) 

alg  = sig->pkt.bufC2d; 

else 

alg  = s i g->p k t . bu f C 1 1 +s i g->p k t . bu f C 1 3 ] ; 
return  pg p H a s h By Numb e r ( a l g ) ; 


byte  const  * 

pg p S i g Ex t r a ( s t r u c t PgpSig  const  *sig,  unsigned  *len) 
{ 
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assert(sig); 

if  (SIGPKT_1 PASS(sig)  ) £ 
* l e n = 0 ; 
return  0; 

> 

* Len  = sig->pkt.bufC1]; 
return  sig->pkt.buf+2; 


wo  rd32 

pg p S i g T i me s t a mp  (struct  PgpSig  const  *sig) 
£ 

byte  const  * e x t r a ; 
unsigned  extra  Len; 


> 


assert  (sig); 
if  (SIG  P KT_1 PASS(sig)) 
return  0 ; 

extra  = pgpSigExtra  (sig,  Sextralen); 
if  ('.extra  ||  extralen  < 5) 
return  0; 

return  ( ( w o r d 3 2 ) e x t r a C 1 1 < < 2 4 ) + ( ( w o r d 3 2 ) e x t r a C 2 ] < < 1 6 ) + 
((word32)extra[3U<<8)  + (word32)extraC43; 


byte 

pgps 

£ 


> 


const  * 

gld8(struct  PgpSig  const  *sig) 

assert(sig); 
if  (SIGPKT_1 PASS(sig) ) 

return  sig->pkt.buf+4; 

else 


return  sig->pkt  .buf  + 2 + sig->pkt . b u f C 1 1 ; 


/*  Return  a count  of  the  number  of  distinct  hash  algorithms  in  the  list  */ 
unsigned 

pg p S i g D i s t i n c t H a s h C o u n t ( s t r u c t PgpSig  const  *sig) 

{ 

struct  PktList  const  *next; 
unsigned  total; 
int  alg,  nextalg; 


for 


(total  = 0;  sig;  sig  = (struct  PgpSig  const  *)sig->pkt.next) 
total++; 

/ * 

* If  another  one  later  on  the  list  has  the  same  alg, 

* don't  count  this  one. 

*/ 


if  (SI G PKT_1 PASS(sig)) 

alg  = sig->pkt.bufC2]; 


else 


alg  = si g->pkt  . buf Cl  1 +si g->pkt . buf Cl  HU; 
for  (next  = sig->pkt.next;  next;  next  = next->next)  f 
if  ( S IGBU F_1 PASS ( next->buf , next->len)  ) 
nextalg  = nex t->bu f C 2 3 ; 

else 

nextalg  = next->bufC11+next->bufC1]3; 


{ 
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> 


> 

> 

return  total; 


if  (nextalg  = = alg)  { 
t o t a l - - ; 
break; 

> 


/ * 

* Return  a buffer  full  of  byte  hash  identifiers.  The  buffer  must  be 

* of  legnth  s i g D i s t i n c t h a s h C ou n t ( l e n ) length,  and  that  number  is 

* returned  for  convenience. 

*/ 

unsigned 

pg pS i g D i s t i n c t H a s h e s ( s t r u c t PgpSig  const  *sig,  byte  *buf) 

{ 

unsigned  len; 
i n t alg; 

for  (len  = 0;  sig;  sig  = (struct  PgpSig  const  *)sig->pkt.next)  f 
if  (SIG  P KT_1 PASS(sig)) 

alg  = sig->pkt.bufC2D; 

else 

alg  = sig->pkt.bufC11+sig->pkt.bufC1IIIl; 
if  ( ! memchr (buf , alg,  len)) 

bufClen++]  = (byte)alg; 

> 

return  len; 

} 


/ * 

* The  internal  checking  function,  not  for  public  use. 

*/ 
i nt 

pg pS i g C h e c kBu f ( by t e const  *sig,  si ze_t  len,  struct  PgpPubKey  const  *pUb, 

byte  const  *hash) 

{ 

unsigned  extra  = s i g C 1 □ ; 
struct  PgpHash  const  * h ; 


assert ( !SIGBUF_1PASS(sig,  len)); 


/*  Quick  rejection  test:  check  the  given  two  bytes  first  */ 
if  (memcmp  (hash,  s i g + 1 2 + e x t r a , 2)  !=  0) 

return  0 ; 

h = pgpHashByNumber  (sigtll+extraD); 

/*  Then  skip  over  all  the  leading  crap  and  check  the  real  thing  */ 
extra  +=  14; 


/*  XXX  Should  "die"  gracefully  here  */ 
assert  ( pub->ve r i f y ) ; 

return  pgpPubKeyVerify  (pub,  sigC23,  sig+extra,  len-extra,  h,  hash); 

> 

/* 

* Check  a signature  against  a given  public  key  and  hash. 

* Returns  0 if  it  did  not  check,  and  1 if  it  did. 
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* Returns  <0  on  some  sort  of  error. 

* (The  hash  better  be  the  right  algorithm.) 
*/ 


i n t 

pg p S i g C h e c k ( s t r u c t PgpSig  const 
byte  const  * h a s h ) 


{ 


*sig,  struct  PgpPubKey  const  *pub. 


> 


return  pg p S i g C h e c kB u f ( s i g-> p k t . bu f , s i g->pkt  . I en,  pub. 


h a s h ) ; 


struct  PgpSig  * 

pgpSigNext  (struct  PgpSig  const  *sig) 

t 

if  ( s i g ) 

return  (struct  PgpSig  *)sig->pkt.next; 
return  NULL; 

> 

void 

pg p S i g F r e e L i s t (struct  PgpSig  *siglist) 

{ 

pgpPktListFreeList((struct  PktList  *)siglist); 

> 
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sig.h 

/ * 

* $ I d : sig.h, v 1.20  1 996/1  1 /1  2 02:1  8:33  mhw  Exp  $ 
*/ 

//ifndef  PGP_SIG_H 
//define  PGP_SIG_H 

//include  " pg  p / u s ua  l s . h " 

struct  PgpHash; 

//ifndef  T Y P E_P  G P H A S H 

//define  T Y P E_P  G P H A S H 1 

typedef  struct  PgpHash  PgpHash; 

# e n d i f 

struct  PgpPubKey; 

//ifndef  T Y P E_PG  P PUBKE  Y 

//define  T Y P E_PG  P PUBKE  Y 1 

typedef  struct  PgpPubKey  PgpPubKey; 

# e n d i f 


struct  PgpSig; 

//ifndef  TYPE_PGPSIG 
# d e f i n e TYPE_PGPSIG  1 
typedef  struct  PgpSig  PgpSig; 
# e nd i f 


/*  These  are  the  public  access  functions  to  the  Sig  object  */ 
int  pgpSigPKAlg  (struct  PgpSig  const  * s i g ) ; 

struct  PgpHash  const  *pgpSigHash  (struct  PgpSig  const  *sig); 
byte  const  *pgpSigExtra  (struct  PgpSig  const  *sig,  unsigned  *len); 
word32  pgpSigTimestamp  (struct  PgpSig  const  * s i g ) ; 
byte  const  *pgpSigId8  (struct  PgpSig  const  * s i g ) ; 

/* 

* Check  a signature  against  a given  public  key  and  hash. 

* Returns  0 if  it  did  not  check,  and  1 if  it  did. 

* Returns  <0  on  some  sort  of  error. 

* *Do*  make  sure  it's  the  right  hash  you're  passing  in. 

* / 

int  pgpSigCheck  (struct  PgpSig  const  *sig,  struct  PgpPubKey  const  *pub, 

byte  const  *hash); 

/* 

* Below  this  line  are  the  internal  functions  that  are  used  only 

* inside  the  PGP  Library.  Applciations  probably  shouldn't  be 

* using  these  functions. 

*/ 


/ * 

* Internal  variant  of  pgpSigCheck,  not  for  public  use.  Signature  *must* 

* be  known  good. 

*/ 

i n t 

pgpSi gCheckBuf  (byte  const  *sig,  size_t  len,  struct  PgpPubKey  const  *pub, 

byte  const  *hash); 
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/*  Check  the  buffer  for  a valid  signature  block  and  obtain  the  sigtype  */ 
int  pg p S i g S i g Ty pe  (byte  const  *buf,  si ze_t  len); 

int  pgpSigNestFlagCbyte  const  *buf,  si ze_t  len); 

unsigned  pgpSigDistinctHashCount  (struct  PgpSig  const  *siglist); 
unsigned  pg p S i g D i s t i n c t H a s h e s (struct  PgpSig  const  *siglist,  byte  *buf); 

int  pgpSigAdd  (struct  PgpSig  **siglist,  int  type,  byte  const  *buf,  size_1 
struct  PgpSig  *pgpSigNext  (struct  PgpSig  const  * s i g ) ; 
void  pgpSigFreeList  (struct  PgpSig  *siglist); 


# e nd i f /*  PGP  SIG  H */ 


len); 
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random/ 
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signore 

ef i Le  DC 


lib/ pgp/ random/. cvsignore 


e-file  DONE 


lib/ pgp/ random/Makefile.in 


Makefile.in 

# 

ft  Lib/random 

ft 

ft  $ I d : Makef  i le.  in,v  1.14  1 996/1  1 /1  2 02:1  8:34 

ft 

OBJ  S^random . o randpool.o  ranunix.o  randevnt.o 
PU B H D R S = r a ndom . h randpool.h  randseed . h 
PRIVHDRS= 

all::  DONE 


m h w Exp  $ 

randseed. o 
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makefile.msc 

PGPLIB=  . . \ \ pgp  l i b . I i b 

CFLAGS=-I..\..\..\include  -I..\..\include  \ 


-DHAVE  CONFIG  H=1  $(DEBUG) 

all:: 

l i b 

headers : 

i n c l 

include  "makefile. in 


i n c l : 

if  not  "$ ( PUBHDRS ) "==" " \ 

for  %f  in  ( $(PUBHDRS)  ) do  copy  %f  . . \ \ \ i n c l u d e \ p g p 
if  not  "$( PRIVHDRS  ) " " \ 

for  %f  in  ( $(PRIVHDRS)  ) do  copy  %f  . . \ \ include 

DOSOBJ  SX=  $ ( OB J S : . o=  . ob j ) 


DOSOBJ  S = 

lib: 

= $( DOSOBJ SX  : uni x = wi n32 ) 

$ ( DOSOBJ  S ) 

. c . o b j : 

$(CC)  $(CFLAGS)  -17  -c  $< 

ft 

lib  /out  : $( PGPLIB)  $(PGPLIB)  $*.obj 

clean: 

del  * . o b j 

DONE  : 

if  exist  $(PGPLIB)  l i b / o u t : $ ( PG P L I B ) $(PGPLIB)  $(D0S0BJS) 
if  not  exist  $(PGPLIB)  l i b / ou t : $ ( PG P L I B ) S(DOSOBJS) 
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ran.h 

/ * 

* ran.h  - system-specific  gathering  of  h i g h - r e s o L u t i o n timers  for  RNG. 

* 

* This  is  a PRIVATE  header  file,  for  use  only  within  the  PGP  Library. 

* You  should  not  be  using  these  functions  in  an  application. 

* 

* The  interface  is  system-independent,  but  the  implementation  should  be 

* highly  system-dependent,  to  get  at  as  much  state  as  possible. 

* 

* $ Id  : ran . h,v  1.6  1 996/  1 1 /1  2 02:1  8:35  mhw  Exp  $ 

★ / 

//include  " pg  p / u s ua  l s . h " 
struct  PgpRandomContext, - 

word32  ranGetEntropylstruct  PgpRandomContext  const  * r c ) ; 
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randevnt.c 

/ * 

* randevnt.c  --  take  random  events  and  add  it  to  the  random  pool. 

* This  also  does  entropy  estimation. 

* 

* Written  by:  Colin  Plumb 

* 

* $Id:  randevnt.c, v 1.11  1996/11/12  02:18:36  mhw  Exp  $ 

*/ 

tfifdef  H A V E_C  0 N F I G_H 
^include  "config.h" 

#end  i f 

^include  "ran.h" 

^include  " pg p / r a nd po o l . h " /*  Our  functions  are  declared  here  */ 

/*  Number  of  elements  in  the  given  array  */ 

#define  elemsof(x)  ( ( u n s i g n e d ) ( s i z e o f ( x ) / s i z eo f ( * x ) ) ) 

/ * 

* Estimate  the  amount  of  entropy  in  an  input  value  x by  seeing  how 

* different  it  is  from  what  has  come  before. 

* 

* This  is  based  on  computing  the  delta  from  the  previous  value,  and  the 

* second-order  delta  from  the  previous  delta,  and  so  on,  for  h orders. 

* The  minimum  of  any  of  those  deltas  is  returned  as  the  entropy  estimate. 

* (Which  must,  of  course,  have  a logarithm  taken  to  produce  a "number 

* of  bits"  output.) 

* 

* This  requires  a pointer  to  a h-word  history  table  of  previous  deltas. 

* A value  of  h = 3 is  generally  good,  but  some  things  (like  keystroke 

* timings)  feed  deltas  and  not  input  values  into  this,  so  that  removes 

* the  first  level. 

*/ 

static  word32 

randEst i mate (word32  x,  word32  *history,  unsigned  h) 

{ 

word32  t,  min  = x; 
while  (h  — ) f 

t=historyCh];  /*  Last  delta  */ 

t = (x  > t)  ? x - t : t - x;  / * |x  - historyChD|  * / 

historyth]  = x; 
x = t; 

if  (min  > x) 

min  = x ; 

} 

return  min; 

} 

/ * 

* Gather  and  estimate  entropy  from  keyboard  timings.  Double  letters 

* are  allowed,  but  triples  and  more  are  considered  suspiscious  and 

* entropy  is  not  counted.  (The  actual  criterion  is  that  the  current 

* letter  has  appeared  more  than  once  in  the  previous  four  letters, 

* which  rejects  aaaa...  and  ababa...) 

* 

* The  "letter"  can  be  generalized  to  mou s e- c l i c k s , button-pushes,  menu 
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* selections,  or  anything  else  that  can  be  categorized  into  a finite 

* number  of  events. 

"k 

* Question:  is  there  a way  to  achieve  this  effect  without  remembering 

* the  recent  keystrokes  so  explicitly?  It  seems  like  a possible 

* security  hole. 

* / 

unsigned 

pg pR a nd Po o l Key s t r o k e ( i n t event) 

{ 

static  int  pasteventC4d;  / * Last  4 events  * / 

static  word32  h i s t C 2 d ; 

word32  delta; 

unsigned  n = 0 ; 

int  i ; 


delta  = r a nG e t E n t r opy ( &pg p R a ndom Po o l ) ; 

delta  = randEstimateCdelta,  hist,  elemsof(hist)); 

pg p R a n d om A d d B y t e s ( & p g p R a n d om P o o l , (byte  *)&event,  s i z e o f ( e v e n t ) ) ; 

i = sizeof(pastevent)/sizeof(pastevent[0])  - 1 ; 
n = (event  = = pasteventli ] ) ; 
do  { 

n +=  (event  ==  (pasteventCid  = pasteventLi-1d)); 

> while  ( - - i ) ; 
pasteventLOd  = event; 

return  (n  > 1)  ? 0 : pgpRandPoolAddEntropy(delta); 

> 


/ * 


* Generate  entropy  from  mouse  motion.  This  simply  measures  entropy 

* in  both  directions  independently. 

*/ 

unsigned 

pgpRandPoo  iMouse ( word32  x,  word32  y) 

{ 

static  word32  histxC3d,  histyC3d; 


> 


pgpRa ndomAddBy t e s ( &pgpRa ndomPoo  l , (byte  *)&x 
pg pRa ndom AddBy t e s ( &pgpRa ndomPoo  l , (byte  *)&y 
return  pgpRandPoolAddEntropy(randEstimate(x, 
+ pgpRandPoolAddEntropy(randEstimate(y, 


, sizeof(x)); 

, sizeof(y)); 
histx,  e l emsof ( h i s tx  ) ) ) 
histy,  e l em s o f ( h i s t y ) ) ) 


1414 


random,  c 


/* 

* random. c --  a general  RNG  interface 

* 

* Written  by:  Colin  Plumb  and  Derek  Atkins  <warlordaMIT.EDU> 

* 

* $ I d : random. c,v  1.26  1 996/1  1 /1  2 02:1  8:36  mhw  Exp  $ 

* / 

flifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 
ft  e nd  i f 


# i nc  l ude 
//include 
//include 
//include 
ft  i n c l ude 
ft  i n c l ude 


"pgp/cfb.h" 
"pgp/cipher.h" 
"pgp/pgpmem. h" 
"pgp  / random. h" 

" pg  p / randpool . h" 
"pgp/usuals.h" 


/*  X 9 . 1 7 


interface  * / 


struct  X9_17Context  C 

struct  Pg p C f b C o n t e x t *cfb; 

struct  PgpRandomContext  const  *base_rc; 

i n t f r e e_c  f b ; 

> ; 

static  void 

r a nd omX9_1 7 Ad dBy t e s ( v o i d *priv,  byte  const  *buf,  unsigned  len) 

{ 

struct  X9_17Context  *ctx  = (struct  X9_17Context  *)priv; 
pgpCfbRandWash(ctx->cfb,  buf,  len); 

> 


static  void 

r a nd omX 9_1 7G e t By t e s ( v o i d *priv,  byte  *buf,  unsigned  len) 

{ 

struct  X9_17Context  *ctx  = (struct  X9_17Context  *)priv; 
byte  saltlsizeof  ctx->cf b->i vl; 

unsigned  blocksize  = c t x-> c f b-> c i p h e r-> c i p h e r-> b l o c k s i z e 
unsigned  t ; 

t = pgpCfbRandBytes(ctx->cfb,  buf,  len); 
len  - - t ; 
buf  + = t ; 

while  (len)  C 

pg p R a n domG e t By t e s ( c t x-> ba s e_r c , salt,  blocksize) 

pgpCfbRandCycle(ctx->cfb,  salt); 

t = pgpCfbRandBytes(ctx->cfb,  buf,  len); 

len  - = t ; 

buf  + = t ; 

> 

> 

static  void 

r a ndomX9_1 7 S t i r ( vo i d *priv) 

{ 

struct  X 9_1 7Context  *ctx  = (struct  X9_17Context  *)priv; 
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pgpCfbRandWash(ctx->cfb,  (byte  const  0); 

> 

static  void 

r a nd omX9_1 7W i pe ( vo i d *priv) 

{ 

struct  X9_17Context  *ctx  = (struct  X9_17Context  *)priv; 
pgpCfbWipe(ctx->cfb); 

> 

struct  PgpRandom  X9_17Desc  = { 

"X9.17-based  cryptographic  PRNG", 
randomX9_1 7AddBytes,  randomX9_1 7GetBytes, 
r a ndomX9_1 7 S t i r , r a n d omX9_1 7 W i p e 

>; 


/*  Forward  reference  */ 

static  void  r a n d o m X 9_1 7 D e s t r o y (struct  PgpRandomContext  *rc); 


struct  PgpRandomContext  * 

pgpRandomC rea teX9_1 7 (struct  P g p C f b C o n t e x t *cfbp, 

struct  PgpRandomContext  const  *base) 


struct  PgpRandomContext  * r c ; 
struct  X9_17Context  * c t x ; 


re  = (struct  PgpRandomContext  *)pgpMemALloc(sizeof(*rc)); 
if  (ire) 

return  0; 

ctx  = (struct  X9_17Context  * ) pg  pMem  A L I.  o c ( s i z eo  f ( * c t x ) ) ; 
if  ( ! c t x ) C 

pgpMemFree(rc); 
return  0; 

> 

rc->random  = &X9_17Desc; 
rc->priv  = ctx; 

rc->destroy  = r a nd omX 9_1 7 D e s t r oy ; 
ctx->cfb  = cfbp; 
ctx->base_rc  = base; 
c t x -> f r e e_c f b = 0; 
return  re; 

> 

/*  The  default:  X9.17,  with  IDEA,  based  on  the  pg p R a n d om Po o l . */ 

struct  PgpRandomContext  * 

pgpRandomCreate(void) 

{ 

struct  PgpRandomContext  *rc; 
struct  PgpCipher  const  *c; 
struct  PgpCfbContext  *cfbp; 
struct  X9_17Context  * c t x ; 


c = pgpCipherByNumber(PGP_CIPHER_IDEA); 
if  ( ! c ) 

return  0; 

cfbp  = pgpCfbCreate(c); 
if  ( ! c f bp ) 

return  0; 

re  = pg p R a nd om C r e a t e X 9_1 7 ( c f bp , SpgpRandomPoo  l ) ; 
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if  ( ! r c ) { 

pgpCfbDestroy(cfbp); 
return  0; 

> 

/ * Free  the  CFB  * / 

ctx  = (struct  X 9_1 7 C o n t ex t *)rc->priv; 
c t x -> f r e e_c f b = 1; 
return  re; 

> 

static  void 

randomX9_1 7Des t roy  (struct  PgpRandomContext  *rc) 

{ 

struct  X9_17Context  *ctx  = (struct  X9_17Context  *) 
struct  PgpCfbContext  *cfbp  = ctx->cfb; 

pgpCfbWipe(ctx->cfb); 

if  ( c t x-> f r e e_c f b ) 

pgpCfbDestroy(cfbp); 

memset(ctx,  0,  sizeof(*ctx)); 
pgpMemFree(ctx); 
memsettre,  0,  sizeof(*rc)); 
pgpHemFree ( rc  ) ; 

} 


/ * 

* Generate  a uniformly  distributed  random  number  from  0.. 

* range  is  limited  to  65536. 

* 

* This  is  very  careful  to  avoid  all  bias  in  its  selection 

* using  too  many  input  bytes.  For  a range  of  256  or  less 

* one  byte  if  possible,  and  an  average  of  less  then  two, 

* the  worst-case  range=129. 

* / 

unsigned 

pg p Ra ndom Ra ng e ( s t r u c t PgpRandomContext  const  *rc,  unsigned 
C 

unsigned  d,  r ; 
byte  b H 2 3 ; 

if  (range  < = 1) 

return  0; 

if  (range  <=  256)  C 

d = 256/range; 
do  C 

pgpRandomGetBytes(rc,  b,  1); 
r = bHOIl/d; 

> while  (r  >=  range); 

} else  { 

d = (unsigned)(65536/range); 
do  C 

pgpRandomGetBytes(rc,  b,  2); 
r = ( ( uns i gned  ) bCOH  <<  8 | b C 1 □ ) / d 

> while  ( r >=  range); 
bill  = 0 ; 


rc->pri v; 


range-1  . 


, without 
, it  uses 
even  for 


range  ) 
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b C 0 ] = 0; 
return  r; 

> 


■ 


■ 

•• 

' 

. 
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random. h 

/ * 

* random. h --  a General  Random  Number  Generator  interface 

* 

* Written  by:  Colin  Plumb  and  Derek  Atkins  < w a r l o r d 3M I T . E D U> 

* 

* This  is  a Public  API  Function  Header. 

★ 

* $Id:  random,  h,v  1.1  9 1996/1  1 /1  2 02:1  8:36  mhw  Exp  $ 

* / 

# i f n d e f P G P_R  ANDO  M_H 
^define  P G P_R  ANDO  M_H 

^include  " pg p / u s u a l s . h " 


struct  PgpCfbContext; 

# i f n d e f T Y P E_P G P C F B C 0 N T E X T 
#define  TYPE_PGPC  FBCONTEXT  1 

typedef  struct  PgpCfbContext  PgpCfbContext; 
#end i f 


struct  PgpRandom  C 

char  const  *name; 
void  (*addBytes)  (void  *priv, 
void  (*getBytes)  (void  *priv, 
void  (*sti r)  (void  * p r i v ) ; 
void  ( * w i p e ) (void  * p r i v ) ; 


>; 

# i f nd  e f TYPE_PGPRANDOM 

# d e f i n e T Y P E_PG P R A N D 0M  1 

typedef  struct  PgpRandom  PgpRandom; 
ft  e nd  i f 


byte  const  *buf,  unsigned 
byte  * b u f , unsigned  len); 


l e n ) ; 


struct  Pg p Ra nd om C o n t e x t C 

struct  PgpRandom  const  *random; 
void  * p r i v ; 

void  (*destroy)  (struct  Pg p R a ndom C on t ex t *rc); 

>; 

# i f nd  e f TYPE_PGPRAND0MC0NTEXT 

# d e f i n e TYPE_PGPRAND0MC0NTEXT  1 

typedef  struct  Pg p R a ndom C on t e x t PgpRandomContext ; 

#endi  f 


#def  i ne 
#de  f i ne 
ft  d e f i n e 
ft  d e f i n e 
ft  d e f i n e 


pgpRandomAddBy tes ( rc,b,  l ) ( r c ) -> r a ndom-> a ddBy t e s ( ( r c ) -> p r i v , b,  l) 

pg pRa ndomGe t By t e s ( r c , b , l ) ( r c ) -> r a nd om-> g e t By t e s ( ( r c ) -> p r i v , b,  l) 

pgpRandomStir(rc)  (rc)->random->stir((rc)->priv) 
pgpRandomWipe(rc)  (rc)->random->wipe((rc)->priv) 
pgpRandomDestroy(rc)  (rc)->destroy(rc) 


/ * 

* Another:  The  X 9 . 1 7 generator,  with  a specified  cipher  and 

* base  random  generator  used  to  seed  it. 

* / 

struct  PgpRandomContext  * 

pgpRandomCreat  e X9_1 7(struct  PgpCfbContext  *cfb, 

struct  PgpRandomContext  const  *base_rc); 

/*  The  default:  X9.17,  with  IDEA,  based  on  the  pgpRandomPoo  l */ 
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struct  PgpRandomContext  *pg p R a nd om C r e a t e (void); 

/*  Generate  a random  number  in  the  specified  range  */ 

unsigned  pg p Ra n dom Ra n g e ( s t r u c t PgpRandomContext  const  *rc,  unsigned 

# e nd i f /*  PGP  RANDOM  H */ 


range) 
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randpool.c 

/* 

* True  random  number  computation  and  storage 

* 

* Wrtten  by  Colin  Plumb. 

★ 

* This  performs  a strong  hash  on  the  data  as  it  is  fed  into  the 

* pool,  and  the  pool  is  again  strongly  hashed  to  produce  the  output 

* of  the  random-number  generator.  This  is  overkill,  as  either  step 

* should  produce  high-quality  numbers. 

• k 

* $ I d : randpool.c, v 1.1  2 1 996/1  1 /1  2 02:1  8:36  mhw  Exp  $ 

*/ 

# i f H A V E_C  0 N F I G_H 
^include  "config.h" 

# e nd  i f 


# i f ndef  N 0_A S S E R T_H 
^/include  <assert  . h> 

# e l s e 

//define  assert (x)  (void)0 
#e  nd i f 


//include  <stdlib.h> 
//include  <string.h> 


//include  "randpool  . h" 
//include  "pgp/ random  . h" 
//include  "pgp/usuals.h" 


/ * 

* Accumulators  to  estimate  entropy  in  the  pool. 

* / 

static  unsigned  randBits  = 0;  / * Bits  of  entropy  in  pool  * / 

static  word32  randFrac  = 0;  / * Fraction  of  a bit  of  entropy  in  pool  * / 

/ * We  import  the  following  things  from  the  MD5  code  * / 
void  MD5Transform(word32  * b l o c k , word32  const  * k e y ) ; 

#define  HashTransform  MD5Transform 
//define  HASH_INW0RDS  16 
//define  HASH  0UTW0RDS  4 


/ * 

* The  pool  must  be  a multiple  of  the  hash  input  size  and  the  hash 

* output  size.  For  MD5,  these  are  16  and  4 words,  respectively, 

* so  the  pool  must  be  a multiple  of  16  words.  If  the  hash  were 

* SHA,  it  would  have  to  be  a multiple  of  16  and  of  5,  or  a multiple 

* of  80  all  together.  (80  words  is  2560  bits.) 

* / 

#define  R AN D POO LW0 R D S 160  /*  5120  bits  */ 

^define  RANDP00LBITS  ( 3 2 * R A N D P 0 0 L W 0 R D S ) 

#if  RANDP00LW0RDS  % H A S H_0 U T W 0 R D S 

//error  R AN  D P0  0 LWO  R D S must  be  a multiple  of  HASH_0UTW0RDS 
# e nd i f 

# i f RANDP00LW0RDS  % HASH_INW0RDS 

//error  R AN  D POO  LWO  R D S must  be  a multiple  of  HASH_INW0RDS 
# e nd  i f 

/*  Must  be  word-aligned,  so  make  it  words.  Cast  to  bytes  as  needed.  */ 
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static  word32  randPoolCRANDPOOLWORDSD; 
static  unsigned  randPoolAddPos  = 0; 


/ * Random  pool  * / 

/ * Position  to  encrypt  into  (words)  * / 


static  word  3 2 r a nd Key C H A S H_I N WO R D S 3 ; 
static  unsigned  randKeyAddPos  = 0; 


/*  Random  input  buffer  */ 

/*  Position  to  add  to  (bytes)  */ 


s t a t 
s t a t 


c word 32  r a n d 0 u t C H A S H_0 1)  T W 0 R D S 3 ; /*  Random  output  buffer  */ 

c unsigned  randOutGetPos  = sizeof(randOut);  / * Position  to  get 


from  (b)  * / 


/*  Keeps  track  of  when  we  need  to  do  another  hashing  step  */ 
static  unsigned  randHashCounter  = 0; 


static  void 

r a nd Poo L W i p e ( v o i d *ctx) 

{ 

(void)ctx; 

mem s e t ( r a nd Po o l , 0,  s i zeof ( r andPoo L ) ) ; 

memset(randKey,  0,  sizeof(randKey)); 

memset(rand0ut,  0,  s i zeof ( randOut ) ) ; 

randPoolAddPos  = 0; 

randKeyAddPos  = 0; 

randOutGetPos  = sizeof(randOut); 

> 

/ * 

* To  mix  input  into  the  pool,  we  insert  it  into  a key  buffer  and  then 

* use  the  key  buffer  to  CBC-encrypt  the  pool.  Actually,  to  make  sure 

* that  the  input  (which  includes  such  sensitive  information  as  passphrase 

* keystrokes)  is  not  left  in  memory,  we  XOR  it  with  the  old  contents  of 

* the  key  buffer  along  with  some  of  the  the  data  about  to  be  encrypted. 

* Since  none  of  the  disguising  data  depends  on  the  byte,  this  does 

* not  destroy  any  entropy  inherent  in  the  input  byte. 

* 

* To  reduce  burstiness  in  the  timing,  rather  than  wait  until  the  key 

* buffer  is  full  to  encrypt  the  entire  pool,  we  update  part  of  the  key 

* and  then  encrypt  part  of  the  pool.  The  randHashCounter  keeps  track 

* of  what's  going  on  to  ensure  that  a byte  of  key  is  not  overwritten 

* until  it  has  participated  in  the  encryption  of  every  block  of  the  pool. 

* 

* The  pool  contains  R A N D POO LWO R D S / H A S H_0 UTWO R D S blocks.  We  must  do 

* that  many  hash-encrpytion  steps  before  4*HASH_I NW0RDS  bytes  of  the 

* key  have  been  overwritten.  So  randHashCounter  is  incremented  by 

* R A N D POO LWO R D S / H A S H_0 U T W 0 R D S each  time  a byte  is  added,  and  when  this 

* exceeds  4 * H A S H_I N WO R D S , it  is  decreased  by  that  amount  and  a hashing 

* step  is  performed.  It  should  be  easy  to  see  that  that  guarantees 

* correct  behaviour. 

* 

* The  bits  deposited  need  not  have  any  particular  distribution;  the 

* stirring  operation  transforms  them  to  uniformly-distributed  bits. 

*/ 

static  void 

r a nd Poo  1 AddBy t e ( by t e b) 

{ 

i n t i ; 

unsigned  pos; 

/ * Mix  new  byte  into  pool  * / 

((byte  *)randKey)CrandKeyAddPos3  A=  b; 
if  ( + + r a nd Ke y Add Po s ==  s i z e o f ( r a nd Key  ) ) 
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randKeyAddPos  = 0; 


/* 

* If  we've  reached  the  end  of  a word,  mask  the  next  word  with 

* a soon-to-be-overwritten  byte  of  the  pool.  With  a 64-byte  input 

* hash,  this  will  use  a different  word  for  masking  each  of  the 

* 16  words  as  long  as  there  are  at  least  16  output  blocks 

* (64  words  at  4 words  per  output  block,  or  512  bits  total)  in  the 

* pool.  Just  to  be  sure,  let's  enforce  it... 

* / 

ft  i f HAS  H_I  N W 0 R D S > R A N D PO 0 L W 0 R D S / H A S H_0 U T W 0 R D S 

//error  Please  make  R A N D POO L WO R D S bigger  than  HASH_INWORDS  * HASH_0UTW0RDS . 

# e n d i f 

if  (randKeyAddPos  % s i z e o f ( wo r d3 2 ) ==  0) 

*(word32  *)((byte  * ) r a ndKe y + r a nd Key Add Po s ) A = 

randPoolCrandPoolAddPosd; 

/*  Do  a hashing  step  if  required  */ 
randHashCounter  + = R AN D POO LWO R D S / H A S H_0 UT W 0 R D S ; 
while  (randHashCounter  >=  4* H A S H_I NWO R D S ) C 
randHashCounter  -=  4 * H A S H_I N W 0 R D S ; 


> 


> 


/*  CBC-encrypt  the  current  block  */ 
pos  = randPoolAddPos; 

HashTransform(randPool  + pos,  randKey); 

/*  Get  the  offset  of  the  next  block  and  XOR  this  one  in  */ 
randPoolAddPos  = pos  + HAS  H_0  UTWORDS; 
if  (randPoolAddPos  ==  R AN D PO 0 LWO R D S ) 
randPoolAddPos  = 0 ; 
for  (i  = 0;  i < H A S H_0 U T W 0 R D S ; i++) 

randPoolCrandPoolAddPos+iD  A=  randPoollpos+i 1; 


/ * 

* Make  a deposit  of  information  (entropy)  into  the  pool. 

* / 

static  void 

r a nd Po o l Add  By t e s ( v o i d *ctx,  byte  const  *p,  unsigned  len) 

{ 

(void)ctx; 

while  (len--) 

randPoolAddByte(*p++); 

/*  Pool  has  changed,  randOut  is  out  of  date  */ 
randOutGetPos  = sizeof (randOut); 

} 

static  void 
randGetOutput(void) 

{ 

i n t i ; 

/ * 

* Hash  the  pending  input  and  the  entire  pool,  with  the  old 

* randOut  as  IV. 

* / 

HashT  ransform( randOut,  randKey); 
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for  (i  = 0;  i < R AN D P0 0 LWO R D S ; i +=  H A S H_I N W 0 R D S ) 

HashTransform( randOut,  randPool+i ); 

/*  Okay,  we  can  now  fetch  starting  at  the  beginning  of  randOut  */ 
randOutGetPos  = 0; 

> 

/ * 

* Withdraw  some  bits  from  the  pool.  Regardless  of  the  distribution  of  the 

* input  bits,  the  bits  returned  are  uniformly  distributed,  although  they 

* cannot,  of  course,  contain  more  Shannon  entropy  than  the  input  bits. 

* / 

static  void 

r a nd Poo  l G e t By t e s ( v o i d *ctx,  byte  *buf,  unsigned  len) 

{ 

unsigned  t; 


(void)ctx; 


> 


i f ( randBi t s / 8 > 
r a ndB i t s 

else 


randFrac 


len) 

= 8 * l e n ; 
randBits  = 0; 


while  (len  > (t  = s i zeof ( randOut ) - randOutGetPos))  t 
memcpyCbuf,  (byte  *)randOut+randOutGetPos,  t); 
bu  f +=  t ; 
len  -=  t ; 
randGetOutput  ( ) ; 

} 


if  (len)  ( 

memcpy(buf,  (byte  OrandOut  + randOutGetPos,  len); 
randOutGetPos  + = len; 

> 


# i f 0 
byte 

randPoolGetByte(void) 

{ 

if  (randBits  >=  8) 
randBits  - 

else 


randFrac  = 


8; 

randBi t s 


0; 


if  (randOutGetPos  ==  s i zeof ( randOut ) ) 
randGetOutput ( ) ; 


return  ((byte  * ) r a ndOu t ) C r a ndOu t G e t Po s + + ] ; 

> 

# e nd  i f 
/ * 

* Destroys  already-used  random  numbers.  Ensures  no  sensitive  data 

* remains  in  memory  that  can  be  recovered  later.  This  repeatedly 

* mixes  the  output  of  the  generator  back  into  itself  until  all  internal 

* state  has  been  overwritten. 

*/ 
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static  void 

r a nd Poo l S t i r ( v o i d *ctx) 

{ 

unsigned  i; 

(void)ctx; 

tor  (i  = 0;  i < 5*sizeof(randKey)/sizeof(rand0ut);  i + + ) ( 

randPooLAddBytesCNULL,  (byte  const  *)  randOut,  sizeof (randOut)); 
randGetOutput  ( ) ; 

} 

> 

static  struct  PgpRandotn  PooLDesc  = ( 

"Global  true  random-number  pool", 

r a nd Po o l Add  By t e s , randPoolGetBytes,  r a n d P o o l S t i r , randPoo iWi pe 

>; 

/*  The  destroy  function  is  uncallable  anyway...  */ 
struct  Pg p R a n dom C on t e x t const  pgpRandomPoo  l = ( 

SPoolDesc,  0,  (void  (*)  (struct  Pg p R a ndom C o n t e x t *))0 

>; 

/ * 

* True  random  bit  accumulation.  These  are  extra  functions  exported 

* by  randpool.h  for  entropy  estimation. 

* 

* Entropy  is  expressed  in  terms  of  a delta,  essentially  the  difference 

* between  the  observed  value  and  the  expected  value,  whose  logarithm 

* is  a measure  of  entropy.  (The  logarithm  to  the  base  2 is  entropy 

* expressed  in  bits.) 

* 

* The  internal  amount-of-entropy  accumulator  is  maintained  in  two 

* halves:  a counter  of  bits,  and  a fraction  of  a bit,  expressed 

* in  the  form  of  a normalized  delta.  If  0 <=  f < 1 is  a fraction 

* of  a bit,  then  1 <=  2Af  < 2,  so  it's  remembered  as 

* 0 <=  x = 2Af  - 1 < 1,  a fixed-point  number. 

* 

* Given  a new  f r a c t i o n a l -b i t delta,  1+y  in  similar  form  (obtained 

* by  normalizing  the  delta  into  the  desired  form),  the  output 

* fractional  bit  delta  1+z  = (1+x)  * (1+y).  If  this  exceeds  2, 

* divide  it  by  2 and  add  a full  bit  to  the  bit  counter. 

* 

* The  implementation,  of  course,  actually  computes  z = x + y + x*y, 

* where  0 <=  z < 3.  This  can  be  done  by  adding  each  of  the  three  terms 

* (each  of  which  is  less  than  1)  and  noticing  the  overflow.  If  the 

* addition  does  not  overflow,  z < 1 and  nothing  needs  to  be  done. 

* 

* If  one  addition  overflows,  1 <=  z < 2,  but  after  overflow  we  get 

* z — 1 . We  want  (1+z)/2-1  = (z-1)/2,  so  just  divide  the  result  of 

* the  wrapped  addition  by  2. 

* 

* If  both  additions  overflow,  the  addition  wraps  to  z-2,  but  we 

* still  want  (z-1)/2  = (z-2)/2  + 1/2,  so  divide  the  wrapped  result 

* by  2 and  1/2. 

* 

* Due  to  the  way  that  the  fixed-point  numbers  are  stored,  the  x*y  part  is 

* the  high  half  of  the  32-bit  unsigned  product  of  x and  y.  This  can  be 

* safely  underestimated  if  desired,  if  a 64-bit  product  is  difficult  to 

* compute. 
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* The  simplest  snd  safest  definition  is 

* //define  U MU  L H_32  ( r , a , b ) (r)  = 0 

* / 

//ifndef  UMULH_32 

//if  definedC GNUC ) &&  defined( i 386 ) 

/*  Inline  asm  goodies  */ 

//define  UMULH_32 ( r , a , b ) asm ("mull  %2"  : " = d"(r) 

# e l i f HAVE64 

//define  UM U L H_3 2 ( r , a , b ) ( ( r ) = ( wo rd32 ) ( ( wo rd64 ) ( a ) * (b)  >>  32)) 
//else 

/*  Underestimate  the  product  */ 

//define  U M U L H_3  2 ( r , a , b ) ( ( r ) = ((a)  >>  16)  * ((b)  >>  16)) 

# e n d i f 

//endif  /*  iUMULH  32  */ 


" %a " ( a ) , "mr" (b)  : 


//define  DERATING  2 


/*  U if  bits  to  underestimate  */ 


unsigned 

pgpRandPoolAddEntropy(word32  delta) 
{ 

word32  f rac,  t ; 
unsigned  n; 


if  (delta  < 1 <<  DERATING) 

return  0; 


n = 31-DERATING; 


i f 

( ! ( d e l t a 8 

OxffffOOOO)  ) 

delta 

<<=  16,  n -=  1 

i f 

(! (delta  8 

Oxf f 000000)  ) 

delta 

<<=  8,  n -=  8; 

i f 

(!  (delta  8 

Oxf 0000000)  ) 

delta 

<<=  4,  n -=  4; 

i f 

( ! (de l ta  8 

OxcOOOOOOO)  ) 

delta 

<<=  2,  n -=  2; 

i f 

(!  (delta  8 

0x80000000) ) 

delta 

<<=  1 , n -=  1 ; 

assert(n  < 32); 

/*  Lose  high-order  bit  of  delta  */ 
assert(delta  8 0x80000000); 
delta  <<=  1; 


f rac  = randFrac; 

UMU  LH_3  2(t, delta, f r a c ) ; 


i f 

( ( f rac  + = 

t ) < t ) 

C 

if  ( (f rac  + = 

delta) 

< delta) 

f r a c 

= (f rac 

>>  1 ) + 0x80000000ul ; 

else 

f r a c 

>>=  1; 

n + + ; 

> 

else  if  ( (f rac  + = 

delta)  < 

delta)  { 

f rac 

>>=  1; 

n + + ; 

> 


/*  n is  now  the  count  of  whole  bits  */ 
if  ((randBits  +=  n)  >=  R A N D P 0 0 LB  I T S ) C 


"ax"  ) 
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/*  Overflow  - saturate  at 
randBits  = RANDPOOLBITS; 
randfrac  = 0 ; 

> 

return  n ; 

> 

unsigned 

pgpRandPoolEntropy(void) 

{ 

return  randBits; 

> 

unsigned 

pgpRandPoolSize(void) 

i 

return  RANDPOOLBITS; 

> 


RANDPOOLBITS  */ 
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randpool.h 

/ * 

* randpool.h  --  the  interfaces  to  the  pgpRandomPoo  l . This  exports 

* the  randompool  RNG  as  well  as  interfaces  to  the  entropy  in 

* the  random  pool,  including  random  events 

* 

* $Id:  randpool.h, v 1.9  1996/1  1 /1  2 02:1  8:37  mhw  Exp  $ 

*/ 

tfifndef  PG P_R A N D POO L_H 

# d e f i n e PGP_RANDP00L_H 

#include  " pg p / r a nd om . h " 

#i  nc  lude  " p g p / u s u a l s . h " 

/*  One  random  number  generator:  the  global  random  number  pool.  */ 
extern  struct  PgpRandomContext  const  pgpRandomPool; 

/ * 

* Add  the  'event'  to  the  random  pool.  Returns  the  number  of  bits  of 

* entropy  that  was  added  to  the  random  pool  as  a result  of  the 

* irregularity  in  timing  of  this  event.  (This  can  also  be  used 

* for  bu 1 1 on- c l o c k s , menu  selections,  and  so  on  - just  assign 

* each  such  event  a unique  "event"  code.) 

* / 

unsigned  pg p R a nd Poo l Ke y s t r o k e (int  event); 

/ * 

* Add  entropy  based  on  the  current  mouse  position  to  the  random  pool. 

* The  mouse  reports  are  assumed  to  arrive  at  regulat  intervals;  the 

* timing  is  not  used  but  rather  the  variation  in  velocity.  Returns 

* the  number  of  bits  of  entropy  that  was  added  to  the  random  pool  as 

* a result  of  the  irregularity  in  timing  of  this  event. 

* / 

unsigned  pg p R a nd Po o l M o u s e (word32  x,  word32  y); 

/*  Extra  functions  for  entropy  estimation  */ 
unsigned  pgpRandPoolAddEntropy  (word32  delta); 
unsigned  pgpRandPoolEntropy  (void); 
unsigned  pgpRandPoolSize  (void); 

# e n d i f /*  PGP  R A N D P 0 0 L_H  */ 


1428 


lib/ pgp/ random/ randseed.c 


randseed.c 

/ * 

* randseed.c  --  read  and  write  randseed.bin  files,  to  seed  and  "store" 

* random  number  generate  state. 

* 

* Written  by:  Derek  Atkins  < w a r l o r d 3M  I T . E D U > and  Colin  Plumb 

* 

* $Id:  randseed.c, v 1.18  1996/11/12  02:18:37  mhw  Exp  $ 

*/ 


/Hfdef  H A V E_C  0 N F I G_H 
//include  "config.h" 
Send i f 

//include  <assert  . h> 
//include  <stdio.h> 


Sinclude 
U i n c l ude 
//include 
Sinclude 


" randseed  . h" 
"pgp/cfb.h" 
"pgp/pgperr  . h" 
"pgp/randpool  . h" 


/ * 

* Load  the  RNG  state  from  the  file  on  disk  (randseed.bin). 

* Returns  0 on  success,  <0  on  error. 

* Must  read  at  least  24  bytes  (the  size  of  the  IDEA  X9.17  generator's 

* state)  to  be  considered  successful.  Any  additional  data  is  just 

* dumped  into  the  "true"  randpool. 

* / 

/*  XXX  What  to  do  with  the  IDEA  X9.17  RNG  data?  */ 
i n t 

pgpRandSeedRead  (FILE  *file,  struct  PgpRandomContext  const  *rc) 

C 


byte  bufC128H; 
i n t len; 
s i z e_t  total; 


if  ( ! f i l e ) 

return  PG P E R R_N0_F I LE ; 


if  ( ! r c ) 

rc  = &pgpRandomPool; 
assert  (file); 

/*  Dump  the  file  into  the  random  seed  file  */ 
total  = 0; 
for  ( ; ; ) C 

len  = fread  ((char  *)buf,  1,  sizeof(buf),  file); 
if  (len  <=  0) 
break; 

total  + = len; 

pgpRandomAddBytes(rc,  buf,  len); 

> 

return  total  <24  ? PG P E R R_R A N D S E E D_T00 SM A L L : 0; 


/ * 

* Save  the  "state"  of  the  random  number  generator  to  "file"  using 
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* "cfb"  as  the  washing  mechanism.  If  cfb  is  NULL,  do  not  wash 

* the  output. 

* / 


void 

pgpRandSeedWr i te  (FILE  *file,  struct  Pg p R a n d o m C o n t e x t const  *rc, 

struct  Pg p C f b C on t e x t *cfb) 


byte  buf[128H;  /*  Additional  bytes  written  out  */ 

unsigned  bytes; 
unsigned  l ; 


if  ( ! f i l e ) 

return; 

if  ( ! r c ) 

re  = SpgpRandomPool; 


bytes  = ( pg p Ra nd Poo l S i z e ( ) +7  ) / 8 ; 
if  (bytes  < 24) 

bytes  = 24; 
else  if  (bytes  > 512) 
bytes  = 512; 
while  (bytes)  { 

l = (bytes  < sizeof(buf))  ? bytes  : sizeof(buf); 
pg p R a nd omG e t By t e s ( r c , buf,  l); 
if  (cfb) 


pgpCfbEncrypt  (cfb,  buf,  buf,  l); 
fwrite  (buf,  1,  l,  file); 
bytes  - = l ; 


mems  e t 


(buf,  0,  sizeof(buf)); 


> 
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randseed.h 

/ * 

* randseed.h  --  read  and  write  the  randseed.bin  file. 

* 

* Written  by:  Derek  Atkins  <warlord3MIT.EDU> 

* 

* This  is  a Public  API  Function  Header. 

★ 

* $ I d : randseed.h, v 1.1  2 1 996/1  1 /1  2 02:1  8:37  mhw  Exp  $ 

*/ 

#ifndef  PG P_R AN D S E E D_H 

# d e f i n e PG P_R AN D S E E D_H 

^include  <stdio.h> 

struct  PgpCfbContext; 

# i f n d e f T Y P E_PG P C F B C 0 N T E X T 
^define  T Y P E_PG P C F B C 0 N T E X T 1 

typedef  struct  PgpCfbContext  PgpCfbContext; 

# e n d i f 

struct  PgpRandomContext ; 

# i f n d e f T Y P E_P G P R A N D 0 M C 0 NT E X T 
#de  f i ne  T Y P E_PG P R A N D 0M C 0 N T E X T 1 

typedef  struct  PgpRandomContext  PgpRandomContext; 

# e nd i f 

int  pgpRandSeedRead  (FILE  * f i l e , struct  PgpRandomContext  const  *rc); 
void  pg p R a nd S e ed W r i t e (FILE  *file,  struct  PgpRandomContext  const  *rc, 

struct  PgpCfbContext  *cfb); 

#end i f /*  PGP  RANDSEED  H */ 


1431 


lib/ pgp/ random/ ranmac.c 


ranmac.c 

/ * 

* Get  h i g h - r e s o L u t i o n timing  information  to  seed  the  random  number  generator. 

* Mac  version.  (The  complicated  one.) 

* 

* $ I d : ranmac.c,v  1.2. 2.1  1996/1  1 /1  4 04:09:40  cbertsch  Exp  $ 

* / 


# i f H A V E_C  0 N F I G_H 
//include  "config.h" 

U e nd  i f 

//include  <stdlib.h>  /★  For  qsortO  */ 

//include  <Timer.h> 


//include  "ran . h" 
//include  " p g p / r a n d om  . h " 
//include  "pgp/usua  Is  . h" 


//define  MINTICK  0 


//define  N 15  /*  Number  of  deltas  to  try  (at  least  5,  preferably  odd)  */ 


typedef  UnsignedWide  timetype; 


/★  Function  needed  for  qsortO  */ 
static  i n t 

ra n C ompa r e ( v o i d const  *p1,  void  const  *p2) 
{ 


> 


return  *(unsigned  const 
★(unsigned  const 


*)p1  > *(unsigned 

*)p1  < * ( unsigned 


const 

const 


* ) p 2 
* ) p 2 


? 1 
? -1 


0; 


/ * 

* XXX:  Not  necessarily  accurate! 

★ 

* This  returns  tl  - t2  if  it  fits  in  an  unsigned  long,  or  else  it  returns  0 

* if  negative  or  UL0NG_MAX  if  out  of  range. 

* / 

static  unsigned  long 

t i c kd i f f ( U n s i g n edW i d e const  tl,  UnsignedWide  const  t2) 

{ 


if  ( 1 1 .hi  ==  t 2 . h i ) 
{ 


> 

else 


if  (tl.lo  >=  t2.lo) 
return  tl.lo 

else 


return  0; 


if  ( 1 1 .hi  ==  t 2 . h i + 1) 


if  (tl.lo  < t2.lo) 

return  tl.lo 


t 2 . I o ; 


t 2 . I o ; 


else 

return  U L0 N G_M A X ; 

> 

else  if  ( 1 1 .hi  < t 2 . h i ) 


/*  This  underflows,  ★/ 

/*  and  that's  the  intent  */ 
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} 


else 


return  0; 
return  U L 0 N G_M  A X ; 


/ * 

* Find  the  resolution  of  the  h i g h - r e s o l u t i o n clock  by  sampling  successive 

* values  until  a tick  boundary,  at  which  point  the  delta  is  entered  into 

* a table.  An  average  near  the  median  of  the  table  is  taken  and  returned 

* as  the  system  tick  size  to  eliminate  outliers  due  to  descheduling  (high) 

* or  tvO  not  being  the  "zero"  time  in  a given  tick  (low). 

k 

* Some  trickery  is  needed  to  defeat  the  habit  systems  have  of  always 

* incrementing  the  microseconds  field  from  gettimeofday()  results  so  that 

* no  two  calls  return  the  same  value.  Thus,  a "tick  boundary"  is  assumed 

* when  successive  calls  return  a difference  of  more  than  MINTICK  ticks. 

* (For  g e 1 1 i me o f da y ( ) , this  is  set  to  2 us.)  This  catches  cases  where  at 

* most  one  other  task  reads  the  clock  between  successive  reads  by  this  task. 

* More  tasks  in  between  are  rare  enough  that  they'll  get  cut  off  by  the 

* median  filter. 

* 

* When  a tick  boundary  is  found,  the  *first*  time  read  during  the  previous 

* tick  (tvO)  is  subtracted  from  the  new  time  to  get  microseconds  per  tick. 

* 

* Suns  have  a 1 us  timer,  and  as  of  SunOS  4.1,  they  return  that  timer,  but 

* there  is  ~50  us  of  system-call  overhead  to  get  it,  so  this  overestimates 

* the  tick  size  considerably.  On  SunOS  5.x/Solaris,  the  overhead  has  been 

* cut  to  about  2.5  us,  so  the  measured  time  alternates  between  2 and  3 us. 

* Some  better  algorithms  will  be  required  for  future  machines  that  really 

* do  achieve  1 us  granularity. 

* 

* Current  best  idea:  discard  all  this  hair  and  use  Ueli  Maurer's  entropy 

* estimation  scheme.  Assign  each  input  event  (delta)  a sequence  number. 

* 16  bits  should  be  more  than  adequate.  Make  a table  of  the  last  time 

* (by  sequence  number)  each  possibe  input  event  occurred.  For  practical 

* implementation,  hash  the  event  to  a fixed-size  code  and  consider  two 

* events  identical  if  they  have  the  same  hash  code.  This  will  only  ever 

* underestimate  entropy.  Then  use  the  number  of  bits  in  the  difference 

* between  the  current  sequence  number  and  the  previous  one  as  the  entropy 

* estimate. 

* 

* If  it's  desirable  to  use  longer  contexts,  Maurer's  original  technique 

* just  groups  events  into  non-overlapping  pairs  and  uses  the  technique  on 

* the  pairs.  If  you  want  to  increment  the  entropy  numbers  on  each  keystroke 

* for  user-interface  niceness,  you  can  do  the  operation  each  time,  but  you 

* have  to  halve  the  sequence  number  difference  before  starting,  and  then  you 

* have  to  halve  the  number  of  bits  of  entropy  computed  because  you're  adding 

* them  twice. 

* 

* You  can  put  the  even  and  odd  events  into  separate  tables  to  close  Maurer's 

* model  exactly,  or  you  can  just  dump  them  into  the  same  table,  which  will 

* be  more  conservative. 

* / 

static  unsigned  long 
ranTickSize(void) 

{ 

int  i =0,  j =0; 
unsigned  long  diff,  d C N 3 ; 
timetype  tvO,  t v 1 , tv2; 
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/ * 

* TODO  Get  some  per-run  data  to  seed  the  RNG  with. 

* pid,  pp  i d , etc. 

* / 

Mi croseconds(StvO); 
tvl  = t v 0 ; 
do  { 

Mi croseconds(&tv2); 
diff  = tickdiff(tv2,  tvl); 
if  (diff  > MINTICK)  { 
d C i + + ] = diff; 
tvO  = tv2; 
j = 0; 

> else  if  (++j  >=  4096)  /*  Always  getting  <=  MINTICK  units 
return  MINTICK  + IMINTICK; 
tvl  = t v 2 ; 

> while  (i  < N); 

/*  Return  average  of  middle  5 values  (rounding  up)  */ 
qsort(d,  N , sizeof(d[03),  ranCompare); 

diff  = (dCN/2-2]  + d[N/2-1  ] + d[N/2]+dCN/2  + 1 D + dCN/2  + 20  + 4) /5; 

# i f NOISEDEBUG 

fprintf(stderr,  "Tick  size  is  %u\n",  diff); 

#end i f 


} 


return  diff; 


*/ 


/ * 

* Add  as  much  t i m i n g -d e p e n d e n t random  noise  as  possible 

* to  the  randPool.  Typically,  this  involves  reading  the 

* accurate  system  clocks  available. 

* 

* Returns  the  number  of  ticks  that  have  passed  since  the 

* for  entropy  estimation  purposes. 

*/ 

w o r d 3 2 

r a n G e t E n t r o py ( s t r u c t PgpRandomCont ext  const  *rc) 

{ 

word32  delta; 
timetype  t; 

static  unsigned  long  ticksize  = 0; 
static  timetype  prevt; 


most 


last 


call. 


Microseconds(St); 

pgpRandomAddBytes(rc,  (byte  const  *)&t,  sizeof(t)); 

if  (iticksize) 

{ 

ticksize  = ranTickSizeO; 
prevt  = t; 

> 

delta  = (word32)(tickdiff(t,  prevt)  / ticksize); 
prevt  = t; 

return  delta; 

> 
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ranmsdos.c 

/* 

* Get  h i g h - r e s o L u t i o n timing  information  to  seed  the  random  number 

* generator.  MS-DOS  version. 

ic 

* $Id:  ranmsdos.c,v  1.6  1996/11/12  02:18:38  mhw  Exp  $ 

*/ 


//if  H A V E_C  0 N F I G_H 
//include  "config.h" 
# e n d i f 


//include  <time.h> 


/*  For  time  measurement  code  */ 


//if  BORLANDC 

//  i f nd  e f far 

//define  far  far  /*  Borland  C++  3.1's  <dos.h>  kacks  in  ANSI  mode.  Ugh!  */ 

ft  e nd  i f 
//  e n d i f 


# include  <dos.h> 
//include  <conio.h> 


/*  for  enableO  and  disableC)  */ 
/*  for  inp()  and  outp()  */ 


//include  " pg  p / r a nd  om  . h 
//include  " pg  p / u s u a l s . h 
//include  "ran.h" 


/ * 

* This  code  gets  as  much  information  as  possible  out  of  8253/8254  timer  0, 

* which  ticks  every  .84  microseconds.  There  are  three  cases: 

* 1)  Original  8253.  15  bits  available,  as  the  low  bit  is  unused. 

* 2)  8254,  in  mode  3.  The  16th  bit  is  available  from  the  status  register. 

* 3)  8254,  in  mode  2.  All  16  bits  of  the  counters  are  available. 

* (This  is  not  documented  anywhere,  but  I've  seen  it!) 


* 

* This  code  repeatedly  tries  to  latch  the  status  (ignored  by  an  8253)  and 

* sees  if  it  looks  like  xxllOIxO.  If  not,  it's  definitely  not  an  8254. 

* Repeat  this  a few  times  to  make  sure  it  is  an  8254. 

* / 

static  i n t 
has8254(void) 

int  i,  si,  s2; 


> 


for  ( i 

= 0;  i < 5;  i++)  { 

_d  isableO; 

outp(0x43,  0xe2); 

/* 

si  = inp(0x40); 

/ * 

outp(0x43,  0xe2); 

/ * 

s2  = i np ( 0x40  ) ; 

/ * 

_e  nable(); 

if  ( ( si  8 0x3d ) ! - 

0x34 

1 1 

\ 

return  0; 

/* 

J 

return 

1;  /*  Status 

reads 

a s 

Latch  status  for  timer  0 */ 

If  8253,  read  timer  low  byte  */ 
Latch  status  for  timer  0 */ 

If  8253,  read  timer  high  byte  */ 

( s 2 8 Ox  3d  ) ! = 0x34) 

Ignoring  status  latch;  8253  */ 

expected;  8254  */ 


static  unsigned 
read8254(void) 
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unsigned  status,  count; 


/*  Latch  status  and  count  for  timer  0 */ 


_disable(); 
outp(0x43,  0 x c 2 ) ; 
status  = inp(0x40); 
count  = inp(0x40); 
count  |=  inp(0x40)  <<  8 ; 

_e  n a b l e ( ) ; 

/*  The  timer  is  usually  in  mode  3,  but  some  motherboards  use  mode  2.  */ 
if  (status  8 2) 

count  = count>>1  | (status  & 0x80)<<8; 


return  count; 


static  unsigned 
read8253(void) 

{ 


unsigned  count; 

_d i s a b l e ( ) ; 

outp(0x43,  0x00);  /*  Latch  count  for  timer  0 */ 

count  = (inp(0x40)  8 Oxff); 

count  |=  (inp(0x40)  8 Oxff)  <<  8; 

_enable(); 

return  count  >>  1 ; 


/ * 

* Add  as  much  t i m i n g -d e p e nd e n t random  noise  as  possible 

* to  the  randPool.  Typically,  this  involves  reading  the  most 

* accurate  system  clocks  available. 

* 

* Returns  the  number  of  ticks  that  have  passed  since  the  last  call, 

* for  entropy  estimation  purposes. 

*/ 

word32 

ranGetEntropyfstruct  Pg p R a n d o m C o n t e x t const  *rc) 

{ 

word32  delta; 

static  unsigned  deltamask  = 0; 
static  unsigned  prevt; 
unsigned  t; 
t i me_t  t now ; 
c l o c k_t  enow; 

if  (deltamask  ==  0) 

deltamask  = has8254()  ? Oxffff  : 0x7fff; 
t = (deltamask  8 0x8000)  ? read8254()  : read8253(); 

pgpRandomAddBytes(rc,  (byte  const  *)8t,  sizeof(t)); 
delta  = deltamask  8 (t  - prevt); 
prevt  = t; 


/*  Add  more-significant  time  components.  */ 
enow  = clock(); 

pgpRandomAddBytes(rc,  (byte  *)8cnow,  sizeof (enow)); 
tnow  = time((time_t  *)0); 
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pgpRandomAddBytes(rc,  (byte  *)&tnow,  sizeof(tnow)); 
return  delta; 

> 
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ranunix.c 

/ * 

* Get  h i g h - r e s o L u t i o n timing  information  to  seed  the  random  number  generator 

* Unix  version.  (The  complicated  one.) 

* 

* $Id:  ranunix.c, v 1.8  1996/11/12  02:18:38  mhw  Exp  $ 

* / 


# i f H A V E_C  0 N F I G_H 
#include  "config.h" 
ft  e nd i f 

/ * 

* This  code  uses  five  different  timers,  if  available.  Each  possibility 

* can  be  specifically  enabled  or  disabled  by  predefining  USE_XX  to  1 

* or  0.  For  some,  the  code  attempts  to  detect  availability  automatically. 

* If  the  symbols  HAVE_XX  are  defined,  they  are  used.  If  not,  they  are  set 

* to  reasonable  defaults  while  other  clues  are  checked.  The  choices, 

* and  the  auto-detection  methods  used,  are: 

* - gethrtimeO,  if  H A V E_G  E T H RT  I M E is  set  to  1. 

* - c l oc k_get t i me ( CL0CK_RE ALTIME, . . . ) , if  C L 0 C K_R E A L T I M E is  in  <time.h> 

* - g e 1 1 i m e o f d a y ( ) , assumed  available  unless  H A V E_G E T T I M E 0 F D A Y =0 

* - g e t i t i me r ( I T I M E R_R E A L, . . . ) , if  I T I M E R_R  E A L is  defined  in  <sys/time.h> 

* - ftimeC),  assumed  available  unless  HAVE_FTIME=0 

* 

* These  are  all  accessed  through  the  gettimel),  timetype,  and  tickdiffC) 

* macros.  The  MINTICK  constant  is  something  to  avoid  the  g e 1 1 i m e o f d a y ( ) 

* glitch  wherein  it  increments  the  return  value  even  if  no  tick  has  occurred 

* When  measuring  the  tick  interval,  if  the  difference  between  two  successive 

* times  is  not  at  least  MINTICK  ticks,  it  is  ignored. 

*/ 

# i f n d e f T I M E_W I T H_S Y S_T I M E 

# d e f i n e T I M E_W I T H_S Y S_T I M E 1 /*  Assume  true  if  not  told  */ 

#end i f 


/ * 

* Include  <time.h>  and  <sys/time.h> 

* / 

ft  i f H A V E_S  Y S_T  I M E_H 
#include  <sys/time.h> 

#if  TIM  E_W ITH_SYS_TIME 
# i nc  l ude  <time.h> 

#end i f 
#else 

# i nc  l ude  <time.h> 

#end i f 


^include  <sys / types  . h> 
#include  <sys  / t i mes . h> 
#include  <stdlib.h> 


/*  for  timesC)  * / 
/*  For  qsortO  */ 


ft  i n c l ud  e 
ft  i n c l ud  e 
ft  i n c l ude 


"ran.h" 

"pgp/random. h" 
"pgp/usuals.h" 


# i f nd  e f U S E_G E T H RT I M E 

# d e f i n e U S E_G E T H R T I M E H A V E_G E T H R T I M E 
ft  e nd  i f 
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//if  USE  GETHRTIME 


typedef 

//define 

//define 

//define 

hrtime_t  timetype; 

gettime(s)  (*(s)  = gethrtimeC)) 

t i c kd i f f ( s , t ) ( (s)-(t)  ) 

MINTICK  0 

//else 

U i f nde  f 
# i f nd e f 
//define 
//end  i f 

USE_CL0C  K_G  E T T I M E 

HAVE_CLOC  K_G  E T T I M E 

HAVE_CLOC  K_G  E T T I M E 1 

#i f H A V E_C  L 0 C K_G  E TT I M E 
# i f d e f CLOCK  REALTIME 


//define 
ft  e nd  i f 
//end  i f 
#e  nd  i f 

USE_CLOC  K_G  E T T I M E 1 

ft  i f USE. 

_C  L 0 C K_G  E T T I M E 

//define 

typedef 

//define 

//define 

# i f nde  f 
//define 
//endi  f 

//else 

CHOICE_CLOC  K_G  E T T I M E 1 
struct  timespec  timetype; 

gettime(s)  ( v o i d ) c l o c k_g e t t i me ( C L 0 C K_R E A LT I M E , s) 
t i c kd i f f ( s , t ) ((( s ). t v_s e c- ( t ). t v_s e c )* 1 000000000  + \ 

(s).tv_nsec  - (t).tv_nsec) 

HAVE_CLOCK_GETRES 

HAVE_CLOCK_GETRES  1 

//  i f nd e f 
# i f ndef 
//define 
//  e nd  i f 

U S E_G  ETTIMEOFDAY 

HAVE_GETTIMEOFDAY 

HAVE_GETTIMEOFDAY  1 /*  Assume  we  have  it...  */ 

//define 
ft  e nd  i f 

U S E_G  ETTIMEOFDAY  H A V E_G E T T I M E 0 F D A Y 

ft  if  USE. 
typedef 
//define 
ft  d e f i n e 
ft  d e f i n e 

//else 

_G  ETTIMEOFDAY 
struct  timeval  timetype; 

gettime(s)  ( v o i d ) g e 1 1 i me o f d a y ( s , (struct  timezone  *)0) 

tickdiff(s,t)  ( ( ( s ) . t v_s  e c - ( t ) . t v_s  ec)*1000000+(s) . t v_u  sec-(t)  . t v_u  sec) 
MINTICK  1 

ft  i f nd e f 
ft  i f nd e f 
//define 
ft  e nd  i f 

U S E_G  ETITIMER 

H A V E_G  ETITIMER 

H A V E_G  ETITIMER  1 

ft  i f nd e f 
//define 
#e  nd  i f 

H A V E_S  ETITIMER 

H A V E_S  ETITIMER  1 

ft  i f H A V E_G  ETITIMER  &&  H A V E_S  E T I T I M E R 

ZHfdef  I T I M E R_R  E A L 

//define  U S E_G E T I T I M E R 1 

//endi  f 

//end  i f 
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#e  nd  i f 


ti  if  U S E_G  ETITIMER 
//define  C H 0 I C E_G E T I T I M E R 1 

//include  <signal.h>  /*  For  signalC),  SIGALRM,  SIG_IGN  */ 

typedef  struct  itimerval  timetype; 

//define  gettime(s)  ( v o i d ) g e t i t i me  r ( I T I M E R_R  E A L , s) 

/*  Subtract  *backwards*  because  timer  is  counting  *down*  */ 

//define  t i c kd  i f f ( s , t ) ( ( ( t ) . i t_va l u e . t v_s e c - ( s ) . i t_va l u e . t v_s e c ) * 1 000000  + \ 

( t ) . i t_v a l u e . t v_u s e c - ( s ) . i t_va l u e . t v_u s e c ) 

//define  MINTICK  1 


//else 

# i f ndef  U S E_F  TIME 
//ifndef  H A V E_F  TIME 
//define  H A V E_F  T I M E 1 
tie  nd  i f 

//ifndef  H A V S_S  Y S_T  I M E B_H 
//define  H A V E_S Y S_T I M E B_H  1 
//end  i f 

//define  U S E_F  TIME  H A V E_F  T I M E &&  H A V E_S  Y S_T  I M E B_H 
ti  e nd  i f 

//if  U S E_F  T I M E 

//include  <sys  / t i meb  . h> 

typedef  struct  timeb  timetype; 

//define  gettime(s)  ( vo i d ) f t i me ( s ) 

//define  t i c kd  i f f ( s , t ) ( ( ( s ) . t i me- ( t ) . t i me  ) * 1 000  + (s).millitm  - (t).millitm) 

//define  MINTICK  0 


//else 


//error  No 


clock  available 


//endif  /*  U S E_F  TIME  */ 

//  e nd  i f /*  U S E_G E T I T I M E R */ 
//endif  /*  U S E_G  ETT  I M E 0 F D A Y */ 
//endif  /*  U S E_C  L 0 C K_G  E T T I M E */ 
//endif  /*  USE  GETHRTIME  */ 


//if  CHOICE  CLOCK  GETTIME  &&  HAVE  CLOCK  GETRES 


static  unsigned 
ranTickSize(void) 

{ 

struct  timespec  res; 

c l o c k_g  etresCCLOC  K_R  EALTIME,  Sres); 
return  (unsigned)res.t  v_n  sec; 

> 

//else  /*  Normal  clock  resolution  estimation  */ 

ti i f NOISEDEBUG 
//include  <stdio.h> 
ti  e nd  i f 


//define  N 15 


/*  Number  of  deltas  to  try  (at 


least  5,  preferably  odd)  */ 
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/*  Function  needed  for  qsortO  */ 
static  i n t 


ranCompa 

■r 

re(voi d const  * p 1 , 

void 

const 

* p 2 ) 

V. 

return  * ( uns i gned 

const 

* ) p 1 

> *(  uns i gned  const 

* ) p2  ? 

1 

> 

★(unsigned 

const 

* ) p 1 

< *(unsigned  const 

* ) p2  ? 

-1 

0; 


/ * 

* Find  the  resolution  of  the  high-resolution  clock  by  sampling  successive 

* values  until  a tick  boundary,  at  which  point  the  delta  is  entered  into 

* a table.  An  average  near  the  median  of  the  table  is  taken  and  returned 

* as  the  system  tick  size  to  eliminate  outliers  due  to  descheduling  (high) 

* or  tvO  not  being  the  "zero"  time  in  a given  tick  (low). 

* 

* Some  trickery  is  needed  to  defeat  the  habit  systems  have  of  always 

* incrementing  the  microseconds  field  from  g e t t i m e o f d a y ( ) results  so  that 

* no  two  calls  return  the  same  value.  Thus,  a "tick  boundary"  is  assumed 

* when  successive  calls  return  a difference  of  more  than  MINTICK  ticks. 

* (For  gettimeofday(),  this  is  set  to  2 us.)  This  catches  cases  where  at 

* most  one  other  task  reads  the  clock  between  successive  reads  by  this  task. 

* More  tasks  in  between  are  rare  enough  that  they'll  get  cut  off  by  the 

* median  filter. 

k 

* When  a tick  boundary  is  found,  the  *first*  time  read  during  the  previous 

* tick  (tvO)  is  subtracted  from  the  new  time  to  get  microseconds  per  tick. 

k 

* Suns  have  a 1 us  timer,  and  as  of  SunOS  4.1,  they  return  that  timer,  but 

* there  is  ~50  us  of  system-call  overhead  to  get  it,  so  this  overestimates 

* the  tick  size  considerably.  On  SunOS  5.x/Solaris,  the  overhead  has  been 

* cut  to  about  2.5  us,  so  the  measured  time  alternates  between  2 and  3 us. 

* Some  better  algorithms  will  be  required  for  future  machines  that  really 

* do  achieve  1 us  granularity. 

* 

* Current  best  idea:  discard  all  this  hair  and  use  Ueli  Maurer's  entropy 

* estimation  scheme.  Assign  each  input  event  (delta)  a sequence  number. 

* 16  bits  should  be  more  than  adequate.  Make  a table  of  the  last  time 

* (by  sequence  number)  each  possibe  input  event  occurred.  For  practical 

* implementation,  hash  the  event  to  a fixed-size  code  and  consider  two 

* events  identical  if  they  have  the  same  hash  code.  This  will  only  ever 

* underestimate  entropy.  Then  use  the  number  of  bits  in  the  difference 

* between  the  current  sequence  number  and  the  previous  one  as  the  entropy 

* estimate. 


★ 

* If  it's  desirable  to  use  longer  contexts,  Maurer's  original  technique 

* just  groups  events  into  non-overlapping  pairs  and  uses  the  technique  on 

* the  pairs.  If  you  want  to  increment  the  entropy  numbers  on  each  keystroke 

* for  user-interface  niceness,  you  can  do  the  operation  each  time,  but  you 

* have  to  halve  the  sequence  number  difference  before  starting,  and  then  you 

* have  to  halve  the  number  of  bits  of  entropy  computed  because  you're  adding 

* them  twice. 

* 

* You  can  put  the  even  and  odd  events  into  separate  tables  to  close  Maurer's 

* model  exactly,  or  you  can  just  dump  them  into  the  same  table,  which  will 

* be  more  conservative. 

* / 

static  unsigned 
ranTickSize(void) 
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unsigned  i = 0,  j = 0,  diff,  dCNd; 
timetype  t v 0 , tvl,  t v 2 ; 

/ * 

* TODO  Get  some  per-run  data  to  seed  the  RNG  with. 

* p i d , pp  i d , etc. 

* / 

gettime(&tvO); 
t v 1 = tvO; 
do  { 

gettime(&tv2); 

diff  = (unsigned)tickdiff(tv2,  tvl); 

if  (diff  > MINTICK)  { 
dEi++]  = diff; 
tvO  = t v 2 ; 
j = 0; 

> else  if  (++j  >=  4096)  /*  Always  getting  <=  MINTICK  units  */ 
return  MINTICK  + 1MINTICK; 

tvl  = tv2; 

> while  (i  < N); 


/*  Return  average  of  middle  5 values  (rounding  up)  */ 
qsort(d,  N,  sizeof(dCOO),  ranCompare); 

diff  = (dllN/2-2]  + dCN/2-1  H + dCN  / 2 : + d C N / 2 + 1 H + d C N / 2 + 2 D + 4 ) /5; 
#if  NOISEDEBUG 

fprintf(stderr,  "Tick  size  is  %u\n",  diff); 

ft  e nd  i f 


> 


return  diff; 


#endif  /*  Clock  resolution  measurement  selection  */ 

/ * 

* Add  as  much  timing-dependent  random  noise  as  possible 

* to  the  randPool.  Typically,  this  involves  reading  the  most 

* accurate  system  clocks  available. 

* 

* Returns  the  number  of  ticks  that  have  passed  since  the  last  call, 

* for  entropy  estimation  purposes. 

*/ 

w o r d 3 2 

r a n G e t E n t r o py ( s t r u c t P g p R a n d om C o n t e x t const  *rc) 

{ 

word32  delta; 
timetype  t; 

static  unsigned  ticksize  = 0; 
static  timetype  prevt; 

gettime(St); 

# if  C H 0 I C E_G  ETITIMER 

/*  If  itimer  isn't  started,  start  it  */ 

if  ( t . i t_v a l u e . t v_s e c ==  0 &&  t . i t_va l u e . t v_u s e c ==  0)  { 

/ * 

* start  the  timer  - assume  that  PGP  won't  be  running  for 

* more  than  31  days... 

* / 

t . i t_va lue. tv_sec  = 1000000000; 
t . i t_interva l . tv_sec  = 1000000000; 
t . i t_i n t e r va l . t v_u  s e c = 0; 
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ft  i f d e f 
#end  i f 

# e l s e 
ft  e nd  i f 


SIGALRM 

s i g n a l ( S I G A L R M , SIG_IGN);  /*  just  in  case..  * 

s e t i t i me r ( I T I ME R_R E A L,  St,  NULL); 
t . i t_va l u e . t v_s  e c = 0; 

> 

pgpRandomAddBytes ( rc,  (byte  const  * ) S t . i t_v a L u e , sizeof(t.i 
pgpRandomAddBytesCrc,  (byte  const  *)St,  sizeof(t)); 

if  (Iticksize) 

ticksize  = ranTickSizeO; 
delta  = (word32)(tickdiff(t,  prevt)  / ticksize); 
prevt  = t ; 

return  delta; 


/ 


t_v  a l u e ) ) ; 
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ranvms.c 


/ * 

* Get  environmental  noise  to  seed  the  random  number  generator. 

* VMS  version. 

* 

* This  hasn't  been  examined  in  a long  time  (December,  1995). 

* Could  someone  who  knows  VMS  please  have  a look  at  it  and  determine 

* if  this  is  still  good? 

* 

* $Id:  ranvms.c, v 1.4  1996/11/12  02:18:38  mhw  Exp  $ 

* / 

# i f de  f H A V E_C  0 N F I G_H 
^include  "config.h" 

#end  i f 


ft  i nc  l ude 
# i n c l ud  e 
# i nc  l ude 


"ran.h" 

"pgp/random.h" 

"pgp/usuals.h” 


/ * 

* Add  as  much  environmentally-derived  random  noise  as  possible 

* to  the  randPoo l . Typically,  this  involves  reading  the  most 

* accurate  system  clocks  available. 

* 

* Returns  the  number  of  ticks  that  have  passed  since  the  last  call, 

* for  entropy  estimation  purposes. 

* / 

wo  rd32 

r a n G e t E n t r o py ( s t r u c t P g p R a n d om C o n t e x t const  *rc) 

{ 

word32  delta; 

word32  d 1 ; / * MSW  of  difference  * / 

word32  t C 2 0 ; / * little-endian  64-bit  timer  * / 

static  word32  prevtC23; 

S Y S $ G E T T I M ( t ) ; /*  VMS  hardware  clock  increments  by  1 00000  per  tick  */ 

pg p R a ndom Add  By t e s ( r c , (byte  const  *)t,  sizeof(t)); 

/*  Get  difference  in  dl  and  delta,  and  old  time  in  prevt  */ 

dl  = t C 1 D - prevtll]  + ( t C 0 □ < prevtCOO); 

prevtCIO  = t C 1 D ; 

delta  = tC03  - prevtCO]; 

prevtCOH  = tCOO; 

/*  Now,  divide  the  64-bit  value  by  100000  = 2A5  * 5A5  = 32  * 3125  */ 

/*  Divide  value,  MSW  in  dl  and  LSW  in  delta,  by  32  */ 

delta  >>=  5; 

delta  | = dl  <<  ( 32-5  ) ; 

dl  >>=  5; 

/ * 

* Divide  by  3125.  This  fits  into  16  bits,  so  the  following 

* code  is  possible.  2A32  = 3125  * 1374389  + 1671. 

* 

* This  code  has  confused  people  reading  it,  so  here's  a detailed 

* explanation.  First,  since  we  only  want  a 32-bit  result, 

* reduce  the  input  mod  3125  * 2A32  before  starting.  This 

* amounts  to  reducing  the  most  significant  word  mod  3125  and 

* leaving  the  l e a s t -s i g n i f i c a n t word  alone. 

* 

* Then,  using  / for  mathematical  (real,  not  integer)  division,  we 
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* want  to  compute  floor((d1  * 2A32  + dO)  / 3125),  which  I'LL  denote 

* using  the  oLd  C 3 syntax  for  f Loor,  so  it's 

* C ( d 1 * 2 A 3 2 + dO)  / 3125  3 

* = C ( d 1 * (3125  * 1374389  + 1671)  + dO)  / 3125  3 

* = C dl  * 1374389  + ( d 1 * 1671  + dO)  / 3125  3 

* = dl  * 137438  + [ (dl  * 1671  + dO)  / 3125  3 

* = dl  * 137438  + [ dO  / 3125  3 + L (dl  * 1671  + dO  % 3125)  / 3125  3 

* 

* The  C / operator,  appLied  to  integers,  performs  C a / b 3,  so 

* this  can  be  impLemented  in  C,  and  since  dl  < 3125  (by  the  first 

* moduLo  operation),  dl  * 1671  + dO  % 3125  < 3125  * 1672,  which 

* is  522  5000,  Less  than  2A32,  so  it  a L L fits  into  32  bits. 

* / 

dl  %=  3125;  /*  Ignore  overt  Low  past  32  bits  */ 

deLta  = deLta/3125  + d1*1374389  + (deLta%3125  + d1*1671)  / 3125; 

return  deLta; 

> 
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ranwin32.c 

/ * 

* Get  h i g h - r e s o L u t i on  timing  information  to  seed  the  random  number 

* generator.  Win32  version. 

* / 


# i f H A V E_ 
# include 

U e nd  i f 

C 0 N F I G_H 
" c o n f i g . h " 

ft  i nc  l ude 

<wi  ndows . h> 

# i nc  l ude 
# i n c l ud e 
ft  include 

"pgp/ random. h " 
"pgp/usuals.h" 

"ran.h" 

/ * 

* Add  as 

* to  the 

much  timing-dependent 
randPool  . Typically, 

random  noise  as  possible 
this  involves  reading  the  most 

* accurate  system  clocks  available. 

* 

* Returns  the  number  of  ticks  that  have  passed  since  the  last  call, 

* for  entropy  estimation  purposes. 

*/ 

w o r d 3 2 

r a n G e t E n t r o py ( s t r u c t Pg p R a n d om C o n t e x t const  *rc) 

word32  delta; 
static  WORD  oldms; 
static  DWORD  oldlow; 

L A R G E_I N T E G E R newperf; 

SYSTEMTIME  stime; 

if  (QueryPerformanceCounter(Snewperf))  { 

pg p Ra ndom Add  By t e s ( r c , (byte  *)&newperf,  sizeof (newperf)); 
delta  = newperf . LowPart  - oldlow; 
oldlow  = newperf . LowPart; 

} else  ( 

GetSystemTime(&stime); 

pgpRandomAddBytes(rc,  (byte  *)&stime,  sizeof(stime)); 

delta  = stime. wMilliseconds  - oldms; 

oldms  = stime. wMilliseconds; 

delta  / = 10;  / * crude  resolution  */ 

> 

return  delta; 

> 
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utils/ 
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.cvsignore 


Makefile  DONE 
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Makefile.in 

# 

# Lib/uti  Is 

# 

# $ I d : Makef i Le . i n,v  1.1  4 1996/1  1 /1  2 02:1  8:39  mhw  Exp  $ 

# 

OBJS=  pgpconf.o  decpipe.o  encpipe.o  filetype.o  pgpenv.o  sigpipe.o  sigspec.o 
PUBHDRS=  pgpconf.h  decpipe.h  encpipe.h  filetype.h  pgpenv.h  \ 
sigpipe.h  sigspec.h 
PRIVHDRS= 

all::  DONE 
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makefile.msc 

PGPLIB=  . .\.  .\pgplib.  Lib 

C F L AG S = - I . . \ . . \ . . \ i n c L ud e -I . . \ \ i nc  lude  \ 

-DHAVE  CONFIG  H=1  $(DEBUG) 


all::  lib 

headers:  incl 


'.include  "makefile. in 


incl: 

if  not  "$ ( PUBHDRS ) "==" " \ 

for  / f in  ( $(PUBHDRS)  ) do  copy  %f  . . \ . . \ . . \ i n c l u d e \ pg p 
if  not  "$( PRIVHDRS  ) \ 

for  %f  in  ( $(PRIVHDRS)  ) do  copy  %f  . . \ \ i n c l u d e 


DOSOB J SX  = 
DOSOB J S = 


$(0BJS:  . o=  . ob  j ) 
$(DOSOBJSX:unix=win32) 


lib:  $ ( DOSOB J S ) 


. c . ob  j : 

$ ( C C ) $(CFLAGS)  -17  -c  $< 

# lib  /out : $( PGPLIB)  $(PGPLIB)  $*.obj 

clean: 

del  * . o b j 

DONE  : 

if  exist  $( PGPLIB)  l i b / o u t : $ ( PG P L I B ) $(PGPLIB)  $(DOSOBJS) 
if  not  exist  $(PGPLIB)  l i b / o u t : $ ( P G P L I B ) $(DOSOBJS) 
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decpipe.c 

/* 

* decpipe.c  — setup  the  Decryption  Pipeline,  given  the  arguments 

* of  the  UI.  This  is  just  a helper  function  to  setup  the  decryption 

* pipeline.  It  would  be  just  as  easy  for  an  application  to  do  it. 

* 

* Written  by:  Derek  Atkins  < w a r l o r d a M I T . E D U > 

"k 

* $Id:  decpipe.c, v 1.21  1996/11/12  02:18:39  mhw  Exp  $ 

* / 


# i f d e f H A V E_C  0 N F I G_H 
^include  "config.h" 

# e n d i f 


//include  <stdio.h> 
//include  < a s s e r t . h > 


^include 
^include 
ft  i nc  l ude 
//include 


"decpipe.h" 
"pgp/fifo.h" 
"pgp/parseasc . h" 
"pgp/ readann . h" 


struct  PgpPipeline  * * 
pgpDecryptPipelineCreate 


{ 


(struct 
struct 
struct 
struct 
void  * u 


PgpPipeline  **head, 
PgpEnv  *env, 
PgpFifoDesc  const  *fd 
PgpUICb  const  * u i , 
i_a  rg ) 


f 


if  ( ! h e a d ) 

return  NULL; 


if  ( ! f d ) 

fd  = &pgpByteFifoDesc; 


head  = pgpParseAscCreate  (head,  env,  fd,  ui,  ui_arg); 
i f ( ! h e a d ) 

return  NULL; 


> 


return  pgpAnnotationReaderCreate  (head,  env,  ui,  ui_arg); 
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decpipe.h 

/* 

* decpipe.h  — Create  a Decryption  Pipeline 

* 

* Written  by:  Derek  Atkins  < wa r l o r d 3M I T . E D U > 

* 

* This  is  a Public  API  Function  Header. 

* 

* $ I d : decpipe.h, v 1.1  1 1996/1  1 /1  2 02:1  8:39  mhw  Exp  $ 

*/ 

//ifndef  PG P_D E C P I P E_H 
//define  P G P_D E C P I P E_H 

struct  PgpFifoDesc; 

//  i f n d e f T Y P E_PG P F I F 0 D E S C 

//define  T Y P E_PG P F I F 0 D E S C 1 

typedef  struct  PgpFifoDesc  PgpFifoDesc ; 

//  e nd  i f 

struct  PgpPipeline; 

# i f nd  e f T Y P E_PG P P I P E L I N E 

//define  T Y P E_P G P P I P E L I N E 1 

typedef  struct  PgpPipeline  PgpPipeline; 

//end  i f 

struct  PgpEnv; 

//  i f n d e f T Y P E_P  G P E N V 
//define  T Y P E_P  G P E N V 1 
typedef  struct  PgpEnv  PgpEnv; 
tt  e n d i f 


struct  PgpUICb; 

# i f nd  e f TYPE_PGPUICB 
//define  TYPE_PGPUICB  1 
typedef  struct  PgpUICb  PgpUICb; 

# e n d i f 


struct  PgpPipeline  ** 
pgpDecryptPipelineCreate 


(struct  PgpPipeline  **head, 
struct  PgpEnv  *env, 
struct  PgpFifoDesc  const  *fd, 
struct  PgpUICb  const  *ui, 
void  *ui_arg); 


# e nd i f /*  PGP  DECPIPE  H */ 
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encpipe.c 

/ * 

* encpipe.c  — setup  the  Encryption  Pipeline,  given  the  arguments 


* of  the  UI.  This  will  setup  the  type 

o f 

pipeline  that  we  want 

* Written  by:  Derek  Atkins 

4* 

<warlordaMIT. 

EDU> 

★ $ I d : 

★ / 

encpipe.c, v 1.65.2.1 

1 996/1 1/14 

04 

: 0 9 : 4 0 cbertsch  Exp  $ 

//ifdef  H A V E_C  0 N F I G_H 

ft  i n c l ud  e 
# e nd  i f 

" c o n f i g . h " 

# i n c l ude 

< s t d i o . h > 

# i nc  l ude 

<assert  . h> 

//include 

"encpipe.h" 

//include 

"pgp/armor.h" 

//include 

"pgp/cipher.h" 

//include 

"pgp/ciphrmod.h" 

//include 

"pgp/cfb.h" 

//include 

"pgp/ compress  . h" 

//include 

"pgp/compmod  . h" 

//include 

"pgp/convkey.  h" 

//include 

"pgp/convmod  . h" 

//include 

"pgp/devnull.h" 

//include 

"pgp/fifo.h" 

//include 

"pgp/hash  . h" 

//include 

"pgp/header.h" 

//include 

"pgp/literal.h" 

# i n c l u d e 

"pgp/pgpmem.h" 

//include 

"pgp/pipeline.h" 

//include 

"pgp/pgpenv  . h" 

//include 

"pgp/pkemod.h" 

//include 

"pgp/pubkey.h" 

ft i n c l ude 

"pgp/ randpool  . h" 

ft  i n c l ud e 

"pgp/sigmod.h" 

//include 

"pgp/sigspec.h" 

//include 

"pgp/split.h" 

//include 

"pgp/ str2key.  h" 

//include 

"pgp/textfi  It.h" 

/ * Forward  * / 

static  byte  * createHashListlstruct  PgpSigSpec  const  *sigspecs,  int 


struct  PgpPipeline  ** 
pgpEncryptPipelineCreate 


(struct  PgpPipeline  **head, 
struct  PgpEnv  const  *env, 
struct  PgpFifoDesc  const  *fd, 
struct  Pg p R a nd om C o n t e x t const  *rng, 
struct  PgpConvKey  *convkeys, 
struct  PgpPubKey  *pubkeys, 
struct  PgpSigSpec  *si gspecs, 
struct  Pg p L i t e r a l Pa r a m s *literal. 


int  sepsig) 

struct  PgpPipeline  **tail  = head; 


*count); 
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struct  PgpPipeline  *sighead  = NULL,  * * s i g t a i l = NULL; 
struct  PgpPipeline  **texttail  = NULL; 
int  clearsig,  compress,  text,  armor; 
int  err  = 0,  *error  = Serr; 

PgpVersion  version; 

version  = pgpenvGetlnt  (env,  PG P E N V_V E R S I ON , NULL,  error); 
compress  = pgpenvGetlnt  (env,  PG P E NV_C OM P R E S S , NULL,  error); 
text  = pgpenvGetlnt  (env,  PGPENV_TEXTMODE , NULL,  error); 
armor  = pgpenvGetlnt  (env,  PG P E N V_A R M 0 R , NULL,  error); 

if  ( ! h e a d ) 

goto  err; 

/ * Turn  off  literal  and  compression  for  sepsig  creation  * / 
if  (sepsig)  { 

compress  = 0; 
literal  = NULL; 

> 

/*  disallow  separate  signatures  when  we  have  these  other  types  */ 
if  (sepsig  && 

( ! sigspecs  ||  compress  ||  literal  ||  convkeys  ||  pubkeys)) 
goto  err; 

/ * 

* Don't  allow  the  specification  of  convkeys  and  pubkeys  at  the 

* same  time,  yet. 

* / 

if  (convkeys  SS  pubkeys) 
goto  err; 

if  (convkeys  &&  c o n v k e y s-> n e x t ) 
goto  err; 

/*  This  is  how  we  define  when  to  do  a clearsigned  message  */ 
clearsig  = (text  S S sigspecs  8 S armor  8 S 

pgpenvGetlnt  (env,  PG P E N V_C L E A R S I G , NULL,  error)  88 
! convkeys  SS  Ipubkeys  SS  Isepsig); 


i f 

( ! f d) 

fd  = Spg p F l e x F i f o D e s c ; 

/ * 

* 

If  we  can  clearsign,  then  we 

d o 

something 

special.  Do 

not  add 

★ 

★ 

★ / 

the  literal  packet  type,  do 
for  the  input  data. 

not 

compress. 

and  create  a 

split 

if  (clearsig)  { 

literal  = NULL; 
compress  = 0; 

texttail  = pgpSplitCreate  (tail); 
tail  = pgpSplitAdd  (*tail); 

> 

if  (text)  { 

byte  const  *charmap; 

if  ( ! Literal  SS  Iclearsig  SS  Isepsig) 
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goto  err; 


/* 

* Use  the  appropriate  charmap.  Stripspaces  if  we 

* are  c l ea r s i gng i ng  or  if  it  was  requested. 

* Always  add  CRLF. 

*/ 

charmap  = (byte  const  *) 

pgpenvGetPoi nter  (env,  PG P E N V_C H A R M A PTO L A T I N 1 , NULL); 
tail  = pg pT e x t F i 1 1 C r e a t e (tail,  charmap,  clearsig  ? 1 : 0, 

P G P_T  E X T F I L T_C  R L F ) ; 

> 

if  (sigspecs)  { 

struct  PgpPipeline  **temptail  = NULL; 


sigtail  = tail; 

tail  = pgpSigCreate(sigtail,  version,  fd,  rng); 
sighead  = *sigtail; 


> 


/*  XXX:  should  I do  this?  */ 

temptail  = pgpSigSignature  (sighead,  sigspecs,  clearsig); 
if  (temptail) 

sigtail  = temptail; 


if  (literal)  { 

byte  len  = 0; 

if  ( l i t e r a l -> f i l e n a me  ) 

len  = strlen  (literal->filename); 

tail  = pg p L i t e r a l C r e a t e (tail,  version,  fd, 

(text  ? P G P_L I T E R A L_T  EXT  : 

P G P_L I T E R A L_B I N A R Y ) , 

(byte  *)  l i t e r a l -> f i l e n a me , len, 
literal->timestamp); 

> 


if  (sigspecs)  { 

if  (clearsig  ||  sepsig)  i 

if  ( ! pg p D e vN u l l C r e a t e (tail)) 
tail  = NULL; 

else  { 

if  (sepsig)  { 

tail  = sigtail; 

> else  { 

/*  create  clearsig  armor  here  */ 
byte  *hashlist; 
int  hashcount; 

hashlist  = c r e a t e H a s h L i s t ( s i g s pe c s , 

Shashcount); 

tail  = pgpArmorWriteCreateClearsig 
(texttail,  sigtail,  env, 
fd,  version,  hashlist, 
hashcount); 
pgpMemFree(hashli st); 

> 
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> 


> 

> else 

tail  = pgpSigTextlnsert  (sighead,  tail); 


if  (compress)  C 

int  alg  = pgpenvGetlnt  (env,  PG P E N V_C OM P R E S S A LG , NULL,  NULL); 
int  qual  = pgpenvGetlnt  (env,  PG P E NV_C OM P R E S S QU A L , NULL,  NULL); 

tail  = pgpCompressModCreate  (tail,  version,  fd,  alg,  qual); 

> 


if  (convkeys  | | pubkeys)  { 

struct  PgpCipher  const  * c i p h e r ; 
struct  PgpCfbContext  * c f b ; 
struct  PgpS t r i ngToKey  *s2k  = NULL; 
byte  ivClVLEN-211; 

byte  keyC25H;  / * Max  keysize  */ 

byte  ciphernum  = pgpenvGetlnt  (env,  PG P E N V_C I P H E R , NULL,  NULL); 
byte  passkey  = 0; 


if  ( ! rng) 

rng  = SpgpRandomPoo  l ; 

cipher  = pgpCipherByNumber  (ciphernum); 
if  ('.cipher) 

goto  err; 

cfb  = pgpCfbCreate  (cipher); 
if  ( ! cf b) 

goto  err; 

if  (convkeys)  f 

s2k  = pgpS2Kdef au l t (env,  rng); 
if  ( ! s 2 k ) { 

pgpCfbDestroy  (cfb); 
goto  err; 

> 

> 


/*  Generate  the  key  (randomly  or  not)  */ 
keyCO]  = ciphernum; 

if  (convkeys  &&  ! c o n v ke y s-> n e x t &&  Ipubkeys)  { 

int  ret; 

/*  Use  the  pass  phrase  as  the  session  key  */ 
ret  = pgpS t r i ngToKey  ( ( c o n v ke y s -> s t r i ng To Ke y ? 

c o n v k e y s -> s t r i n g T o Ke y : s2k), 

convkeys->pass, 
c on v k e y s -> pa s s l e n , key  + 1, 
cipher->keysize); 

if  (ret)  f 

memset  (key,  0,  sizeof  (key)); 
pgpCfbDestroy  (cfb); 
goto  err; 

> 

> else  ( 

/*  Generate  a random  session  key  */ 
pgpRandomGetBytes  (rng,  key+1,  cipher->keysize); 
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passkey  = 1; 


/*  Initialize  the  Cfb  */ 
pgpCfblnit  (cfb,  k e y + 1 , NULL); 

/*  Generate  the  random  IV  and  create  the  cipher  module  */ 

pgpRandomGetBytes  (rng,  iv,  sizeof  ( i v ) ) ; 

tail  = pgpCipherModEncryptCreate  (tail,  version,  fd, 

cfb,  i v ) ; 

if  (convkeys)  C 

tail  = pgpConvModCreate  (tail,  version,  fd,  s2k. 


convkeys, 
ci phernum, 
(passkey  ? key 


N U L L ) ) ; 


pgpS2Kdestroy  ( s 2 k ) ; 


> 


if  (pubkeys)  { 

struct  PgpPipeline  **pketail; 
struct  PgpPubKey  const  *thiskey; 

/*  Save  off  the  tail  so  we  can  talk  to  the  PkeMod  */ 
pketail  = tail; 

tail  = pgpPkeCreate  (pketail,  version,  key, 

cfb->cipher->cipher->keysize+1); 

if  ( ! t a i l ) { 

memset  (key,  0,  sizeof  (key)); 
goto  err; 

> 

for  (thiskey  = pubkeys;  thiskey; 
thiskey  = t h i s k e y-> n e x t ) 
if  ( t h i s k e y- > e n c r y p t ) 

pgpPkeAddKey  (*pketail,  thiskey,  rng); 

> 

memset  (key,  0,  sizeof  (key)); 


> 


if  (iclearsig)  { 

tail  = pgpHeaderCreate  (tail); 

> 

if  (armor  SS  Iclearsig)  { 

tail  = pgpArmorklri  teCreate  (tail,  env,  fd,  rng,  version, 

sepsig  ? P G P_A R M 0 R_S E P S I G : 

P G P_A  RM0R_N0RMAL) ; 

> 


err 


if  ('.tail)  { 


/*  Clean  up  on  error  */ 
tail  = N U L L ; 


> 

return  tail; 
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/*  Create  a List  of  hash  bytes  from  a sigspec  List,  and  return  the  Length  */ 
static  byte  * 

createHashLi st(struct  PgpSigSpec  const  *sigspecs,  int  *count) 

{ 

int  c n t ; 

struct  PgpSigSpec  const  *ss1,  ★ s s 2 ; 
byte  * L i s t ; 


> 


c n t = 0 ; 

/★  Count  unique  hash  types  */ 

for  (ss1=sigspecs;  ssl;  ss1=pgpSigSpecNext(ss1))  C 

for  ( s s 2 = s i g s pe c s ; ss2!=ss1;  s s 2 = pg p S i g S p e c N e x t ( s s 2 ) ) C 

if  (pgpSigSpecHashtype(ss2)=  = pgpSigSpecHashtypeCssI  )) 
break; 

> 

if  (ss2==ss1) 


> 


+ + c n t ; 


% 


/ * ALLocate  List  * / 

List  = (byte  *)pgpMemALLoc(cnt); 
if  ( ! L i st ) C 

★count  = 0; 
return  NULL; 

> 


/*  Put  unique  hash 
c n t = 0 ; 

for  (ss1=sigspecs; 

for  (ss2=si 
i f 


> 


types  on  List  */ 

ssl;  s s 1 =pg pS i g S pe c N e x t ( s s 1 ) ) i 
gspecs;  ss2!=ss1;  ss2=pgpSigSpecNext(ss2))  { 
(pgpSigSpecHashtype(ss2)=  = pgpSigSpecHashtype(ss1  ) ) 
break; 


> 


if  (ss2==ss1) 

List[cnt++] 


pgpSigSpecHashtype(ss1  ); 


★count  = cnt; 
return  List; 
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encpipe.h 

/* 

* encpipe.h  --  setup  the  Encryption  Pipeline,  given  a set  of  arguments 

* from  the  UI.  This  will  setup  a pipeline,  or  return  NULL  if  there  is 

* any  error  along  the  way. 

* 

* Written  by:  Derek  Atkins  < w a r l o rd  ED  M I T . E DU> 

* 

* This  is  a Public  API  Function  Header. 

* 

* $Id:  encpipe.h, v 1.26  1996/11/12  02:18:40  mhw  Exp  $ 

* / 

//ifndef  PG P_E N C P I P E_H 
//define  PG P_E N C P I P E_H 

//include  " pg  p / u s u a l s . h " 

struct  PgpConvKey; 

//ifndef  T Y P E_P  GPCONVKEY 
//define  T Y P E_PG  P C ON  V KE  Y 1 
typedef  struct  PgpConvKey  PgpConvKey; 
ft  e nd  i f 

struct  PgpEnv; 

//ifndef  T Y P E_P  G P E N V 

//define  T Y P E_P  G P E N V 1 

typedef  struct  PgpEnv  PgpEnv; 

# e n d i f 

struct  PgpFifoDesc; 

//ifndef  T Y P E_PG  P F I F 0 D E S C 
//define  T Y P E_PG  P F I F 0 D E S C 1 
typedef  struct  PgpFifoDesc  PgpFifoDesc; 
ft  e nd i f 

struct  PgpPipeline; 

//ifndef  T Y P E_PG  P P I P E L I N E 
//define  T Y P E_PG  P P I P E L I N E 1 
typedef  struct  PgpPipeline  PgpPipeline ; 
ft  end i f 

struct  PgpRandomContext; 

//ifndef  TYPE_PGPRAND0MC0NTEXT 
//define  TYPE_PGPRANDOMCONTEXT  1 

typedef  struct  PgpRandomContext  PgpRandomContext; 

Send i f 

struct  PgpSigSpec; 

//ifndef  T Y P E_PG  P S I G S P E C 
//define  T Y PE_PG  P S I G S P E C 1 
typedef  struct  PgpSigSpec  PgpSigSpec; 
ft  e nd  i f 

struct  PgpPubKey; 

//ifndef  TYPE_PGPPUBKE  Y 
//define  TYPE_PGPPUBKE Y 1 
typedef  struct  PgpPubKey  PgpPubKey; 
ft  e nd  i f 


1459 


lib/ pgp/ utils/ encpipe.h 


struct  Pg pL i t e r a L Pa r a m s { 

char  const  * f i l e n a m e ; 
w o r d 3 2 timestamp; 

>; 

tfifndef  T Y P E_PG P L I T E R A L P A R AM S 
#define  T Y P E_PG P L I T E R A L P A R AM S 1 

typedef  struct  Pg p L i t e r a l Pa r a ms  Pg p L i t e r a L Pa r a ms ; 
# e nd  i f 


/ * 

* Create  the  encryption  pipeline.  This  function  will  use  parameters 

* set  in  the  environment  and  parameters  passed  in  to  determine  which 

* filters  to  create.  This  will  perform  some  limited  sanity  checking 

* on  the  arguments.  For  example,  it  is  illegal  to  create  a separate 

* signature  while  encrypting. 

* 

* Pass  in  a pointer  to  where  the  head  of  the  pipeline  should  go. 

* This  function  will  return  you  pointer  to  the  tail  of  the  pipeline. 

* 

* If  you  pass  in  needoutput,  it  will  be  filled  in  with  0 or  1,  depending 

* on  if  the  pipeline  requires  an  output  module.  When  using  multipart 

* armor,  for  example,  no  output  file  is  required  --  the  armor  module  will 

* open  the  appropriate  files. 


* 
* 
* 
■ k 
* 
* 
* 
* 
• k 
* 
* 
* 
* 
■ k 
* 
★ 
* 


Arguments : 

head:  The  head  of  the  pipeline  created. 

env:  The  current  PGP  Environment 

fd:  The  Fifo  Descriptor  to  use  for  buffering 

rng:  The  Random  Number  Generator  to  use  for  padding  and  randomness 
convkeys:  The  list  of  Conventional  Keys  to  use  for  conventional 
encryption  (encrypting  with  a passphrase) 
pubkeys:  The  list  of  Public  Keys  to  use  for  public  key  encryption, 
sigspecs:  The  list  of  Signature  Specifications  to  use  for  making 
signatures. 

literal:  should  this  be  processed  as  a literal  packet,  or  is  it 
a PGP  message  or  a clearsigned  message,  or  a separate 
signature?  This  includes  the  input  filename  to  be  included 
in  the  literal  packet,  and  other  literal  information, 
sepsig:  perform  a separate  signature.  Only  valid  with  a few  other 
options. 


* / 


struct  PgpPipeline  * * 
pgpEncryptPipelineCreate 


(struct 
struct 
struct 
struct 
struct 
struct 
struct 
struct 
int  sepsig); 


PgpPipeline  **head, 

PgpEnv  const  *env, 
PgpFifoDesc  const  *fd, 

Pg p Ra ndom C o n t e x t const  *rng, 
PgpConvKey  *convkeys, 
PgpPubKey  *pubkeys, 
PgpSigSpec  *si gspecs, 

PgpL i t e ra  l Pa  rams  *literal. 


tfendif  /*  PGP  ENCPIPE  H */ 
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filetype.c 


/ * 

★ 

★ 

Figure 

out 

the  type  of 

★ 

★ 

Written 

by 

Colin  Plumb. 

* $ I d : filetype.c, v 1.1  7 1 996/1  1 /1  2 02:1  8:40  mhw  Exp  $ 
*/ 


# i f d e f H A V E_C  0 N F I G_H 
#include  "config.h" 

#end  i f 

^include  <string.h>  /*  For  strcmp  ★ / 

^include  "filetype.h" 

#include  "pktbyte.h" 

#define  FILETYPELEN  8 /*  # of  characters  needed  */ 

struct  F i l e Ty pe  I n t e r n a l { 

unsigned  char  const  patternCFILETYPELENH;  / ★ First  char  is  length  * / 
struct  PgpFileType  type; 

>; 

/*  A character  that  does  not  appear  in  any  pattern  */ 

//define  ANY  (unsigned  char)255 


static  struct  F i l eType  I n t e rna l patternsll  = 
{ 


{ 

{ 

2, 

26,  11  >, 

{ 

" PAK" , 

1 1 

. pa  k " 

/ 

0 

> 

>, 

{ 

{ 

2, 

31  , 139  >, 

{ 

"gz i p" , 

".gz" 

/ 

0 

> 

>, 

{ 

{ 

2, 

31  , 157  >, 

{ 

"compressed 

1 1 

ii  y ii 

f - L 

/ 

0 

> 

>, 

{ 

{ 

2, 

234,  96  >, 

{ 

" Ar j " , 

1 1 

. a r j " 

/ 

0 

> 

>, 

/*  AZ  H P % */ 

{ 

{ 

4, 

26,  72,  80, 

/*  G I F 8 */ 

37 

{ 

"Hyper", 

1 1 

■ hyp" 

/ 

0 

> 

>, 

{ 

{ 

4, 

71,  73,  70, 

/*  HPAK  */ 

56 

{ 

"GIF", 

1 1 

-gif" 

/ 

0 

> 

>, 

{ 

{ 

4, 

72,  80,  65, 

75 

>, 

{ 

"Hpack", 

ii 

. hpk" 

/ 

0 

> 

>, 

/*  P K AC  AD  */ 

C 

{ 

4, 

80,  75,  3, 

/*  Z 0 0 */ 

4 

{ 

"Zip", 

ii 

.zip" 

/ 

0 

> 

>, 

{ 

{ 

4, 

90,  79,  79, 

32 

>, 

{ 

"Zoo", 

1 1 

.zoo" 

/ 

0 

> 

>, 

/*  ? ? - l h a 

0 - 

- 1 h a 1 - - 

l ha2 

- 

and 

- 1 h a 3-  * 

/ 

{ 

t 

7, 

ANY,  ANY,  45, 

1 08, 

1 04, 

48, 

45 

>, 

{ 

"LHArc", 

ii 

. Izh" 

/ 

0 

> 

>, 

{ 

{ 

7, 

ANY,  ANY,  45, 

1 08, 

1 04, 

49, 

45 

>, 

{ 

" LHArc", 

1 1 

. Izh" 

/ 

0 

> 

>, 

{ 

i 

7, 

ANY,  ANY,  45, 

1 08, 

1 04, 

50, 

45 

>, 

{ 

"LHArc", 

ii 

.Izh" 

f 

0 

> 

>, 

{ 

i 

7, 

ANY,  ANY,  45, 

1 08, 

1 04, 

51, 

45 

>, 

{ 

"LHArc", 

ii 

.Izh" 

/ 

0 

> 

>, 

/*  ? ? - l h a 

7 _ 

* / 

> ; 

{ 

{ 

7, 

ANY,  ANY,  45, 

1 08, 

104, 

ANY, 

45 

>, 

{ 

"LHArc", 

1 1 

. 1 h a " 

f 

0 

> 

} 

static 

struct 

PgpFileType  PGPFile 

= C'PGP",  " 

■ P9P 

1 1 

/ 

0> 

f 

/*  \ 2 5 0 3 

P 

G 

P ★/ 

static 

unsigned  char  const  PGPPatternCO 

= { 5 

, 168, 

3, 

80,  71, 

80 

> ; 

static 

i n t 

fi  leTypeMatch 

(byte  const  *bytes. 

byte 

const 

★prefix. 

unsigned 

l e n ) 

{ 
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unsigned  l = *bytes++; 
unsigned  i; 

if  ( L > L e n ) 

return  0; 

for  (i  = 0;  i < l;  i++) 

if  (bytesCi]  !=  prefixCiD  &&  bytesCiD  !=  ANY) 
return  0; 

return  1;  /*  Success  */ 

> 


/*  Figure  out  if  the  file  is  a recognized  type  */ 
struct  PgpFileType  const  * 

pgpFileType  (byte  const  *prefix,  unsigned  ten) 

{ 

unsigned  i; 


for  ( i 


> 


= 0;  i < sizeof(patterns)/sizeof(*patterns);  i++)  C 
if  (fileTypeMatchCpatternsCiD. pattern,  prefix,  Len) ) 
return  SpatternsCiD.type; 


> 


if  ( pgp F i l eTypePGP  (prefix,  Len)) 
return  SPGPFile; 


return 


(struct  PgpFileType  * ) 0 ; 


/* 

* Figure  out  if  a file  is  a binary 

* Returns  1 if  it  is  a PGP  file,  0 
*/ 

i n t 

pgpFi  leTypePGP  (byte  const  *prefix, 
{ 

if  (lien) 

return  0; 


PGP  file, 
if  it  is  not. 


unsigned  len) 


/*  A LI PGP  messages  start  with  a character  lOxxxxxx  */ 

if  ( ! I S_OLD_PKTBYTE  (*prefix)) 
return  0; 


/*  Check  for  a new-style  PGP  file,  using  the  PGP  file  header  */ 
if  ( f i l eTypeMa t c h (PGPPattern,  prefix,  len)) 
return  1; 

/ ★ 

* Check  for  old-style  PGP  file,  checking  the  middle  bits  for 

* known  packet  types.  This  needs  to  match  lib/pipe/file/header.c 
*/ 

switch  (0LD_PKTBYTE_TYPE  (*prefix))  { 

case  P KT  B Y T E_E  S K : 

case  P KT  B Y T E_S I G : 

case  PKTBYTE_C0NVESK: 

case  P KT  B Y T E_S  E C KE  Y : 

case  PKTBYTE_PUBKE Y : 

case  PKTBYTE_SECSUBKEY : 

case  PKTBYTE_PUBSUBKEY : 

case  PKTBYTE_C0MPRESSED : 
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case  PKTBYTE_CONVENTIONAL: 
case  PKTBYTE_LITERAL : 

/*  These  are  the  known  packet  types  */ 
return  1 ; 

default  : 

/*  Its  not  known  --  perhaps  something  else?  */ 
return  0; 

> 

/*  NOTREACHED  */ 
return  0; 


/ * 
* 
* 
ie 
* 
* 
* 
* 
k 
* 
* 
* 


Figure  out  if  a file  is 
Returns  0 if  text,  1 if 


human-readable 

binary. 


or  not 


A file  is  considered  binary  if  it  contains  any  illegal 
or  "too  many"  characters  with  the  8th  bit  set.  If  you' 
you  might  have  some  such  characters,  but  a binary  file 
about  half  odd  characters.  This  test  assumes  a file  is 


control  characters 
re  using  Latin-1, 
probably  averages 
binary  if  the 


number  of  bytes  with  the  high  bit 
EXCEPTION:  If  working  in  Russian, 
half,  so  ignore  this  test  in  that 


set  exceeds 
Cyrillic  is 
case. 


a quarter  of  the  buffer, 
usually  placed  in  the  high 


★ 

The 

legal 

control  characters  are: 

* 

0 

NU 

null  ( n u l ) 

ILLEGAL 

★ 

1 

SH 

start  of  heading  (soh) 

ILLEGAL 

★ 

2 

SX 

start  of  text  (stx) 

ILLEGAL 

* 

3 

EX 

end  of  text  (etx) 

ILLEGAL 

★ 

4 

ET 

end  of  transmission  (eot) 

ILLEGAL 

★ 

5 

EQ 

enquiry  (enq) 

ILLEGAL 

★ 

5 

EQ 

enquiry  (enq) 

ILLEGAL 

★ 

6 

AK 

acknowledge  (ack) 

ILLEGAL 

★ 

7 

BL 

bell  ( be  l ) 

legal 

\ a ' 

★ 

8 

BS 

backspace  (bs) 

legal 

\ b ' 

★ 

9 

HT 

character  tabulation  (ht) 

legal 

1 \t  ' 

* 

1 0 

LF 

line  feed  (If) 

legal  1 

1 \ n 1 

★ 

1 1 

VT 

line  tabulation  (vt) 

legal  1 

1 \ v ' 

★ 

1 2 

F F 

form  feed  (ff) 

legal  ' 

1 \f  ' 

★ 

1 3 

C R 

carriage  return  (cr) 

legal  1 

1 \ r ' 

★ 

1 4 

SO 

shift  out  (so) 

ILLEGAL 

* 

1 5 

SI 

shift  in  (si) 

ILLEGAL 

★ 

1 6 

DL 

datalink  escape  (die) 

ILLEGAL 

★ 

1 7 

D 1 

device  control  one  (del) 

ILLEGAL 

★ 

1 8 

D 2 

device  control  two  (dc2) 

ILLEGAL 

★ 

1 9 

D 3 

device  control  three  (dc3) 

ILLEGAL 

★ 

20 

D 4 

device  control  four  (dc4) 

ILLEGAL 

★ 

21 

NK 

negative  acknowledge  (nak) 

ILLEGAL 

•k 

22 

S Y 

syncronous  idle  (syn) 

ILLEGAL 

* 

23 

EB 

end  of  transmission  block  (etb) 

ILLEGAL 

* 

24 

CN 

cancel  (can) 

ILLEGAL 

★ 

25 

EM 

end  of  medium  (em) 

ILLEGAL 

★ 

26 

SB 

substitute  (sub) 

legal  (CP/M 

8 MS 

★ 

27 

EC 

escape  (esc) 

ILLEGAL 

* 

28 

FS 

file  separator  ( i s 4 ) 

ILLEGAL 

★ 

29 

GS 

group  separator  ( i s 3 ) 

ILLEGAL 

★ 

30 

RS 

record  separator  (is2) 

ILLEGAL 

★ 

31 

US 

unit  separator  ( i s 1 ) 

ILLEGAL 

EOF) 
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* TODO:  Worry  about  EBCDIC 

* TODO:  Use  the  charset  rather  than  the  language  to  decide. 

* TODO:  Worry  about  shift-JIS  and  other  heavy  top-8-bit  uses. 

*/ 

i n t 

pg p F i l e Ty peB i na ry ( c h a r const  *lang,  byte  const  *buf,  unsigned  len) 

{ 

unsigned  highlimit; 
char  c ; 

if  (lien) 

return  1;  / * empty  file  or  error,  not  a text  file  * / 

if  ( pg p F i l eTy pe ( bu f , len)) 
return  1; 


} 


/*  Limit  on  number  of  8th-bit-set  characters  allowed  */ 
highlimit  = len/4; 

if  (Lang  88  strcmpC  lang,  "ru")  ==  0) 
highlimit  = len; 


do  C 


> while 


c = * b u f + + ; 


i f 

( c < 

' ' 88 

( c 

return 

1; 

i f 

( ( c 8 

0x80) 

88 

return 

i; 

(-- 

-len); 

< ' \ a ' ||  c > ' \r ' ) 88  c ! = 26) 

/*  Illegal  control  char  */ 
highlimit--  ==  0) 

/*  Too  many  8th  bits  set  */ 


return  0; 
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filetype.h 

/ * 

* filetype.h  - classify  files 

★ 

* $ I d : filetype.h, v 1.9  1 996/1  1 /1  2 02:1  8:40  mhw  Exp  $ 

*/ 

# i f nde  f PG P_F I L E T Y P E_H 
^define  PG P_F I L E T Y P E_H 

# include  "pgp/usuals.h" 

struct  PgpFileType  { 

char  const  *typename;  / 

char  const  * e x t ; / 

int  compressible;  / 

>; 

# i f nde  f T Y P E_PG P F I L E T Y P E 
#define  T Y P E_PG P F I L E T Y P E 1 
typedef  struct  PgpFileType  PgpFileType; 

# e nd  i f 

struct  PgpFileType  const  *pgpFileType  (byte  const  *prefix,  unsigned  len); 
int  pgpFileTypeBinary  (char  const  *lang,  byte  const  * b u f , unsigned  len); 
int  pgpFileTypePGP  (byte  const  *prefix,  unsigned  len); 

#endif  /*  PGP  FILETYPE  H */ 


* Nou n / a d j e c t i v e to  modify  "file"  */ 

* .zip,  .lha,  .gz,  etc.  */ 

* Can  it  be  further  compressed  (.tar)  */ 
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pgpconf.c 


/* 


* pgpconf.c  - Parse  configuration  files  and  lines. 


* Written  by:  Colin  Plumb  and  Derek  Atkins  <warlord3MIT. EDU> 

* 


* $ I d : 

pgpconf.c, v 1 

.23.2 

★ / 

//ifdef  H A V E_C  0 N F I G_H 

ft i nc  l ude 

" c on  f i g . h " 

ft  e nd i f 

//include 

<assert . h> 

//include 

<ctype.h> 

ft  i n c l ud  e 

< s t d i o . h > 

//include 

<stdlib.h> 

/* 

//include 

<string.h> 

ft  i nc  l ude 

"pgpconf  . h" 

ft  i n c l ude 

"pgp/pgpenv . 

h" 

//include 

"pgp  / pgperr  . 

h" 

//include 

"pgp/pgpmsg  . 

h" 

//include 

"pgp/pgpui  . h 

1 1 

/ * For  strtolO  * / 


struct 


>; 


/*  The 
ft  d e f i n e 
# d e f i n e 
//define 
//define 
//define 
/*  The 
//define 
//define 
ft  d e f i n e 


C on  f i g { 

char  const  * n a m e ; 
i n t v a r ; 
unsigned  flags; 
int  min,  max; 


following  are  i 

n the 

flags: 

* / 

0 PT_ 

.TYPEMASK 

3 

0 P T_ 

.IGNORE 

0 

/* 

Ignore 

if  encountered 

*/ 

0 P T_ 

BINARY 

1 

/* 

Boolean 

options: 

m i n 

= false,  max  = 

t 

0 P T_ 

INT 

2 

/ * 

Integer 

option,  i 

n range 

Cmin,maxD 

*/ 

0 P T_ 

.STRING 

3 

/* 

String, 

of  length 

< = 

max 

*/ 

following  addit 

i o n a l 

flags 

are  also 

used:  * / 

0 P T_ 

CMD 

4 

/* 

Command 

line  only 

*/ 

0 P T_ 

LOWER 

8 

/* 

Lowercase  strings 

before 

storing  * / 

0 P T_ 

FUNC 

1 6 

/* 

Call  function  rather 

than 

set  c o n f 

* / 

rue 


* / 


/*  Up  to  this  many  errors  are  ignored  when  reading  a config  file.  */ 
//define  MAX_ERRORS  3 /*  Don't  give  up  right  away  on  error.  */ 


//define  F U N C_R  A N D S OU  R C E 2 


/ * The 
static 
E n v 0 p t 


options  list.  Indexes 

in  the 

left  margin 

are  used  in  conf 

i 9 I 

nit.  * / 

struct  Config 

onsl]  = { 

{ "armor". 

P G P E N V_ 

.ARMOR, 

0 PT_B I N A R Y , 

o. 

1 >, 

{ "armorlines". 

PGPENV_ 

.ARMORLINES, 

0 P T_I NT, 

o. 

INT  MAX 

{ "bakring". 

PGPENV_ 

BAKRING, 

0 P T_S  T RING, 

o. 

0 >, 

{ "cer t_d  e p t h " , 

PGPENV_ 

.CERTDEPTH, 

0 P T_I NT, 

o. 

8 >, 

{ "charset". 

PGPENV_ 

.CHARSET, 

0 P T_S  T R I N G , 

o. 

0 >, 

{ "clearsig". 

PGPENV_ 

.CLEARSIG, 

0 PT_B I N A R Y , 

o. 

1 >, 

i " comment " , 

PGPENV_ 

.COMMENT, 

0 P T_S  T R I N G , 

o. 

70  >, 

{ " c omp l e t e s_n e e d e d " , 

PGPENV_ 

.COMPLETES, 

0 P T_I NT, 

1, 

4 >, 
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/* 

/* 


/* 
/ * 


# i f d e f 
/* 

U e nd i f 


{ "compress", 

{ " company  key " , 

{ "encrypttoself", 

{ "interactive", 

{ "keepbinary", 

{ "Language", 

{ "marginals_needed", 
{ "myname", 

{ "pager", 

{ " p k c s_c  ompa  t " , 

{ "pubring", 

{ "randseed", 

UNIX 

{ "randsource". 


PGPENV. 

PGPENV. 

PGPENV. 

PGPENV. 

PGPENV. 

PGPENV. 

PGPENV. 

PGPENV. 

PGPENV. 

PGPENV. 

PGPENV. 

PGPENV 


.COMPRESS,  0 P T_B  I N A R Y , 
.COMPANYKEY,  OPT_STRING, 
.ENCRYPTTOSELF, OP  T_B I N A R Y , 
.INTERACTIVE,  0 PT_B  I N A R Y , 
.KEEPBINARY,  0 P T_B  I N A R Y , 
.LANGUAGE,  0 P T_S  T R I N G | 0 P T. 
.MARGINALS,  0PT_INT, 
.MYNAME,  0 P T_S  T R I N G , 

.PAGER,  0 P T_S  T R I N G , 

.P K C S_C  0 M P AT  , 0 P T_I  NT, 


.PUBRING, 

.RANDSEED, 


0 P T_S  T RING, 
0 P T_S  T R I N G , 


0,  1 >, 

0,  255  >, 

0,  1 >, 

0 , 1 } , * / 

0,  1 >,*/ 

LOWER,  0,  16  >, 

1,  4 }, 

0,  255  >, 

0,  255  },*/ 

0,  I N T_M  A X >,*/ 

0,  0 >, 

0,  0 >, 


FUN C_R AND  SOURCE,  OPT_STRING | 0PT_FUNC, 


0,  0 >,*/ 


"secring". 

PGPENV_ 

.SECRING, 

0 PT_ 

STRING, 

o. 

0 

>/ 

"showpass". 

PGPENV_ 

.SHOWPASS, 

0 PT_ 

BINARY, 

o. 

1 

>, 

"textmode". 

PGPENV_ 

.TEXTMODE, 

0 P T_ 

BINARY, 

o. 

1 

>, 

{ 

" tmp" , 

PGPENV_ 

.TMP, 

0 P T_ 

STRING, 

o. 

0 

y. 

/ * 

Temp  for  new  trust 

- change  to  something  better 

* / 

C 

"trusted". 

PGPENV_ 

.TRUSTED, 

0 P T_ 

.INT, 

o. 

2 5 5 }, 

{ 

"tzf ix". 

PGPENV_ 

.TZ  FIX, 

0 P T_ 

.INT, 

-24 

f 

24  >, 

"verbose". 

PGPENV_ 

.VERBOSE, 

0 P T_ 

.INT, 

o. 

I N T_M  A X 

> 

/* 

ExperimentaL  XXX333 

* / 

"version". 

PGPENV_ 

VERSION, 

0 P T_ 

.INT, 

2, 

4 

y. 

"ciphernum". 

P G P E N V_ 

.CIPHER, 

0 P T_ 

.INT, 

1/ 

I N T_M  A X 

> 

"hashnum". 

PGPENV_ 

.HASH, 

0 P T_ 

.INT, 

1, 

I N T_M  A X 

> 

> ; 


/*  command  Line  on  Ly 
{ "batchmode", 

{ "force", 

{ "magic", 

{ "noout", 

/*  NuL  L-terminated  * 
{ (char  const  * ) 0 , 


* / 

P G P E N V_B  ATCHMODE,  OPT 
P G P E N V_F  0 R C E , OPT 

P G P E N V_M A G I C , OPT 

P G P E N V_N  0 0 U T , OPT 

0,  0, 


BINARY | 0PT_CMD,  0,  1 >, 
BINARY | 0PT_CMD,  0,  1 >, 
BINARY j 0PT_CMD,  0,  1 >, 
BINARY | 0PT_CMD,  0,  1 >, 

0,  0 > 


/*  C a s e - i n s e n s i t i v e memory  compare  */ 
static  i n t 

xmemicmp  (char  const  * i n 1 , char  const  *in2,  int  Len) 
{ 

wh  i L e ( L en—  ) C 

if  ( to L owe r ( * i nl  ) !=  t o L ow e r ( * i n2 ) ) 

return  1; 

i n 1 ++; 
i n 2 + + ; 

> 

return  0; 

> 


/ * 

* Find  a keyword  in  a n u L L - t e r m i na t ed  options  List. 

* Returns  the  option,  or  NULL  if  the  option  is  ambiguous, 

* or  a pointer  to  the  nuLL  option  if  it  is  not  found. 

* optmask  is  a mask  of  bits  in  the  opt->fLags  List  which  cause 

* entries  with  any  of  those  bits  set  to  be  ignored. 

* / 

static  struct  Config  const  * 

configLookup  (struct  PgpUICb  const  *ui,  void  * a r g , unsigned  Linenum, 
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char  const  * k e y , unsigned  keylen,  int  optmask) 

{ 

struct  Config  * h i t = NULL; 
int  in- 
struct PgpUICbArg  msgargl,  msgarg2,  msgarg3,  m s g a r g 4 ; 

for  ( i = 0 ; EnvOpt i ons[ i ] . name;  i++)  { 

if  ( ( E n v 0 p t i o n s C i 1 . f L a g s & optmask)  !=  0) 
continue; 

if  ( xmem i cmp ( En vOp t i on s C i ] . name , key,  keylen)  !=  0) 
continue; 

/*  We  have  a match!  */ 

if  ( s t r l en ( En vOp t i on s C i ] . name  ) ==  keylen) 

return  (SCEnvOptionsCiH));  / * exact  match  * / 

/*  Do  we  have  a double  match?  */ 
if  (hit)  { 

msgargl. type  = P G P_U I_A  R G_U  NSIGNED; 
msgargl. val.u  = linenum; 
msga  rg2 . type  = P G P_U I _A  R G_B  U F F E R ; 
msgarg2.val.buf.buf  = (byte  * ) k e y ; 
msgarg2 . va l . buf . len  = keylen; 
msga  rg3  . type  = PG P_U I_A R G_S T R I N G ; 
msgarg3.val.s  = hit->name; 
msga  rg4 . type  = PGP_UI_ARG_STRING; 
m s g a r g 4 . v a l . s = E n v 0 p t i o n s C i 1 . n a m e ; 
ui->message  (arg,  PG P E R R_C 0 N F I G , 

PGPMSG_CONFIG_AMBIGUOUS,  4,  Smsgargl, 
8msgarg2,  &msgarg3,  Smsgarg4); 

return  (struct  Config  const  *)0; 

> 

/*  Remember  this  match  */ 
hit  = S(EnvOptionsCiD); 

/*  Keep  looking  for  an  exact  match  or  ambiguity.  */ 

if  (hit)  { 

return  hit; 

> 

msgargl. type  = PG P_U I_A R G_U N S I G N E D ; 
msgargl. val.u  = linenum; 
msga  rg2  . type  = P G P_U I_A  R G_B  U F F E R ; 
msga rg2  . va  l . buf  . buf  = (byte  *)key; 
msgarg2.val.buf.len  = keylen; 

ui->message  (arg,  PG P E R R_C ON F I G , P G PM S G_C 0 N F I G_U N KN 0 W N_K E Y W 0 R D , 

2,  Smsgargl , 8msgarg2); 

return  (SEnvOptionsCiD); 

> 

static  int 

c o n f i g C a l l F u n c i (struct  PgpEnv  *env,  int  varnum,  int  val,  int  pri) 

(void)env; 

(void)val; 

( vo i d ) p r i ; 

switch  (varnum)  { 

default: 
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> 


> 


return  PG P E R R_C ON F I G_B A D F U N C ; 


s t a t 
con  f 

{ 


> 


c int 

gCallFuncs  (struct  PgpEnv  *env,  int  varnum, 
int  p r i ) 

(void)env; 

(void)string; 

(void)  len; 

(void)pri; 
switch  (varnum)  { 
case  FUNC_RANDSOURCE : 
default: 

return  PG P E R R_C ON F I G_B A D F U N C ; 

> 


char  const  * s t r i ng , 


i n t 


len. 


/*  Return  the  number  of  leading  whitespace  characters  in  a buffer  */ 
static  unsigned 
s k i pW h i t e ( c h a r const  *buf) 

{ 

unsigned  i = 0 ; 

while  ( i s s pa  c e ( bu  f E i II ) ) 
i + +; 

return  i ; 

> 

/ * 

* Reduce  "len"  by  the  amount  of  trailing  whitespace  characters  in  the 

* string  starting  at  buf  and  len  characters  long. 

*/ 

static  unsigned 

u n s k i pW h i t e ( c h a r const  *buf,  unsigned  len) 

{ 

while  (len  & & isspace(bufClen-IIl)) 

--len; 

return  len; 

> 

/ * 

* Get  a word  up  to  the  next  non-graphic  character,  comment  symbol  (#) 

* or  delimiter  (such  as  '=').  Set  delimiter  to  a non-graphic  character 

* (0  works  well)  to  not  use  it. 

* Returns  the  length  of  the  word  found. 

*/ 

static  unsigned 

getWord(char  const  *buf,  char  delimiter) 

{ 

char  c ; 

int  i = 0 ; 

do  { 

c = bufCi++D; 

> while  (isgraph(c)  &&  c !=  &&  c !=  delimiter); 
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> 


return  i - 1 ; 


/ * 

* Get  a string  in  the  nasty  non-quoted  format. 

* Spaces  are  allowed,  but  the  string  ends  at  a 

* trailing  whitespace  is  suppresed. 

* Returns  the  length  of  the  string  found. 

* / 


static  unsigned 
g e t S t r i n g ( c h a r const  *buf) 
{ 

char  c ; 

unsigned  i = 0; 


comment  and 


do 

c = buf[i++]; 
while  (isprint(c)  & & c != 

return  u n s k i p W h i t e ( b u f , i-1); 

> 


/ * 

* Get  a quoted  string.  Anything  is 

* quote.  Returns  the  length  of  the 

* / 

static  unsigned 

g e t Q S t r i n g ( s t r u c t PgpUICb  const  *ui, 
char  const  *buf) 


allowed  up  to  a trailing  double 
string  found,  or  -1  on  error. 


void  *arg,  unsigned  linenum. 


char  c ; 

unsigned  i = 0; 

struct  PgpUICbArg  msgargl,  msgarg2; 


d o 

c = bufCi++]; 
while  (c  &&  c != 

— i ; 

if  ( c ==  ' " ' ) 

return  i; 

/*  Error  case  - drop  trailing  whitespace  (like  NL)  when  printing  */ 

msgargl. type  = PG P_U I_A R G_U N S I G N E D ; 

msgargl.  val.u  = linenum; 

msgarg2.type  = PG P_U I_A RG_BU F F E R ; 

msgarg2.val.buf.buf  = (byte  *)buf; 

msga rg2  . va  l . buf . I en  = unskipWhite  (buf,  i); 

ui->message  (arg,  PG P E R R_C 0 N F I G , P G PM S G_C 0 N F I G_S T R I N G E N D , 

2,  Smsgargl,  Smsgarg2); 

return  ( uns i gned  ) -1 ; 

> 


/ * 

* Parse  a line  of  input.  linenum  ==  0 indicates  the  command  line. 


1470 


lib  / pgp/ utils/ pgpconf.c 


* and  causes  a few  changes  in  activity: 

* - some  extra  parameters  are  recognized  (0PT_CMD) 

* - " = 0 N " is  implicit  for  boolean  options 

* - error  messages  are  printed  differently 

* - Unknown  keywords  are  fatal 

* - Strings  need  not  be  copied,  since  the  argv  array  isn't  going  away 

* 

* Note  that  the  input  "line"  array  is  not  permanently  modified,  but  it 

* is  occasionally  modified  in  place  temporarily  to  install  a trailing 

* null  character  in  the  middle. 

* 


* Returns  0 on  success,  a PGPERR_*  on  fa 
*/ 


s t a t 
c on  f 


c i n t 

gLineParsetstruct  PgpUICb  const  *ui, 
unsigned  linenum,  char  * l 


lure. 


void  *arg,  struct  PgpEnv  *env, 
n e , i n t p r i ) 


char  const  * k e y ; 
unsigned  keylen; 
unsigned  i; 

struct  Config  const  * o p t ; 
long  v a l ; 
char  * p ; 

struct  PgpUICbArg  msgargl  , msgarg2,  msgarg3,  msgarg4,  m s g a r g 5 ; 


line  + = skipWhite  (line); 


keylen  = getWord  (line,  ' = ' ) ; 
if  (Ikeylen) 

return  0;  /*  Blank  line  */ 

key  = line; 


opt  = conf i gLookup  (ui,  arg,  linenum,  key,  keylen, 

linenum  ? 0PT_CMD  : 0); 


i f ( ! op  t ) 

return  P G P E R R_C 0 N F I G_B A D 0 P T ; 
if  (!opt->name)  / * In  the  config  file,  not  found  isn't 
return  linenum  ? 0 : PG P E R R_C ON F I G_B A DO PT ; 
if  ((opt->flags  S 0 PT_T Y P E M A S K ) ==  0PT_IGN0RE) 
return  0; 


fatal  * / 


msgargl. type  = PG P_U I_A RG_U N S I GN E D ; 
msgargl. val. u = linenum ; 
msgarg2.type  = PG P_U I_A R G_BU F F E R ; 
msgarg2.val.buf.buf  = (byte  *)key; 
msgarg2.val.buf.len  = keylen; 


line  +=  keylen; 

line  +=  skipWhite(line); 

if  ( * l i n e !=  ' = ' ) f 

/*  On  the  command  line,  "armor"  means  "armor=on"  */ 
if  ( ! linenum  &&  *line  ==  ' \ 0 ' SS 

(opt->flags  S 0 PT_T  YPEMASK)  ==  0 P T_B I N A R Y ) 

{ 


if  (opt->f  lags  & 0PT_FUNC) 

(void)configCal  LFunci (env,  opt->var, 

p r i ) ; 


else 


opt->max. 
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> 


return 


(void)pgpenvSetlnt(env, 

(enum  Pg p E n v I n t s ) o p t -> va r , 
opt->max,  pri); 

0; 


ui->message  (arg,  P G P E R R_C  0 N F I G , P G P M S G_C 0 N F I G_M I S S I N G_E Q U A L , 
2 , Smsgargl,  Smsgarg2); 


return  P G P E R R_C 0 N F I G ; 

> 

Line++;  /*  skip  '='  */ 

/*  Skip  assignment  and  following  whitespace  */ 
line  + = skipWhite(line); 


switch  (opt -> flags  S 0 P T_T  YPEMASK)  { 
case  0 P T_B I N A R Y : 

i = getWordCline,  0 ) ; 

if  ( ( i ==  3 SS  xmemi cmpC'of f ",  line,  3)  ==  0)  || 

( i ==  1 SS  l i neEO:  ==  -O')) 

{ 


> else 
{ 


> else 


> 


if  ( o p t ->  f lags  S 0PT_FUNC) 

(void)configCal  l Funci (env,  opt->var, 

pr  i ) ; 


else 


opt->mi n. 


(void)pgpenvSetlnt(env, 

(enum  P g p E n v I n t s ) o p t - > v a r , 
opt->min,  pri); 

break; 

if  ( ( i ==  2 &&  xmemicmpC'on",  line,  2)  ==  0)  || 

( i ==  1 &&  l i n e C 0 3 ==  ' 1 ' ) ) 


if  ( o p t->  f lags  S 0PT_FUNC) 

(void)configCallFunci (env, 

pri) 


else 


opt->var,  opt->max. 


(void)pgpenvSetlnt(env, 

(enum  Pg p E n v I n t s ) op t -> va r , 
opt->max,  pri); 

break; 

if  (i  ==  0)  { 

ui->message  (arg,  PG P E R R_C ON F I G , 

PGPMSG_C0NFIG_MISSING_B00LEAN,  2, 
Smsgargl,  Smsgarg2); 

break; 


/*  Fall  through:  default  case  */ 
msgarg3.type  = PG P_U I_A R G_B U F F E R ; 
msgarg3.val.buf.buf  = (byte  *)line; 
msgarg3.val.buf.len  = i; 


ui->message  (arg,  PG P E R R_C 0 N F I G , 

PGPMSG_C0NFI G_U  N KN  0 W N_B  0 0 L E A N , 3,  Smsgargl, 
Smsgarg2,  Smsgarg3); 
return  PG P E R R_C 0 N F I G ; 


case  0 PT_I NT : 

val  = strtol  (line,  Sp,  0); 
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i = getWord  (Line,  0 ) ; 

msga  rg3 . type  = P G P_U I_A  R G_B  U F F E R ; 
msgarg3.val.buf.buf  = (byte  * ) L i n e ; 
msgarg3.val.buf.Len  = i ; 

if  ( ! i s s p a c e ( * p ) SS  *p  !=  ' \ 0 ' ) { 
if  ( i ) { 

ui->message 

(arg,  PG P E R R_C 0 N F I G , 

P G PM  S G_C  0 N F I G_U N KN 0 W N_I N T E G E R , 3, 
Smsgargl,  Smsgarg2,  8msgarg3); 

> e L s e { 

ui->message 

(arg,  P G P E R R_C 0 N F I G , 
PGPMSG_CONFIG_MISSING_INTEGER,  2, 
Smsgargl,  Smsgarg2); 

> 

return  PG P E R R_C 0 N F I G ; 

> 

msgarg4.type  = PG P_U I_A RG_I N T ; 
msgarg4. vaL . i = vaL; 
if  (vaL  > ( L ong ) opt->max ) { 

msgarg5.type  = PG P_U I_A R G_I NT ; 
msgarg5.vaL.i  = opt->max; 
ui->message  (arg,  PG P E R R_C ON F I G , 

PGPMSG_CONFIG_INT_TOO_HIGH,  4, 

Smsgargl,  Smsgarg2,  Smsgarg4,  8msgarg5); 
vaL  = (Long)opt->max; 

> eLse  if  (vaL  < ( L o n g ) o p t -> m i n ) { 

msgarg5.type  = PG P_U I_A R G_I N T ; 
msgarg5 . va  L . u = opt->min; 
ui->message  (arg,  PG P E R R_C 0 N F I G , 

PGPMSG_CONF IG_IN  T_T  0 0_L  0 W , 4, 

Smsgargl,  Smsgarg2,  8msgarg4,  8msgarg5); 
vaL  = (Long)opt->min; 

> 

if  ((opt->fLags  S 0PT_FUNC)  ==  0)  C 

( vo i d ) pg pen v S e t I n t ( en v , (enum  Pg p E n v I n t s ) op t -> va r , 

(int)vaL,  pri); 

> eLse  if  ( c on f i g C a L L F u n c i ( e n v , opt->var,  (int)vaL,  pri)  < 0)  ( 

ui->message  (arg,  PG P E R R_C ON F I G , 

PGPMSG_C0NFI G_I NVALID_INTEGER,  3, 

Smsgargl,  Smsgarg2,  Smsgarg3); 
return  PG P E R R_C ON F I G ; 

> 

break; 


case  0 P T_S  T R I N G : 
if  ( * L i n e 
i 

i f 


> eLse  { 


= ' " ' ) { 

getQString(ui,  arg,  Linenum,  ++Line); 
(i  ==  (unsigned)-l) 

return  PG P E R R_C 0 N F I G ; 

getString(Line); 


msgarg3.type  = PG P_U I_A R G_BU F F E R ; 
msgarg3.vaL.buf.buf  = (byte  *)Line; 
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> 


msgarg3.val.buf.len  = i ; 


if  (i  > ( uns i gned  ) opt->max-1 ) f 

msgarg4.type  = PG P_U I_A RG_I N T ; 
msgarg4.val.i  = opt->max-1; 
ui->message  (arg,  PG P E R R_C ON F I G , 

PGPMSG_CONF I G_S  T R I N G_T  0 0_L  0 N G , 3, 
Smsgargl,  Smsgarg2,  8msgarg4); 
return  PG P E R R_C ON F I G ; 

/*  Call  function  to  set:  never  any  need  to  copy  */ 

> 

{ 


char  c ; 
int  status; 

c = L i n e t i 1 ; 

LineCi]  = 1 \ 0 ' ; 

/ * NuLL-terminate 

the  string  * / 

if  (opt->flags 

S 0 P T_F  U N C ) 

status 

= configCallFuncs 

(env,  opt 

-> va  r , 

Line,  i , 

P r i ) ; 

else 

status 

= pgpenvSetString 

(env,  (enum  P g p E n v S t r i n g s ) 

opt->var 

Line,  p r i ) ; 


LineEi]  = c;  / * Restore  the  string  * / 
if  (status  >=  0) 

break;  / * Success  * / 
ui->message  (arg,  PG P E R R_C ON F I G , 

PGPMSG_CONFIG_INVALID_STRING,  3, 
Smsgargl,  Smsgarg2,  Smsgarg3); 
return  PG P E R R_C 0 N F I G ; 

> 

break; 


> 


return  0; 


/* 

* "option"  may  be  modified 

* returning. 

*/ 


i n t 

p g p C o n f 
{ 


gLineProcessCstruct 

struct 


temporarily,  but  it  is  restored  prior 


PgpUICb  const  *ui,  void  *arg, 

PgpEnv  *env,  char  *option,  int  pri) 


if  (!ui  ||  !ui->message) 

return  P G P E R R_U I_I N V A L I D ; 


t o 


return  conf igLineParse  (ui,  arg,  env,  0,  option,  pri); 

> 

#define  CPM_E0F  26  /*  AZ  - accept  this  as  a file  terminator.  */ 

/ * 

* Read  a Line  from  file  f,  into  buf,  up  to  the  given  Length.  Anything  after 

* that  is  ignored.  Strips  trailing  spaces  and  Line  terminator,  can  read 

* LF,  CRLF  and  CR  terminated  Lines.  Also  accepts  CPM_E0F  (AZ)  as  a file 
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* terminator. 

* / 

static  char  * 

configLineGet(FILE  * f , char  * b u f , unsigned  Len) 
i 

i n t c ; 

char  * p = buf; 

/*  Skip  Leading  whitespace  */ 
do  { 

c = getc(f); 

> while  (c  = = 1 ' ||  c ==  1 \ t 1 ) ; 

while  (len  > 0 SS  c !=  '\n'  &&  c !=  ' \ r 1 &&  c ! = EOF  &&  c !=  CPM_E0F) 
{ 

*p++  = c; 

--len; 

c = getc(f); 

> 

/*  Return  NULL  on  EOF  */ 

if  (p  ==  buf  &&  (c  ==  EOF  | | c ==  C P M_E  OF))  { 

* b u f = ' \ 0 ' ; 

return  (char  * ) 0 ; 

> 

/ * 

* Skip  to  end  of  line,  setting  len  to  non-zero  if  anything  trailing  is 

* not  a space  (meaning  that  any  trailing  whitespace  in  the  buffer  is 

* not  trailing  whitespace  on  the  line  and  should  not  be  stripped). 

*/ 

len  = 0 ; 

while  (c  ! = '\n'  &&  c !=  1 \ r ' &&  c !=  EOF  &&  c !=  CPM_E0F)  { 

len  |=  c A ' /*  Avoid  branches  for  fast  processors  */ 

c = getc(f); 

> 

/*  Put  back  CPM_E0F,  and  character  after  \r  if  it's  not  \n  */ 
if  (c  ==  C PM_E  0 F ||  (c  ==  1 \ r 1 &&  (c  = getc(f))  !=  '\n')) 
ungetc(c,  f); 

/*  If  line  wasn't  too  long,  skip  trailing  WS  and  null-terminate  */ 
if  (!len)  { /*  Skip  trailing  whitespace,  as  described  above  */ 

while  (p  >=  buf  &&  pC-1H  ==  ' ') 

— p; 

* p = ' \ 0 1 ; 

> 

return  buf; 

> 


i n t 

pg p C on f i g F i l e P r o c e s s ( s t r u c t PgpUICb  const  *ui,  void 

struct  PgpEnv  *env,  char  const 


*a  r g , 

* f i lename. 


FILE  *f; 

unsigned  linenum  = 0; 
unsigned  errors  = 0; 
i n t i ; 

char  bufC130H;  /*  Maximum  allowable  line  size  */ 
struct  PgpUICbArg  msgargl,  msgarg2,  msgarg3; 


i n t p r i ) 
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if  ( ! u i ||  ! u i ->me s s a g e ) 

return  PG P E R R_U I_I N V A L I D ; 

f = fopen  (filename,  "r"); 
if  (f  ==  NULL)  f 

msgargl.type  = PG P_U I_A RG_S T R I NG  ; 
msgargl  .val.s  = filename; 
ui->message  (arg,  PG P E R R_C ON F I G , 

PGPMSG_CONFI G_N  0_F I L E , 1,  Smsgargl); 
return  0;  / * treat  like  empty  config  file  * / 

> 

bufCsizeof(buf)-1D  = ' \ 0 ' ; 

while  (errors  < MAX_ERRORS  88  c o n f i g L i n e G e t ( f , buf,  s i z e o f ( b u f ) ) ) T 
++linenum; 

msgargl.type  = PG P_U I_A R G_U N S I G N E D ; 
msgargl. val.u  = linenum; 
msgarg2.type  = PG P_U I_A R G_S TR I NG ; 
msga rg2 . va l . s = buf; 


> 


/ * Line  too  long?  * / 
if  (buf Csizeof (buf )-i:  !=  ' \ 0 ■ ) { 
bufCsizeof(buf)-1D  = ' \ 0 ' ; 
ui->message  (arg,  PG P E R R_C ON F I G , 

PGPMSG_C0NFIG_LINE_T00_L0NG,  2, 
Smsgargl,  8msgarg2); 

errors++; 

continue; 

> 

/*  Illegal  character?  */ 

for  (i  = 0;  bufLiD  !=  ' \ 0 ' ; i + + ) { 

if  ( ! i s pr i n t ( buf C i 3 ) 8S  bufCiD  !=  1 \ t ' ) 
break; 

> 

if  (buf Hi : ! = ' \0  ' ) ( 

msgarg3.type  = PGP_U I_ARG_I NT; 

msgarg3. val . i = i; 

ui->message  (arg,  PG P E R R_C ON F I G , 

PG  PM  S G_C  0 N F I G_B  AD_CHAR,  3, 
Smsgargl,  8msgarg2,  Smsgarg3); 

continue; 

> 

if  ( c on f i g L i n e Pa r s e (ui,  arg,  env,  linenum,  buf,  pri) 
< 0) 

errors++; 


fclose  (f); 

if  (errors  > 0)  { 

msgargl.type  = PG P_U I_A R G_I NT ; 
msgargl. val. i = errors; 

if  (errors  >=  M A X_E  R R 0 R S ) 

ui->message  (arg,  PG P E R R_C ON F I G , 

PGPMSG_C0NFIG_MAX_ERR0RS,  1,  Smsgargl); 
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> 


else 


ui->message  (arg,  PG P E R R_C ON F I G , 

P G P M S G_C  0 N F I G_N  U M_E  R R 0 R S , 


return 


} 


PG  P E R R_C  0 N F I G ; 


return  0 ; 


, Smsgargl  ); 
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pgpconf.h 

/ * 

* config.h  - Parse  configuration  files  and  lines. 

* 

* Written  by:  Derek  Atkins  < w a r l o r d 5)  M I T . E D U > 

* 

* $ I d : pgpconf.h, v 1.1  2 1 996/1  1 /1  2 02:1  8:41  mhw  Exp  $ 

* / 

# i f ndef  P G P_P  G P C 0 N F_H 
//define  P 6 P_P G P C 0 N F_H 

struct  PgpEnv; 

# i f n d e f T Y P E_P  G P E N V 
//define  T Y P E_P  G P E N V 1 
typedef  struct  PgpEnv  PgpEnv; 

//  e nd  i f 

struct  PgpUICb; 

//ifndef  TYPE_PGPUICB 

//define  TYPE_PGPUICB  1 

typedef  struct  PgpUICb  PgpUICb; 

# e n d i f 

/*  Process  a single  line  */ 

int  pg p C on f i g L i n e P r o c e s s (struct  PgpUICb  const  *ui,  void  *arg, 

struct  PgpEnv  * e n v , char  *option,  int  pri); 

/*  Process  a whole  file  */ 

int  pgpConf i g F i l ePr oces s (struct  PgpUICb  const  *ui,  void  *arg, 

struct  PgpEnv  *env,  char  const  *f i lename,  int 

//endif  /*  PGP  PGPCONF  H */ 


pri  ) ; 
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pgpenv.c 

/ * 

* pgpenv.c  --  Handle  PGP  Environments.  This  contains  much  of  the 

* "global"  PGP  environment  code.  This  contains  the  information  that 

* is  obtains  from  the  configuration  file  or  command-line  or  some 

* other  means.  It  defines  the  environment  in  which  it  operates.  It 

* is  possible  to  have  multiple  threads  operating  in  the  same 

* environment,  but  in  general  each  thread  would  have  its  own 

* environment.  For  example,  a PGP  Server  would  have  one  of  these 

* for  each  client. 

* 

* Written  by:  Derek  Atkins  < w a r l o rd a M I T . E D U> 

* 

* $Id:  pgpenv.c, v 1.43  1996/11/12  02:18:41  mhw  Exp  $ 

★ / 


//ifdef  H A V E_C  0 N F I G_H 

^include 
# e n d i f 

" conf i g . h " 

# i n c l ud  e 

< s t d i o . h > 

# i n c l ud e 

<string.h> 

/ * 

for 

memset()  */ 

ft i n c l ude 

"charmap. h" 

/ * 

for 

pgpCharmaps()  * / 

//include 

"pgp/cipher.h" 

/* 

for 

PGP_CIPHER_IDEA  */ 

//include 

"pgp/compress  . h" 

/* 

for 

PGP_COMPRESSALG_ZIP 

//include 

"pgp/hash.h" 

/* 

for 

PG  P_H  A S H_M  D 5 */ 

//include 

"pgp/pgpmem . h" 

//include 

"pgp/ pgperr . h" 

# i n c l ud  e 

"pgp/pgpenv . h" 

struct  Conf  ( 

union  i 

i n t num; 
char  *stri ng; 

} v a l ; 
i n t p r i ; 

>; 


struct  PgpEnv  ( 

struct  Conf 

struct  Conf 

void  * 

>; 

struct  PgpEnv  * 
pgpenvCreate  (void) 
i 

struct  PgpEnv  * e n v ; 

env  = (struct  PgpEnv  *)pgpMemAlloc  (sizeof  (*env)); 
if  ( ! e n v ) 

return  NULL; 


conf IntCPGPENV_MAX_INT- 

P G P E N V_B  A S E_I N T ] ; 
confStringCPGPEN  V_M  A X_S  TRING- 

P G P E N V_B  A S E_S  T R I N G ] ; 
pointersCPGPEN  V_M  AX_P0INTER  - 

PGPENV_BASE_PO INTER]; 


memset  (env,  0,  sizeof  ( * e n v ) ) ; 
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/*  Now  initialize  the  environment  pointers  as  appropriate  */ 


pgpenvSetlnt 

pgpenvSetlnt 

pgpenvSetlnt 

pgpenvSetlnt 

pgpenvSetlnt 

pgpenvSetlnt 

pgpenvSetlnt 

pgpenvSetlnt 

pgpenvSetlnt 

pgpenvSetlnt 

pgpenvSetlnt 

pgpenvSetlnt 


(env,  P G P E N V_C I P H E R , PG P_C I P H E R_I D E A , 

PGPENV_PR I_PUBDE  FAULT ) ; 

(env,  PG  P E N V_H  ASH,  P G P_H  A S H_M  D 5 , P G P E N V_P R I_P U B D E F A U L T ) ; 
(env,  PGPENV_COMPRESS,  1,  P G P E N V_P R I_P U B D E F A U L T ) ; 

(env,  PGPENV_COMPRESSALG,  P G P_C 0 M P R E S S A LG_Z I P , 

PG PEN V_PR I_PUBDE  FAULT ) ; 

(env,  PGPENV_COMPRESSQUAL,  5,  PG P E N V_P R I_P U B D E F A U L T ) ; 
(env,  P G P E N V_A  RMORLINES,  720,  P G P E N V_P R I_P U B D E F A U L T ) ; 
(env,  P G P E N V_C  ERTDEPTH,  4,  P G P E N V_P R I_P U B D E F A U L T ) ; 

(env,  P G P E N V_C  OMPLETES,  1,  P G P E N V_P R I_P U B D E F A U L T ) ; 

(env,  P G P E N V_M  ARGINALS,  2,  P G P E N V_P R I_P U B D E F A U L T ) ; 

(env,  P G P E N V_T  RUSTED,  120,  PG P E N V_P R I_P U B D E F A U L T ) ; 

(env,  PGPENV_CLEARSIG,  1,  PG P E N V_P R I_P U B D E F A U L T ) ; 

(env,  PGPENV_VERSION,  P G P V E R S I 0 N_2_6 , 

PG PE NV_PRI_PUBDE FAULT) ; 


pgpenvSetString  (env,  P G P E N V_P G P P A T H , PG  P E N V_P  RI_PUBDEFAULT); 

pg p e n v S e t S t r i n g (env,  PG P E NV_U P A T H , 

"/home/ch/keyserver",  PG P E N V_P R I_P UB D E F AU LT ) ; 


ft  i f d e f 
ft  e l s e 
# e n d i f 


MSDOS 

pgpenvSetString 
pgpenvSetStri ng 


(env,  P G P E N V_C  H A R S E T , 
(env,  PG  P E N V_C  H A R S E T , 


" c p8  5 0 " , PG PE N V_P R I_PUBD E FAULT) ; 
"noconv",  P G P E N V_P R I_P U B D E F A U L T ) ; 


return  env; 

> 

/* 

* Copy  an  environment.  WARNING:  Although  the  strings  will  be  copied, 

* the  "pointers"  will  not.  Take  care  when  destroying  an  environment; 

* you  can  only  destroy  the  pointers  from  the  first  one.  Since  the 

* environment  doesn't  do  this  on  its  own,  this  is  not  a problem  for 

* this  code. 

*/ 

struct  PgpEnv  * 

pgpenvCopy  (struct  PgpEnv  const  *env) 

{ 

struct  PgpEnv  *tmp; 
char  const  * s ; 
char  * s 2 ; 
i n t i ; 


if  ( ! e n v ) 

return  NULL; 

/*  Create  the  new  env  */ 

tmp  = (struct  PgpEnv  *)pgpMemAlloc  (sizeof  ( * t m p ) ) ; 

if  ( ! tmp ) 

return  NULL; 

/*  Clone  the  old  env  */ 

memcpy  (tmp,  env,  sizeof  ( * e n v ) ) ; 

/*  Alloc  and  copy  the  strings  */ 

for  ( i = 0 ; i < P G P E N V_M A X_S T R I N G- P G P E N V_B A S E_S T R I N G ; i++)  { 

s = tmp->confStringCi].val. string; 
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if  ( s ) { 


s2  = (char  * ) pgpMemA L L oc  (strlen  (s)  + 1); 
if  ( s2  ) 

memcpy  (s2,  s , strlen  (s)  + 1 ) ; 
tmp->confString[iD.val. string  = s 2 ; 


return  tmp; 

} 

void 

pgpenvDestroy  (struct  PgpEnv  *env) 

i n t i ; 
char  * s ; 

if  ( ! e n v ) 

return; 

/*  De-a  l locate  all  the  string  variables  */ 

for  ( i = 0 ; i < P G P E N V_M A X_S T R I N G - P G P E N V_B A S E_S T R I N G ; i++)  { 
s = env->confStringCi].val. string; 
if  (s)  { 

memset  ( s , 0,  strlen  ( s ) ) ; 
pgpMemFree  (s); 

> 

> 

memset  (env,  0,  sizeof  (*env)  ) ; 
pgpMemFree  (env); 


/ * 

* Set  an  Integer  Value  for  the  environment  variable  var  in  the 

* environment  env  to  num  with  priority  pri. 

*/ 

i n t 

pgpenvSetlnt  (struct  PgpEnv  *env,  enum  PgpEnvInts  var,  int  num,  int 
{ 

int  i d x ; 
if  ( ! e n v ) 

return  PG P E R R_B A D PA R AM ; 

if  (var  < PG  P E N V_B  A S E_I N T ||  var  >=  PG P E N V_M A X_I N T ) 
return  P G P E R R_E N V_B A D V A R ; 


i d x 


(int)var  - PG P E N V_B A S E_I N T ; 


if  (pri  < e n v-> c o n f I n t C i d x ] . p r i ) 
return  PG P E R R_E N V_L0W P R I ; 

env->confIntCidx].val.num  = num; 
env->confIntCidx].pri  = pri; 
return  0; 


static  int 


pri) 
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DoSetString  (struct  PgpEnv  *env,  unsigned  var,  char  const  ★string,  int  pri) 
{ 

char  * s ; 


> 


var  -=  PGPENV_BASE_STRING; 
if  (string)  { 

s = (char  * ) pgpMemRea l l oc 

if  (s  ==  NULL) 


(env->confStringLvarH . va 
strlen  (string)  + 1); 


return  PG P E R R_N 0 M E M ; 


.string. 


> else 


> 


strcpy  (s,  string); 

{ 

if  (env->confString[var].val .string) 

pgpMemFree  (env->confString[var].val. string); 
s = NULL; 


env->confString[var].val.  string  = s ; 
env->confString[varl.pri  = pri; 
return  0 ; 


static  int 

SetPointer  (struct  PgpEnv  *env,  unsigned  var,  void  *ptr) 
{ 

var  -=  P G P E N V_B  A S E_P  0 INTER; 
env->pointers[var]  = ptr; 
return  0 ; 

> 


/* 

* Set  a String  Value  for  the  environment  variable  var  in  the 

* environment  env  to  string  with  priority  pri.  Space  is  allocated 

* for  the  string. 

* 

* If  the  string  is  null,  free  the  old  string  (if  one  existed)  and 

* then  set  the  placeholder  to  NULL. 

* / 
i n t 

pg pe n v S e t S t r i ng  (struct  PgpEnv  *env,  enum  Pg p E n v S t r i ng s var, 

char  const  *string,  int  pri) 


int  err  = 0; 


if  ( ! e n v ) 

return  PG P E R R_B A D P A R AM ; 

if  (var  < P G P E N V_B  ASE_STRING  ||  var  >=  P G P E N V_M A X_S T R I N G ) 
return  P G P E R R_E N V_B A D V A R ; 


if  (pri  < e n v-> c o n f S t r i n g L v a r- PG P E N V_B A S E_S T R I N G ] . p r i ) 

return  P G P E R R_E N V_L 0 W P R I ; /*  not  assigned  */ 


switch  (var)  { 
case  P G P E N V_C  H A R S E T : 

{ 

byte  const  *toLocal,  *toLatin1; 
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default 

> 


> 

break; 


err  = pgpCharmaps  (string,  strlen  (string),  StoLocal, 

StoLatinl); 


i f 


> 


( ! e r r ) ( 

DoSetString  (env,  PG P E N V_C H A R S E T , string,  pri); 
SetPointer  (env,  P G P E N V_C  HARMAPTOLOCAL, 

(void  OtoLocal); 

SetPointer  (env,  PG P E N V_C H A RM A PTO L A T I N 1 , 

(void  *)toLatin1); 


err  = DoSetString  (env,  var,  string,  pri); 


return  err; 

> 

/ * 

* Set  a Pointer  Value  for  the  environment  variable  var  in  the 

* environment  env  to  the  Pointer  passed  in 
*/ 

i n t 

pgpenvSetPoi nter  (struct  PgpEnv  *env,  enum  PgpEnvPoi nters  var,  void  *ptr) 
if  ( ! e n v ) 

return  PG P E R R_B A D P A R A M ; 

if  (var  < PGPENV_BASE_POINTER  ||  var  >=  P G P E N V_M A X_P 0 I N T E R ) 
return  PG P E R R_E N V_B A D V A R ; 

if  (Var  ==  P G P E N V_C  HARMAPTOLOCAL  ||  var  ==  PG P E N V_C H A R M A P T 0 L A T I N 1 ) 
return  P G P E R R_E N V_B A D V A R ; 


} 


return  SetPointer  (env,  var,  ptr); 


i n t 

pgpenvGetlnt  (struct  PgpEnv  const  *env,  enum  PgpEnvInts  var,  int  *pri. 


i n t 

★error) 

n t 

err  = 

0; 

n t 

va  l = 

0; 

nt 

i d x ; 

f 

( ! e n v ) 

{ 

err  = PG P E R R_B A D P A R AM ; 
goto  getin t_e nd ; 

> 

if  (var  < P G P E N V_B  A S E_I N T ||  var  >=  PGPENV_MAX_INT ) i 
err  = PG P E R R_E N V_B A D V A R ; 
goto  getin  t_e nd ; 

> 

idx  = (int)var  - PG  P E N V_B  A S E_I NT; 
if  (pri) 

*pri  = env->conf!ntCidx].pri; 
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val  = e n v-> c o n f I n t [ i d x ] . v a l . num ; 


g e t i n t_e n d : 

if  (error) 

★error  = err; 


> 


return  val; 


char  const  ★ 

pg p e n v G e t S t r i n g (struct  PgpEnv  const 

int  *error) 


int  err  = 0 ; 

char  const  * s = NULL; 

int  i d x ; 


*env. 


enum  Pg p E n v S t r i ng s var, 


int  * p r i , 


if  ( ! e n v ) { 

err  = P G P E R R_B A D P A R AM ; 
goto  getst  r_e  nd ; 

> 


if  (var  < PG  P E N V_B  ASE_STRING  ||  var  >=  PG P E N V_M A X_S T R I N G ) { 
err  = PG P E R R_E N V_B A D V A R ; 
goto  getst  r_e  nd ; 

> 


idx  = (int)var  - PG P E N V_B A S E_S T R I N G ; 
if  ( p r i ) 

*pri  = env->confStringCidxD.pri; 

s = env->confStringCidx3. val.  string; 

getst  r_e nd : 

if  (error) 

★error  = err; 


> 


return  s ; 


void  * 

pgpenvGetPoi nter 
{ 


(struct  PgpEnv  const 
int  *error) 


int  err  = 0; 
void  *ptr  = NULL; 
int  idx; 


★ env, 


enum  Pg p E n v Po i n t e r s var. 


if  ( ! e n v ) { 

err  = P G P E R R_B  ADPARAM; 
goto  getptr_end; 

> 


if  (var  < PGPENV_BASE_POINTER  ||  var  >=  PG P E N V_M A X_P 0 I N T E R ) { 
err  = PG P E R R_E N V_B A D V A R ; 
goto  getptr_end; 

> 
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idx  = (int)var  - PG P E N V_B A S E_PO I N T E R ; 

ptr  = env->pointers[idx]; 

getpt  r_end : 

if  (error) 

★error  = err; 

return  ptr; 


} 
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pgpenv.h 

/* 

* pgpenv.h  --  The  PGPlib  Environment. 

* 

* Keep  track  of  what  used  to  be  "global"  state;  these  values  are  valid 

* only  within  a working  environment.  Multiple  environments  can  co-exist 

* within  a single  application,  however  each  one  would  have  its  own  unique 

* environment  structure  and  should  pass  it  on  to  its  children. 

* 

* The  main  purpose  of  this  structure  is  to  gether  together  a lot  of 

* little  fiddly  things  that  a user  might  want  to  adjust  into  a single 

* variable  so  code  that  doesn't  want  to  fiddle  with  them  doesn't  have  to 

* think  about  the  issue.  It  makes  passing  a different  value  of  an 

* environment  variable  to  a function  more  awkward  (you  have  to 

* copy  a parent  environment  and  set  the  value(s)  of  interest),  but 

* it's  quite  possible  if  you  want  more  detailed  control. 

* 

* The  big  win  is  that  to  add  an  extra  control  parameter  to  a function 

* that  already  gets  some  parameters  from  an  environment,  you  can  just 

* add  it  to  the  environment  and  change  the  function  to  get  its  parmaeter 

* from  the  environment  and  all  of  the  code  in  between  can  just  be 

* relinked. 

* 

* Written  by:  Derek  Atkins  <wa r l o rd3M  I T . E DU> 

* 

* This  is  a Public  API  Function  Header. 

* 

* $Id:  pgpenv.h, v 1.30  1996/11/12  02:18:42  mhw  Exp  $ 

* / 

# i f nde  f PGPENV_H 
^define  PGPENV_H 

struct  PgpEnv; 

# i f n d e f T Y P E_PG  P E N V 

# d e f i n e T Y P E_P  G P E N V 1 
typedef  struct  PgpEnv  PgpEnv; 

# e nd i f 


tfdefine  PG P E N V_B A S E_I N T 1000 
enum  PgpEnvInts  { 

P G P E N V_A  RMOR=PGPEN  V_B  ASE_INT,  PG P E N V_A R M 0 R L I N E S , 

P G P E N V_C  ERTDEPTH,  PG P E N V_C I P H E R , P G P E N V_C L E A R S I G , 

PGPENV_COMPLETES,  PG P E N V_C 0 M P R E S S , PG P E N V_C OM P R E S S A LG , 

P G P E N V_C  0 MPRESSQUAL,  P G P E N V_E N C R Y P TT 0 S E L F , P G P E N V_H  ASH, 

P G P E N V_M  ARGINALS,  PG P E N V_S H 0 W P A S S , PG P E N V_T E X T M 0 D E , 

P G P E N V_T  RUSTED,  PG P E N V_T Z F I X , PG P E N V_V E R BO S E , 

PGPENV_VERSI0N,  P G P E N V_B A T C H M 0 D E , P G P E N V_F 0 R C E , 

P G P E N V_M  AGIO,  P G P E N V_N 0 0 U T , 

PGPENV_MAX_INT 

>; 

tfdefine  PG P E N V_B A S E_S T R I NG  2000 

enum  Pg p E n v S t r i n g s { 

PGPENV_BAKRING=PGPENV_BASE_STRING,  P G P E N V_C H A R S E T , 

P G P E N V_C  0 M M E N T , PG P E N V_C 0 M P A N Y K E Y , P G P E N V_L A N G U A G E , P G P E N V_M Y N A M E , 
PGPENV_PGPPATH,  PG P E N V_P U B R I N G , PG P E N V_R A N D S E E D , 

PGPENV_SECRING,  P G P E N V_S Y S D I R , PGPENV_TMP,  P G P E N V_U P A T H , 

PGPENV  MAX  STRING 
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>; 

#define  PG  P E N V_B  A S E_PO  I N T E R 3000 

enum  PgpEnvPoi nters  { 

P G P E N V_C  HARMAPT0LATIN1=PGPEN V_B  A S E_P  0 I N T E R , 

P G P E N V_C  HARMAPTOLOCAL, 

PGPENV_MAX_POINTER 

> ; 

/*  Configuration  priorities  */ 

# d e f i n e PG P E N V_P R I_F 0 R C E 25 

^define  PG P E N V_P R I_C M D L I N E 20 

#define  PG P E N V_P R I_C ON F I G 15 

# d e f i n e PG P E N V_P R I_P R I V D E F A U LT  10 

^define  PG P E N V_P R I_S Y S C ON F 5 

# d e f i n e PGPENV_PR I_PUBDE FAULT  0 

/*  Exported  Functions  */ 

/*  create  and  initialize,  copy,  and  destroy  an  environment  */ 
struct  PgpEnv  *pgpenvCreate  (void); 

struct  PgpEnv  *pgpenvCopy  (struct  PgpEnv  const  *env); 
void  pgpenvDestroy  (struct  PgpEnv  *env); 

/* 

* Set  Integer  and  String  configuration  parameters.  Strings  are 

* copied  by  the  environment;  the  caller  need  not  preserve  them. 

* (They  must,  of  course,  be  n u l l - 1 e r m i n a t ed  . ) 

* / 

int  pgpenvSetlnt  (struct  PgpEnv  * e n v , enum  PgpEnvInts  var,  int  num,  int  pri); 
int  pg p e n v S e t S t r i n g (struct  PgpEnv  *env,  enum  P g p E n v S t r i n g s var, 

char  const  *string,  int  pri); 

/* 

* Retrieve  Integer  and  String  configuration  parameters. 

*/ 

int  pgpenvGetlnt  (struct  PgpEnv  const  *env,  enum  PgpEnvInts  var,  int  *pri, 

int  *error); 

char  const  * pg pe n vG e t S t r i n g (struct  PgpEnv  const  *env,  enum  Pg p E n v S t r i n g s var, 

int  *pri,  int  *error); 

/ * 

* Set  and  get  Pointer  parameters  --  these  are  not  configuration  values, 

* in  general,  so  they  are  treated  somewhat  differently.  Note: 

* the  environment  code  does  *not*  copy  the  objects  associated  with  the 

* pointers,  since  it  doesn't  know  how  large  they  are  or  what  other 

* dependent  objects  they  may  contain.  It  is  up  to  the  caller  to 

* ensure  that  the  pointers  remain  valid  as  long  as  a copy  of  them 

* might  exist,  and  to  free  them  when  a pointer  no  longer  exists. 

* / 

int  pgpenvSetPointer  (struct  PgpEnv  *env,  enum  PgpEnvPointers  var,  void  *ptr); 
void  *pgpenvGetPointer  (struct  PgpEnv  const  *env,  enum  PgpEnvPointers  var, 

int  *error); 


#e  nd i f /*  PGPENV  H */ 
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sigpipe.c 

/ * 

* sigpipe.c  --  Create  a Signature  Verification  Pipeline 

* 

* Written  by:  Derek  Atkins  < w a r l o r da)  M I T . E D U > 

★ 

* $Id:  sigpipe.c, v 1 . 1 5 1996/11/12  02:18:42  mhw  Exp  $ 

*/ 


tfifdef  H A V E_C  0 N F I G_H 
//include  "config.h" 
//end  i f 


//include  <stdio.h> 


ft  i n c l ud  e 
^include 
ft  i nc  l ude 
//include 


" s i g p i p e . h " 
"pgp/fifo.h" 
"pgp/parseasc . h" 
"pgp/veri f yra . h" 


struct  PgpPipeline  * 
pgpSignatureVeri fyCreate 


(struct  PgpPipeline  **texthead, 
struct  PgpPipeline  **sighead, 
struct  PgpEnv  const  *env, 
struct  PgpFifoDesc  const  *fd, 
byte  const  *hashlist,  unsigned 
int  textmode, 

struct  PgpUICb  const  *ui,  void 


{ 


i f 


( ! texthead 
return 


| ! s i g h e a d ) 

NULL; 


hashlen, 

*ui_arg) 


> 


if  ( ! f d ) 

fd  = SpgpByteFifoDesc; 

sighead  = pgpParseAscCreate  (sighead,  env,  fd,  ui,  u i _a  r g ) ; 
if  (Isighead) 

return  NULL; 

return  pg p Ve r i f y R e a d e r C r e a t e (texthead,  sighead,  env,  fd, 

hashlist,  hashlen,  textmode,  ui,  ui_arg); 
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sigpipe.h 

/* 

* sigpipe.h  --  Create  a Signature  Verification  Pipeline 

* 

* Written  by:  Derek  Atkins  <warlordaMIT.EDU> 

* 

* This  is  a Public  API  Function  Header. 

* 

* Sid:  sigpipe.h, v 1.12  1996/11/12  02:18:42  mhw  Exp  $ 

*/ 

# i f nde  f PG P_S I G P I P E_H 
//define  PGP  SIGPIPE  H 


//include  " pg p / u s u a l s . h " 


struct  PgpFifoDesc; 

# i f n d e f T Y P E_P G P F I F 0 D E S C 
//define  T Y P E_PG P F I F 0 D E S C 1 
typedef  struct  PgpFifoDesc  PgpFifoDesc; 
//end  i f 

struct  PgpPipeline; 

# i f nd  e f T Y P E_PG P P I P E L I N E 
//define  T Y P E_PG P P I P E L I N E 1 
typedef  struct  PgpPipeline  PgpPipeline ; 
#end  i f 

struct  PgpEnv; 

#ifndef  T Y P E_P  G P E N V 

#def i ne  T Y P E_P  G P E N V 1 

typedef  struct  PgpEnv  PgpEnv; 

/tend  i f 


struct  PgpUICb; 

# i f n d e f TYPE_PGPUICB 

# d e f i n e TYPE_PGPUICB  1 
typedef  struct  PgpUICb  PgpUICb; 

# e n d i f 


struct 


PgpPipeline  *pgpSignatureVerifyCreate 


(struct  PgpPipeline  **texthead, 
struct  PgpPipeline  **sighead, 
struct  PgpEnv  const  *env, 
struct  PgpFifoDesc  const  *fd, 
byte  const  *hashlist, 
unsigned  hashlen,  int  textmode, 
struct  PgpUICb  const  *ui, 
void  * u i _a  r g ) ; 


#end i f /*  PG P_S I G P I P E_H  */ 
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sigspec.c 

/ * 

* sigspec.c  --  Signature  Specification 

* 

* Code  to  specify  a PGP  signature  and  signature  attributes 


* Written  by:  Derek  Atkins  <warlordaMIT.EDU> 

* 


* $ I d : 

sigspec.c, v 1.23 

*/ 

ZHfdef  HAVE_CONFIG_H 

//include 

" c o n f i g . h " 

ft  e nd  i f 

^include 

<assert . h> 

ft i n c L ud  e 

< s t d i o . h > 

//include 

<string.h> 

ft  i nc  l ude 

"pgp/hash.h" 

//include 

"pgp/pgpmem.h" 

//include 

"pgp/pgpenv . h" 

//include 

"pgp/pgperr.h" 

//include 

"pgp/pubkey.h" 

ft  i n c l ud  e 

"pgp/timedate.h 

//include 

"pgp/usuals.h" 

ft  i nc  l ude 

"sigspec.h" 

struct  PgpSigSpec  C 

struct  PgpSigSpec  *next; 
struct  PgpSecKey  *seckey; 

PgpVersion  version; 
byte  hashtype; 

byte  extraC5H;  / * I know  this  is  5 bytes  now!  * / 

>; 


struct  PgpSigSpec  * 

pg p S i g S p e c C r e a t e (struct  PgpEnv 

byte  sigtype) 


{ 


struct  PgpSigSpec  * s s ; 


const  *env,  struct  PgpSecKey  *sec. 


i f 

( ! e n v || 

! s e c ) 

return  NULL; 

s s 

= (struct 

PgpSigSpec  * ) pg pM em A l l o c 

(sizeof 

( * s s ) ) ; 

i f 

(ss)  t 

i n t 

tzFix  = pgpenvGetlnt  (env. 

PGPENV 

_T  Z F I X , NULL,  NULL); 

i n t 

hash  = pgpenvGetlnt  (env. 

PGPENV_ 

HASH,  NULL,  NULL); 

PgpVersion  version  = pgpenvGetlnt  (env,  PG P E N V_V E R S I 0 N , NULL, 

N U L L ) ; 

/*  Force  SHA-1  hash  with  DSA  */ 
if  (sec->pkAlg  ==  PGP_PKALG_DSA ) 
hash  = PG  P_H  A S H_S  HA; 
memset  (ss,  0,  sizeof  (*ss)  ); 
ss->seckey  = sec; 

if  ( pg p S i g S pe c S e t H a s h t y p e (ss,  hash)  || 

pg p S i g S pe c S e t S i g t y p e (ss,  sigtype)  || 

pg p S i g S pe c S e t T i me s t a mp  (ss,  pgpTimeStamp  (tzFix))  || 


1490 


lib/ pgp/ utils/ sigspec.c 


> 


pg p S i g S p e c S e t V e r s i o n (ss,  version))  { 
pgpMemFree  (ss); 
ss  = NULL; 

> 

> 

return  ss; 


struct  PgpSigSpec  * 

pgpSi gSpecCopy  (struct  PgpSigSpec  const  *spec) 
{ 

struct  PgpSigSpec  * s s ; 


if  ('.spec) 

return  NULL; 

ss  = (struct  PgpSigSpec  *)pgpMemAlloc  (sizeof  ( * s s ) ) ; 
if  ( s s ) f 

memcpy  (ss,  spec,  sizeof  ( * s s ) ) ; 
ss->next  = NULL; 

> 

return  ss; 

> 

void 

pg p S i g S pe c D e s t r oy  (struct  PgpSigSpec  *spec) 

{ 

struct  PgpSigSpec  * s s ; 

for  (ss  = spec;  ss;  ss  = spec)  { 
spec  = ss->next; 
memset  (ss,  0,  sizeof  (*ss)  ); 
pgpMemFree  (ss); 

) 

> 


/ * Lists...  Add  a spec  to  a List;  get  the  next  spec  from  the  list  * / 
i n t 

pg p S i g S p e c Add  (struct  PgpSigSpec  **list,  struct  PgpSigSpec  *spec) 

{ 

if  ( ! L i s t ) 

return  PG P E R R_B A D P A R A M ; 

spec->next  = * l i s t ; 

★List  = spec; 
return  0; 

> 


struct  PgpSigSpec  * 

pgpS i gSpecNex t (struct  PgpSigSpec  const  *list) 
{ 

if  ( ! L i s t ) 

return  NULL; 

return  list->next; 

> 


/ * 

* Access  functions  and  Modifier  functions  follow  below 
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* / 

/*  The  SecKey  cannot  be  changed  */ 
struct  PgpSecKey  * 

pg p S i g S pe c S e c ke y (struct  PgpSigSpec  const  *spec) 

{ 

return  spec->seckey; 

} 

/*  Set  and  get  the  hash  */ 
i n t 

pg pS i g S p e c S e t H a s h t y pe  (struct  PgpSigSpec  *spec,  byte  hashtype) 

{ 

assert  (spec); 

if  ( ! pg p H a s h By N umbe r ( h a s h t y pe  ) ) 

return  PG P E R R_B A D_H A S H N UM ; 

spec->hashtype  = hashtype; 
return  0; 

> 

struct  PgpHash  const  * 

pg p S i g S p e c H a s h (struct  PgpSigSpec  const  *spec) 

{ 

return  pgpHashByNumber(spec->hashtype); 

> 

byte 

pgpSi gSpecHashtype  (struct  PgpSigSpec  const  *spec) 

{ 

return  spec->hashtype; 

} 

/ * Set  and  get  the  version  * / 
i n t 

pgpSigSpecSetVersion  (struct  PgpSigSpec  *spec,  PgpVersion  version) 

( 

assert  (spec); 

spec->versi on  = version; 
return  0; 

> 

PgpVersion 

pg p S i g S p e c V e r s i o n (struct  PgpSigSpec  const  *spec) 

{ 

return  spec->version; 

> 

/*  Set  the  sigtype  and  timestamp;  get  the  "extra"  bytes  which  result  */ 
i n t 

pgpS i g S pe c S e t S i g t y pe  (struct  PgpSigSpec  *spec,  byte  sigtype) 

{ 

assert  (spec); 

spec->extra[0]  = sigtype; 
return  0; 

> 
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i n t 

pg p S i g S p e c S e t T i me s t a mp  (struct  PgpSigSpec  *spec,  word32  timestamp) 
{ 

assert  (spec); 


> 


spec->extraC1  ] 
spec->extraE2] 
spec->extraC3II 
spec->extraC4] 
return  0; 


(byte)  (timestamp>>24); 
(byte) (timestamp>>16); 
(byte)  (timestamp>>8); 
(byte)timestamp; 


/* 

* The  timestamp  is  external  for  now  because  it  is  a part  of  the 

* SigParams  structure  from  the  environment.  Everything  else  is 

* a part  of  the  PgpSigSpec  structure 
*/ 

byte  const  * 

pg p S i g S p e c E x t r a (struct  PgpSigSpec  const  *spec,  unsigned  *extralen) 
C 

if  (extralen) 

*extralen  = 5; 


> 


return  spec->extra; 
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sigspec.h 

/ * 

* sigspec.h  --  Signature  Specification;  specify  the  attributes  of  a 

* signature  or  list  of  signatures 

* 

* Written  By:  Derek  Atkins  <warlord3MIT.EDU> 

* 

* $ I d : sigspec.h, v 1.20  1 996/1  1 /1  2 02:1  8:43  mhw  Exp  $ 

* / 

# i f nd  e f PG P_S I G S P E C_H 
#def i ne  PGP  SIGSPEC  H 


/ * 

* Signature  type  values 

* / 

#def i ne  PG P_S I G T Y P E_B I N A R Y 0 

#def i ne  PG P_S I GT Y P E_T E XT  1 

#de  f i ne  PG P_S I GT Y P E_KE Y_G E N E R I C 0x10 

# d e f i n e P G P_S I G T Y P E_K E Y_P E R S 0 N A 0x11 

^define  P G P_S I G T Y P E_K  E Y_C  A S U A L 0x12 

tfdefine  PG P_S I G T Y P E_KE Y_P0 S I T I V E 0x13 

#de  f i ne  PG P_S I G T Y P E_KE Y_S U BKE Y 0x18 

# d e f i n e PG P_S I GT Y P E_KE Y_C 0M P ROM  I S E 0x20 

#de  f i ne  PG P_S I GT Y P E_KE Y_U I D_R E V0KE  0x30 

tfdefine  PG P_S I GT Y P E_N 0T A R Y 0x40 

/ * 


* A signature  with  this  bit  set  is  considered  "extended"  and  allows  us  to 

* parse  "extra"  information  > 5 bytes  without  fear  of  being  bitten  by  the 

* PGP  2.X  aliasing  problem. 

* / 

# d e f i n e PG P_S I G T Y P E F_E X T E N D E D 0x80 

^include  " pg p / u s ua  l s . h " 

struct  PgpEnv; 

# i f nd  e f T Y P E_PG  P E N V 
#define  T Y P E_PG  P E N V 1 
typedef  struct  PgpEnv  PgpEnv; 

# e n d i f 

struct  PgpSigSpec; 

# i f nd  e f T Y P E_PG P S I G S P E C 

# d e f i n e T Y P E_PG P S I G S P E C 1 

typedef  struct  PgpSigSpec  PgpSigSpec; 

#end i f 

struct  PgpSecKey; 

# i f n d e f T Y P E_PG P S E C KE Y 
#de  f i ne  T Y P E_PG P S E C KE Y 1 

typedef  struct  PgpSecKey  PgpSecKey; 
ti e nd  i f 

/* 

* Create  and  Destroy  a signature  specification.  Required  parameters 

* are  passed  into  this  function.  Some  parameters  are  assumed  from 

* the  PgpEnv. 

* / 

struct  PgpSigSpec  * pg p S i g S p e c C r e a t e (struct  PgpEnv  const  *env. 
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struct  PgpSecKey  *seckey,  byte  sigtype); 
struct  PgpSigSpec  *pgpSigSpecCopy  (struct  PgpSigSpec  const  *spec); 
void  pgpSigSpecDestroy  (struct  PgpSigSpec  * s p e c ) ; 

/ * Deal  with  lists  of  signature  specifications  * / 

int  pgpSigSpecAdd  (struct  PgpSigSpec  * * l i s t , struct  PgpSigSpec  *spec); 
struct  PgpSigSpec  * pg p S i g S p e c N e x t (struct  PgpSigSpec  const  *list); 


/*  Access  functions  for  sigspec  parameters  */ 

PgpVersion  pgpSigSpecVersion  (struct  PgpSigSpec  const  * s p e c ) ; 
struct  PgpSecKey  *pgpSigSpecSeckey  (struct  PgpSigSpec  const  * s p e c ) ; 
struct  PgpHash  const  *pgpSigSpecHash  (struct  PgpSigSpec  const  * s p e c ) ; 
byte  pgpSigSpecHashtype  (struct  PgpSigSpec  const  * s p e c ) ; 
byte  const  * pg p S i g S pe c E x t r a (struct  PgpSigSpec  const  *spec, 
unsigned  *extralen)  ; 


/*  Modification  functions  for  sigspec  parameters  */ 
int  pg p S i g S p e c S e t H a s h t y p e (struct  PgpSigSpec  *spec, 
int  pg p S i g S pe c S e t S i g t y pe  (struct  PgpSigSpec  *spec, 
int  pg p S i g S pe c S e t T i m e s t a mp  (struct  PgpSigSpec  *spec 
int  pg p S i g S p e c S e t V e r s i o n (struct  PgpSigSpec  *spec, 

# e nd i f /*  PGP  SIGSPEC  H */ 


byte  hashtype); 
byte  sigtype); 

, word32  timestamp) 
PgpVersion  version) 


ttyui/ 


. 


lib/ttyui/.cvsignore 


.cvsignore 

Ma  kef i L e 


1497 


lib/ ttyui/ Makefile,  in 


Makefile,  in 

# 

U lib/ttyui 
# 

# $ I d : Makef i L e . i n, v 1.1  8 1 996/1  1 /1  2 01:42:55  mhw  Exp  $ 

U 

OBJS=  userio.o  kbunix.o  scrunix.o  ringui.o  moremod.o 

PUBHDRS=  userio.h  ringui.h 

PRIVHDRS= 

INSTALLLIBS=  $(TTYUI) 

LIBTARGET  = $(TTYUI  ) 

LIBTDEPS=D0NE 

all::  $ (TTYUI  ) 

very-clean:  : 

$ ( R M ) ../$(TTYUI)  $(TTYUI  ) 
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makefile,  msc 

PGPLIB=  . . \ pg p 1 1 y . L i b 
TTYUI=  DONE 

C F L AG S=- I . . \ . . -I . . \ . . \ i nc t ude  -I . . \ \ i nc l ude \ pgp  -DHAVE_C0N F IG_H=1 


a L L : : 

L i b 

headers: 

i n c L 

! incLude  " ma k e f i L e . i n " 

i n c L : 

if  not 

"$ ( PUBHDRS ) "==" " \ 

for  %f  in  ( $(PUBHDRS)  ) do  copy  %f  . 

. \ . .\incLude\pgp 

if  not 

"$(PRIVHDRS)"==""  \ 

for  %f  in  ( $(PRIVHDRS)  ) do  copy  %f 

. . \ i nc  L ude 

DOSOBJ  SX  = 

$(0BJS:  . o = . o b j ) 

DOSOBJ  S = 

$(DOSOBJSX:unix=msdos) 

Lib:  $ ( DOSOB J S ) 


. c . o b j : 

$(CC)  $(CFLAGS)  -17  -c  $< 

# Lib  /out : $ ( PGPLI  B ) $(PGPLIB)  $*.obj 

c L e a n : 

d e L * . o b j 

DONE  : 

if  exist  $(PGPLIB)  L i b / o u t : $ ( P G P L I B ) $(PGPLIB)  $(D0S0BJS) 
if  not  exist  $(PGPLIB)  L i b / o u t : $ ( PG P L I B ) $(D0S0BJS) 


$ ( DEBUG ) 


1499 


lib/ttyui/kb.h 


kb.h 

/ * 

* kb.h  - interface  for  keyboard  I/O 

* The  implementation  is  in  kbunix.c,  kbmsdos.c,  kbvms.c,  etc. 

* 

* $ I d : kb . h , v 1.2  1 996/1  1 /1  2 01:42:55  mhw  Exp  $ 

*/ 

void  kb C b r e a k ( v o i d ) , kbNo rm ( vo i d ) ; 

int  kbGet(void); 

void  kbFlushCint  thorough); 
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kbmac.c 

/ * 

* kbmac.c  - Mac  stdio  keyboard  input  routines. 

* 

* $ I d : kbmac.c, v 1.2  1 996/1  1 /1  2 01:42:55  mhw  Exp  $ 

*/ 

# it  H A V E_C  0 N F I G_H 
//include  "config.h" 

# e nd i f 

U i f H A V E_U  NIST  D_H 
//include  <unistd.h> 

#e  nd  i f 

//include  <stdio.h> 

//include  " kb.h" 

//include  " pg p / r a nd poo  l . h " 

//  i f nde  f S T D I N_F I L E N 0 
//define  S T D I N_F  I L E N 0 0 

//define  S T D 0 U T_F  I L E N 0 1 

# e nd  i f 

static  int  kbFd  = S T D I N_F I L E N 0 ; 
void 

kbCbreak(void) 

> 

void 

kbNorm ( vo i d ) 

{ 

> 

int 

kbGet(void) 

< 

int  result; 
char  c ; 

result  = getcharC); 
if  (result  ==  EOF) 
return  -1; 
c = result; 

pgpRandPoolKeystroke(c); 
return  (unsigned  char)c; 

> 

/ * 

* Flush  any  pending  input.  If  "thorough"  is  set,  tries  to  be  more 

* thorough  about  it.  Ideally,  wait  for  1 second  of  quiet,  but  we 

* may  do  something  more  primitive. 

* 

* kbCbreak()  has  the  side  effect  of  flushing  the  inout  queue,  so  this 

* is  not  too  critical. 

*/ 
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void 

kbFlushCint  thorough) 

{ 

/*  XXX:  Not  implemented  on  Mac  */ 

> 
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kbmsdos.c 

/* 


* MS-DOS  non-echoing 

•i. 

keyboard 

routines. 

* $ I d : 

kbmsdos.c, v 1 

. 6 1 996/1  1 /I  2 01  : 

42:55 

m h w Exp  $ 

*/ 

# i n c l ud  e 

< c on i o . h > 

/ * For 

getchl) 

and 

kbhitl)  */ 

//include 
# i f d e f _ 

<signal  .h> 

M S C_V  E R 

/ * For 

rai sel) 

★ / 

//include 

< t i m e . h > 

/ * For 

clockl) 

* / 

# e l s e 

//include 

<do s . h > 

/ * For 

sleepl) 

★ / 

//  e nd  i f 

//include  "kb.h" 

//include  " pg  p / r a nd  po  o l . h " /*  For  pg  p R a nd  Poo  l Key  s t r o k e ( ) */ 

/*  These  are  pretty  boring  */ 
void  kb C b r ea k ( vo i d ) i > 
void  kbNorm(void)  { > 

int  kbGet(void) 

{ 

int  c ; 

c = getchl); 
it  ( c ==  0) 

c = 0x100  + getchl); 

/ * 

* Borland  C's  getchl)  uses  int  0x21  function  0x7, 

* which  does  not  detect  break.  So  we  do  it  explicitly. 

*/ 

if  l c ==  3 ) 

raiselSIGINT); 

pgpRandPoolKeystrokelc); 

return  c ; 

> 

//ifdef  _MSC_VER 
/ * 

* Microsoft  Visual  C 1.5  lat  least)  does  not  have  sleepl)  in  the 

* library.  So  we  use  this  crude  approximation.  ("crude"  because, 

* assuming  C L0 C KS_P E R_S E C is  18.2,  it  rounds  to  18  to  avoid  floating 

* point  math.) 

* / 

# i f nde  f C L0 C KS_P E R_S E C 
//define  C L0  C KS_P  E R_S  E C CLK_TCK 
Me  nd  i f 

static  unsigned 
sleeplunsigned  t) 

0 

c l o c k_t  target; 

target  = clockl)  + t * ( u n s i g n e d ) C L0 C KS_P E R_S E C ; 
while  (clockl)  < target) 
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return  0; 

> 

# e nd i f 


void 

{ 


> 


kbFLush(int  thorough) 
do  { 

whi Le(kbhit()) 

(void)getchC); 
if  (!thorough) 
break; 

/*  Extra  thorough:  wait  for  one  second  of  quiet 
sleep(1  ); 

> while  (kbhit()); 


*/ 
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kbunix.c 


/ ★ 

* kbunix.c  - Unix 

* 

* $Id:  kbunix.c, v 
*/ 

tt  if  H A V E_C  0 N F I G_H 
^include  "config.h" 
tt  e n d i f 

/ * 

* Define  NOTERMIO 
*/ 


keyboard  input  routines. 

1.8  1996/11/12  01:42:56  mhw  Exp  $ 


if  you  don't  have  the  termios  stuff 


flifdef  HAVE  FCNTL  H 


^include 
Send i f 
tt  i n c L ud  e 
Si nc  Lude 
tt  i n c L ude 


< f c n t L . h > 

<signal.h> 
<stdio.h> 
<sys/types . h> 


/*  How  to  get  cbreak  mode  */ 


#if  def i ned ( NOTERMIO ) 

^include  <sgtty.h>  /*  No  termio:  Use  ioctlO  TIOCGETP  and  TIOCSETP  */ 

# e L i f d e f i n e d ( S V R 2 ) 

/Sinclude  <termio.h>  /*  S V R 2 : Use  ioctlO  TCGETA  and  TCSETAF  */ 

Seise  /*  Usual  case  */ 

Sinclude  <termios.h>  /*  Posix:  use  tcgetattr/tcsetattr  */ 
tt  e n d i f 

#ifdef  sun  /*  including 
Sinclude  < s y s / f i l i o . h > 

Seise 

//include  < s y s / i o c t l . h > 

// e nd  i f /*  sun  */ 

# i f nd  e f FIONREAD 

#d  e f i n e FIONREAD  TIOCINQ 

tt  e nd  i f 

^include  "posix.  h"  /*  For  readO,  sleep!)  */ 

tt  i nc  l ude  " kb  . h " 


ioctl.h  and  termios. h gives  a lot  of  warnings  on  sun  */ 

/*  for  FIONREAD  */ 


#if  UNITTEST  /*  Dummy  out  some  functions  for  unit  testing  */ 

^define  randEvent(c)  (void)c 

Seise 

^include  " pg p / r a nd p o o l . h " 

Send i f 

# i f nd  e f S T D I N_F I L E N 0 
^define  S T D I N_F I L E N 0 0 

# d e f i n e S T D 0UT_F I L E NO  1 

tt  e n d i f 

/*  The  structure  to  hold  the  keyuboard's  state  */ 
tt  i f def  ined(NOTERMIO) 

static  struct  sgttyb  kbStateO,  kbStatel; 
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# i f nde  f CBREAK 
//define  CBREAK  RAW 

# e n d i f 

//define  KB_G E T_S T AT E C f d , s ) 
//define  KB_A  LT  E R_S  T AT  E ( s ) 
//define  KB_S  E T_S  T A T E ( f d , s ) 


ioctlCfd,  TIOCGETP,  s) 
((s)->sg_f Lags  | = CBREAK, 
ioctlCfd,  TIOCSETP,  s) 


( s ) -> s g_f L a g s &=  ~ECH0) 


//elif  d e f i n ed ( S V R 2 ) 

static  struct  termio  kbStateO,  kbStatel ; 

//define  KB_G E T_S T ATE ( f d , s ) ioctlCfd,  TCGETA,  s) 

//define  KB_A  LT  E R_S  T A T E C s ) \ 

C Cs)->c_ccCVMIN:  = 1 , C s )->c_ccCVTIMED  = 0,  Cs)->c_lflag  & = ~ C E C H 0 | I C AN  ON ) ) 
//define  KB_S  E T_S  T A T E C f d , s ) ioctlCfd,  TCSETA,  s) 


//else 

static 

//define 

//define 

//define 


struct  termios  kbStateO,  kbStatel; 

KB_GET_STATECfd,s)  t eg e t a t t r C f d , s) 

KB_A  L T E R_S  T A T E C s ) \ 

C C s ) -> c_c c C VM I N ] = 1 , C s ) -> c_c c C VT I M E 1 =0 , Cs)->c_lflag 
KB_SET_STATECfd,s)  t c s e t a t t r C f d , TCSAFLUSH,  s) 


& = "CECHO  | ICANON)  ) 


U e nd  i f 


static  int  kbStateFetched  = 0; 


/*  The  basic  task  of  getting  the  terminal  into  CBREAK  mode.  */ 
static  void 

kb  I n t e r n a l C b r e a k C i n t fd) 

{ 


if  C ! kb S t a t e F e t c h ed ) { 

if  C KB_G  E T_S  TATECfd,  SkbStateO)  < 0) 

return;  / * Trouble  - what  to  do?  * / 
kbStatel  = kbStateO; 

KB_ALTER_STATE CSkbStatel ); 
kbStateFetched  = 1; 

J 

KB_S  E T_S  TATECfd,  SkbStatel); 


/*  Restore  the  terminal  to  normal  operation  */ 
static  void 

k b I n t e r n a l N o r m C i n t fd) 

{ 


> 


if  CkbStateFetched) 

KB_S  E T_S  TATECfd,  SkbStateO); 


/*  State  variables  */ 

static  volatile  int  kbCbreakFlag  = 0; 
static  int  kbFd  = -1; 


//ifdef  SVR2 

static  int  C * s a v e s i g ) C i n t ) ; 

//else 

static  void  C*savesig)Cint); 

# e n d i f 

/*  A wrapper  around  SIGINT  and  SIGCONT  to  restore  the  terminal  modes.  * / 
static  void 
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k b S i g 1 
{ 


> 


( i n t s i g ) 

if  (kbCbreakFlag) 

kblnternalNorm(kbFd); 
if  ( si g ==  SIGINT) 

signalCsig,  savesig); 

else 


signalCsig,  SIG_DFL); 
raise(sig);  / * Re-send  the 


signal 


*/ 


static  void 
kbAddSigs(void); 


/*  Resume  cbreak  after  SIGCONT  */ 
static  void 
kbS i g2 ( i nt  sig) 

{ 


> 


(void)sig; 
if  (kbCbreakFlag) 

kblnternalCbreak(kbFd); 

else 


kbAddSigsC); 


static 

void 

kb  Add  S i 

gs(void) 

savesig  = signal 

(SIGINT,  1 

# i f d e f 

SIGTSTP 

signal  (SIGCONT, 

kbSig2); 

U e nd  i f 
> 

signal  (SIGTSTP, 

k b S i g 1 ) ; 

static 

void 

kbRemoveSigs(void) 

{ 

si gna l (SIGINT, 

savesig); 

# i f d e f 

SIGTSTP 

signal  (SIGCONT, 

S I G_D F L ) ; 

ft  e nd  i f 
> 

signal  (SIGTSTP, 

S I G_D F L ) ; 

/ * Now  , 

void 

at  last,  the  externally  ca 

kbCbreak(void) 

if  (kbFd  < 0)  C 

k b F d = open (" /dev/tty"  , 0_RDWR); 
if  (kbFd  < 0) 

kbFd  = S T D I N_F I L E N 0 ; 

> 


* / 


kbAddSigsC); 
kbCbreakFlag  = 1 ; 
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> 


kblnternalCbreak(kbFd); 


vo i d 

kbNorm(void) 

{ 

kblnternaLNorm(kbFd)  ; 
kbCbreakFLag  = 0 ; 
kbRemoveSigs(); 


i n t 

kbGet(void) 

{ 

i n t i ; 
char  c ; 

i = readCkbFd,  &c,  1); 
if  ( i < 1 ) 

return  - 1 ; 

pgpRandPoolKeystroke(c); 
return  (unsigned  char)c; 

> 


/ * 

* Flush  any  pending  input.  If  "thorough"  is  set,  tries  to  be  more 

* thorough  about  it.  Ideally,  wait  for  1 second  of  quiet,  but  we 

* may  do  something  more  primitive. 

* 

* kbCbreakC)  has  the  side  effect  of  flushing  the  inout  queue,  so  this 

* is  not  too  critical. 

*/ 


void 

kbFlush(int  thorough) 

{ 

if  (thorough) 

sleep(l); 

# i f defined ( TC I F LUSH  ) 

tcflush(kbFd,  TCIFLUSH); 
#elif  defined(TIOCFLUSH) 


U i f nd  e f 

FREAD 

# d e f i n e 

FREAD  1 /* 

The  usual  v a 

l u e * / 

#end  i f 

ioctl(kbFd, 

TIOCFLUSH, 

FREAD); 

# e nd  i f 

> 


#if  UNITTEST  /*  Self-contained  test  driver  */ 
#include  <ctype.h> 
i n t 

main(void) 

{ 

i n t c ; 

puts(" Going  to  cbreak  mode..."); 
kbCbreak(  ) ; 
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putsC'In  cbreak  mode.  Please  type."); 

for  ( ; ; ) { 

c = kbGetC); 

if  (c  ==  1 \ n ' ||  c ==  1 \ r ' ) 

break; 

printf("c  = %d  = ' %c'\n",  c,  c); 
kbFlushCisupper(c)); 

} 

puts(" Returning  to  normal  mode..."); 

kbNormC); 

putsC'Done."); 

return  0; 


/*  UNITTEST  */ 
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moremod.c 


/ * 

* moremod.c  --  A pipeline  module  to  output  text  a page  at  a time 

★ 

* $ I d : moremod. c,v  1.4  1 996/1  1 /1  2 01:42:56  mhw  Exp  $ 

*/ 

# i f d e f H A V E_C  0 N F I G_H 
^include  "config.h" 
if  e nd  i f 


U include 

<assert . h> 

it  i n c l ude 

< s t d i o . h > 

it  i n c l ud  e 

<c  type  . h> 

it  include 

"pgp/annotate.h 

if  i n c l u d e 

"pgp/ pgpmem. h " 

it  i nc  l ude 

"pgp/pipeline.h 

ft  i n c l ud e 

"kb . h" 

//include 

"screen,  h" 

ft  i nc  l ude 

"moremod. h" 

it  d e f i n e 

MOREMAGI  C 

//define 

TABSTOP 

0xa5f 91 780 
8 


struct  Mo r e Mod C on t e x t C 


int 

nrows; 

/ * 

Number  of  rows  on  screen,  minus 

1 */ 

i n t 

row; 

/* 

Next  row  of  output,  0 

based  * / 

i nt 

ncols; 

/ * 

Number  of  columns  on  screen  */ 

i n t 

col; 

/ * 

Next  column  of  output. 

0 based 

* / 

long 

n b y t e s ; 

/* 

Size  of  message,  if  given  */ 

long 

byt; 

/* 

Number  of  bytes  we  have  output 

*/ 

char 

* rowbuf  ; 

/* 

Buffer  holding  row  to 

be  output 

*/ 

byte 

flushing; 

/* 

True  if  discarding  all 

input  * / 

byte 

aftercr; 

/* 

Saw  a cr,  eat  next  If 

if  any  * / 

byte 

quitting; 

/ * 

Have  printed  quitting 

message  * / 

i n t 

s c o pe_d  e p t h ; 

/* 

Nesting  scope  depth  */ 

FILE 

*f  p; 

/* 

Output  file  descriptor 

, must  be 

console 

*/ 


static  void 

moref  lushrowlstruct  MoreModContext  *context) 

{ 

if  (context->col)  { 

fputs  (context->rowbuf,  context->fp); 
fputcl  ' \ n ' , context->fp); 
context->col  = 0 ; 


static  void 

moreeraselinelstruct  MoreModContext  *context) 
{ 

i n t i ; 

int  ncols  = context->ncols; 

FILE  * f p = context->fp; 

/*  Blank  out  prompt  */ 
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for  (i  = 0;  i < ncols;  i + + ) 
fputc  ( ' 1 , fp); 

fputc('\r',  fp); 
fflush(fp); 


static  void 

morenewlineCstruct  Mo r e Mod C o n t e x t *context) 
{ 

i n t c ; 


moref iushrow(context) ; 
context->row  +=  1 ; 

if  ( c on t e x t -> r o w ==  c on t e x t -> n r o w s ) { 
if  ( c o n t e x t -> n by t e s ) { 

fprintf  ( c o n t e x t -> f p , "\ 

More  --  % d % % --  Hit  space  for  next  screen.  Enter  for  new  line\ 

, ' Q ' to  quit  --\r",  (int)((100  * context->byt)  / context->nbytes)); 

> else  { 

fputs  ("\ 

More  --  Hit  space  for  next  screen.  Enter  for  new  line,  ' Q ' to  quit  --\r", 

context->fp)  ; 

> 

fflush  (context->fp); 

for  ( ; ; ) { 

kbCbreakC  ) ; 
c = kbGetC); 
kbNorml); 

moreeraseline(context); 
c = toupper(c); 
if  (c  ==  'Q')  { 

context->flushing  = 1; 
break; 

\ n ' ) { 


> 

else 

— +> 

O 

II 

II 

”3 

1 1 c = = 

context->row 

-=  i; 

break; 

> 

else 

if  ( c ==  ' ' ) 

{ 

context->row 

= 0; 

break; 

> 

else 

fprintf  (context->fp 

> 

static  void 

mo r e o u t c h a r ( s t r u c t MoreModContext  *context,  char  c) 
{ 

int  aftercr  = context-: 


context->af tercr  = 0; 
if  ( c = = ' \ n ' ) f 

if  (aftercr) 

return; 

morenewline(context); 
} else  if  ( c = = ' \ r ' ) ( 

context->af tercr  = 1; 
morenewline(context); 
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> else  if  ( c = = ' \ t ' ) { 

int  addspaces  = TABSTOP  - (context->col  % TABSTOP) ; 
while  (addspaces--)  { 

if  ( c on t e x t -> c o l ==  c on t e x t -> n c o l s ) { 

c o n t e x t - > r o w bu  f C c o n t e x t ->  c o l II  = ' \ 0 ' 
return; 

} 

context->rowbufCcontext->col++]  = 1 ' ; 

> 

context->rowbuf[context->col]  = ' \ 0 ' ; 

> else  if  (c  < ' ')  { 

return;  / * Eat  non-printing  characters  * / 

> else  { 

/*  Eat  characters  beyond  right  column  */ 
if  ( c o n t e x t -> c o l ==  c on t e x t -> n c o l s ) 
return; 

context->rowbuf[context->col++]  = c ; 
c o n t e x t -> r o wbu f [ c o n t e x t -> c o l ] = '\0'; 

> 

> 

static  siz  e_t 

Write  (struct  PgpPipeline  *myself,  byte  const  *buf,  si ze_t  size,  int 
{ 

struct  MoreHodContext  *context; 
int  sz  = size; 
int  c ; 

assert(myself); 

assert(myself->magi c ==  MOREMAGIC); 

context  = (struct  MoreModContext  *)myself->priv; 


assert 

(context); 

assert(error)  ; 

★error 

= 0; 

while 

> 

( ! c o n t e x t -> f l u s h i ng  &&  sz--)  { 

c = *(char  *)buf++; 
mo r eo u t c h a r ( c on t e x t , (char)c); 
++context->byt ; 

return 

> 

size; 

static  int 

Flush  (struct 
■r 

PgpPipeline  *myself) 

assert(myself); 

a s s e r t ( my s e l f ->ma g i c ==  MOREMAGIC); 


/*  To  shut  up  compiler  warnings  */ 
(void)myself; 

return  0; 

> 

static  int 


*error) 
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Annotate 

{ 


(struct  PgpPipeline  *myself,  struct 
byte  const  *string,  si ze_t  size) 


struct  MoreModContext  * context; 


PgpPipeline  * o r i g i n , 


i n t type. 


/*  To  shut  up  compiler  warnings  */ 
(void)origin; 

(void)string; 

(void)size; 


assert(myself); 

assert(myself->magic  = = MOREMAGIC); 

context  = (struct  MoreModContext  *)myself->priv; 
assert  (context); 

/*  Currently  the  annotation  reader  does  not  pass  us  any  annotations  */ 
PGP_SCOPE_DEPTH_UPDATE(context->scope_depth,  type) ; 
assert  ( c o n t e x t -> s c o pe_d e p t h !=  -1 ) ; 

return  0 ; 

> 

static  int 

SizeAdvise  (struct  PgpPipeline  *myself,  unsigned  long  bytes) 

{ 

struct  MoreModContext  *context; 
assert  (myself); 

assert  (myself->magi c ==  MOREMAGIC); 

context  = (struct  MoreModContext  *)myself->priv; 
assert  (context); 

if  (bytes) 

context->nbytes  = bytes; 

if  (bytes  ||  c o n t e x t -> s c o pe_d e p t h ) 
return  0; 

/*  XXX 

* End  of  "more"  output.  Note  that  scope_depth  is  not  correct 

* currently  because  annotation  reader  doesn't  tell  us  scope. 

* Not  clear  if  this  is  a bug... 

* / 

if  ( ! c o n t e x t -> q u i 1 1 i n g ) { 

fputs  ( "\n0one  ...hit  any  key\n",  context->fp); 

kbCbreak(); 

kbGet  ( ) ; 

kbNorm(); 

fputs  ("\n",  context->fp); 
context->quitting  = 1; 

> 

return  0; 

> 

static  void 

Teardown  (struct  PgpPipeline  *myself) 
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{ 

struct  MoreModContext  * c o n t e x t ; 
assert(myself); 

assert(myself->magic  ==  MOREMAGIC); 

context  = (struct  MoreModContext  *)myself->priv; 
assert  (context); 

memset  ( context->rowbuf , 0,  context->ncols  + 1 ) ; 
pgpMemFree  (context->rowbuf ); 
memset  (context,  0,  sizeof  (*context)); 
pgpMemFree  (context); 

memset  (myself,  0,  sizeof  (*myself)); 
pgpMemFree  (myself); 

> 

struct  PgpPipeline  * 

pgpMoreModCreate  (struct  PgpPipeline  **head) 

{ 

struct  PgpPipeline  * m o d ; 
struct  MoreModContext  *context; 
unsigned  nrows,  ncols; 

if  ( ! h e a d ) 

return  NULL; 

context  = (struct  MoreModContext  * ) pg pM em A l l o c ( s i z e o f ( * c o n t ex t ) ) ; 
if  (!  context) 

return  NULL; 

memset(context,  0,  sizeof (*context)); 

mod  = (struct  PgpPipeline  * ) pg p M e m A l l o c ( s i zeof ( *mod)  ) ; 
if  ( ! mod  ) { 

pgpMemFree(context); 
return  NULL; 

> 

screenSizeGet  (Snrows,  & n c o l s ) ; 

context->rowbuf  = (char  * ) pg pM em A l l o c (ncols  + 1); 
if  ( ! c o n t ex t -> r o w bu f ) f 

pgpMemFree(context); 
pgpMemFree(mod); 
return  NULL; 

> 

context->nrows  = nrows  - 1; 
context->ncols  = ncols; 
context->fp  = stdout; 

mod->magic  = MOREMAGIC  ; 
mod->write  = Write; 
mod->flush  = Flush; 
mod->sizeAdvise  = SizeAdvise; 
mod->annotate  = Annotate; 
mod->teardown  = Teardown; 
mod->name  = "More"; 
mod->priv  = context; 
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★head  = mod; 


return  ^hesd  * 

> 


lib/ttyui/ moremod.h 


moremod.h 

/ * 

* moremod.h  --  Interface-specif i c pipeline  module  to  display  files  on  console 


* 

* $ I d : 

* / 

moremod.h, v 1.2  1996/11/12  01:42:56  mhw  Exp  $ 

# i f nd e f 
#de  f i ne 

P G P_M  0 R E M 0 D_H 

PGP  MOREMOD  H 

#include  " pg p / u s u a l s . h " 

struct  PgpPipeline; 

# i f n d e f TYPE  PGPPIPELINE 


#d e f i n e 
t y p ed e f 

U e nd  i f 

TYPE_PGPPIPELINE  1 

struct  PgpPipeline  PgpPipeline; 

/ * 

* Create  a module  to  write  to  the  console,  pausing  after  each  page  of 

* output. 

* / 

struct  PgpPipeline  *pgpMoreModCreate  (struct  PgpPipeline  **head); 

# e n d i f /*  PGP  MOREMOD  H */ 
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posix.h 

/ * 

* This  file  includes  <unistd.h>,  if  it's  available,  and 

* declares  a bunch  of  functions  with  "traditional"  values  if  not. 

* The  GNU  Libc  Manual  (node  "Version  Supported")  says  this  is  impossible; 

* I wonder  what  they  think  of  this. 

* 

* $ I d : posix.h, v 1.2  1 996/1  1 /1  2 01:42:56  mhw  Exp  $ 

*/ 

//include  <limits.h> 

/ * 

* See  if  this  is  a POSIX  <limits.h>.  A POSIX  system  *may*  define 

* a macro  for  ARG_MAX,  but  it  may  instead  defined  _SC_ARG_MAX 

* in  <unistd.h>  and  require  you  yo  use  sysconf ( ) to  get  the  value. 

* However,  a POSIX  system  is  supposed  to  defined  _P0  S I X_A  RG_M AX 

* in  <limits.h>  with  the  value  of  4096,  the  P0 S I X -ma nd a t e d lower 

* bound  on  ARG_MAX  or  sysconf (_S  C_A  R G_M  A X ) . 

* A POSIX  system  is  supposed  to  define  most  of  these,  so  checking  for 

* them  *all*  is  overkill,  but  it's  easy  enough... 

* / 

# i f n d e f H A V E_U N I S T D_H 

//ifdef  POSIX /*  Defined  by  GCC  on  POSIX  systems  */ 

//define  H A V E_U  N I S T D_H  1 

# e L i f def i ned (_P0S IX_ARG_MAX ) ||  d e f i n ed (_P0 S I X_C H I L D_M A X ) 

//define  H A V E_U  NIST  D_H  1 

//elif  def i ned (_P0S IX_LINK_MAX ) ||  d e f i n e d (_P 0 S I X_M A X_C A N 0 N ) 

//define  H A V E_U  NIST  D_H  1 

//elif  def  i n e d (_P0  S I X_M  AX_I  N PUT  ) ||  d e f i n e d (_P0  S I X_N  A M E_M  A X ) 

//define  H A V E_U  NIST  D_H  1 

//elif  def  i n e d (_P0  S I X_N  G R 0 U P S_M  AX  ) ||  d e f i n e d (_P  0 S I X_0  P E N_M  A X ) 

//define  H A V E_U  N I S T D_H  1 

//elif  def  i ned  (_P0S  I X_PATH_M  AX  ) ||  de  f i ned  (_P0S  I X_P  I PE_BU  F ) 

//define  H A V E_U  N I S T D_H  1 

//elif  def  i ned  (_P0S  I X_R  E_D  U P_M  A X ) ||  d e f i n ed  (_P0  S I X_S  S I Z E_M  A X ) 

//define  H A V E_U  NIST  D_H  1 

//elif  def  i ned  (_P0S  I X_S  T R E AM_M  A X ) ||  defined  (_P  0 S I X_T  Z N A M E_M  AX) 

//define  H A V E_U  NIST  D_H  1 

# e n d i f 

# e n d i f 

//if  H A V E_U  NIST  D_H 
//include  <unistd.h> 

//elif  d e f i n ed  ( M S D 0 S ) 

//include  <io.h>  /*  Where  MSDOS  keeps  such  things  */ 

//else 

/*  Not  POSIX  - declare  the  portions  of  <unistd.h>  we  need  manually.  */ 
int  ioctlCint  fd,  int  request,  void  * a r g ) ; 
int  isatty(int  fd); 

int  readCint  fd,  void  *buf,  int  nbytes); 
unsigned  s l e e p ( u n s i g n e d seconds); 

// e nd  i f 
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ringui.c 

/ * 

* ringui.c  - Various  u s e r- i n t e r f a c e helpers  for  working  with  keyrings 

* on  a simple  stdio  tty  interface. 

* 

* Written  by  Colin  Plumb. 

* 

* $ I d : ringui.c, v 1.68.2.1  1 996/1  1 /1  4 04:09:41  cbertsch  Exp  $ 

*/ 


# i f H A V E_C  0 N F I G_H 
//include  "config.h" 
# e nd  i f 


//include  <assert  . h> 
//include  <ctype.h> 
//include  <stdio.h> 


//include 

< s t d l i b . 

h > 

/* 

for 

s t r t o l ( ) 

*/ 

//include 

< s t r i n g . 

h > 

/* 

for 

strchrO 

*/ 

//include 

< t i me . h > 

/ * 

for 

time  ( ) 

* / 

//include 

//include 

//include 

//include 

//include 

//include 

//include 

//include 

//include 

//include 

//include 

//include 


"pgp/pgperr. h" 
"pgp/timedate.h" 
"useri o . h" 

" r i n g u i . h " 
"pgp/trustpkt . h" 
"pgp/trust.h" 

" pgp/ r i ngpub  . h " 

"pgp/ringread.h" 

"pgp/pubkey.h" 

"pgp/sigspec.h'1 

"pgp/timedate.h" 

"pgp/pgpenv.h" 


/*  for  pgpDa t e S t r i ng  */ 


/* 

* The  old  PGP  format... 


Type 

PUB 

Date 

1996-03-30 

keyID/bi ts 
58B96505/2048 

User 
F0  4 A 

I D 

30 

95 

20 

1 7 

29 

E0 

DC 

A3 

3 F 

FB 

C 6 

5 B 

79 

3 F 

f 00 

sig! 

PUB 

1 996-03-30 

1 996-03-30 

58B96505 

E9D1 E021 / 4096 

f 0 0 

1 A E 2 

E F 

AA 

FC 

CB 

59 

AC 

D 4 

2 A 

1 A 

90 

E 3 

DD 

4 F 

45 

bar 

sig!  1996-03-30  E9D1E021  bar 

2 key (s)  examined 
*/ 

static  char  const  hexcharC16]  = { 

'O', '1',' 2' ,'3' ,'4' ,'5' ,'6' ,'7', 
,8','9,,'A','B','C','D','E','F' 

>; 

/ * 

* Pretty-print  a 128-bit  key  fingerprint  into  the  supplied  buffer, 

* in  varius  forms,  depending  on  the  " len"  argument: 

* 1111111111222222222233333333334444444444555 

* 01234567890123456789012345678901234567890123456789012 

* 01  23  45  67  89  AB  CD  EF  01  23  45  67  89  AB  CD  EF/1024  (53  chars) 

* 01  23  45  67  89  AB  CD  EF  01  23  45  67  89  AB  CD  EF/1024  (52  chars) 

* 01  23  4567  8 9 A B CDEF  01  23  4567  89AB  CDEF/1  024  (45  chars) 
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01  23  4567  8 9 A B CDEF  01  23  4567  89AB  CDEF/1  024  (44  chars) 

01234567  89ABCDEF  01234567  89 AB C D E F / 1 0 2 4 (41  chars) 

01234567  89ABCDEF  01234567  8 9 A B C D E F / 1 0 2 4 (40  chars) 

0123456789ABCDEF  0 1 2 3 4 5 6 7 8 9 A B C D E F / 1 0 2 4 (38  chars) 

0123456789ABCDEF0123456789ABCDEF/1024  (37  chars) 

01  23456789ABCDE  F 0 1 23456789ABCDE/1 024 
0123456789ABCDEF0123456789ABCD/1024 

0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B C / 1 0 2 4 (etc.,  truncating  as  needed) 


* / 1 024 

* / 1 0 2 
* / 1 0 

* /I 

* / 


* 


* Returns  the  number  of  characters  actually  used,  guaranteed  to 

* be  <=  the  given  len. 

* Does  NOT  null-term inate  the  array. 

* / 


s i z e_t 

ringTtyFormatFingerprint16(struct 

char  * bu  f 


R i ng  S e t 
, s i z e_t 


const 

len) 


* s e t , 


union  RingObject  *key. 


static  signed  char  const  limitsC163  = { 


-1,  46, 

38, 

46, 

34, 

46, 

38, 

46, 

32,  46, 

38, 

46, 

34, 

46, 

38, 

46  > ; 

char 

*p 

= buf; 

byte 

h a 

shC163; 

char 

b i 

t s C 7 3 ; 

/ * 

' r ■ 

r 65535 

max 

length  + ' \ 0 ' */ 

i n t i ; 
i n t hlen; 
unsigned  keylen; 

key l e n = ringKeyBits(set,  key);  / * Length  of  key  in  bits  * / 
sprintf(bits,  "/%u",  keylen);  /*  Length  of  decimal  length  */ 
keylen  = (unsigned)strlen(bits); 
if  (keylen  >=  len)  { 

memcpy (buf , bits,  len); 
return  len; 

> 

len  - = keylen; 


hlen  = ringKeyFingerprint16(set,  key,  hash); 

for  (i  = 0;  i < hlen  8 8 ( s i z e_t ) ( p-bu f ) !=  len;  i++)  { 

/*  Print  each  space  iff  it's  okay  to  */ 
if  (len  > ( u n s i g n ed ) ( i n t ) l i m i t s C i 3 ) 

*p  + + = ' ' ; 

/*  Double  space  in  the  middle  if  appropriate  */ 
if  (i  ==  8 88  len  >=  36  88  len  !=  39  &&  len  !=  47) 

*p  + + = ' 1 ; 

*p++  = hexcharChashEi]  >>  4 8 153; 
if  ( ( s i z e_t ) ( p-bu f ) ==  len) 
break; 

*p++  = hexcharChashCiH  8 153; 

> 

memcpy(p,  bits,  keylen); 
return  p+keylen-buf; 


1519 


lib/ttyui/ ringui.c 


(48 

c h a 

rs) 

(47 

c h a 

r s ) 

(44 

c h a 

rs) 

(43 

c h a 

r s ) 

(41 

c h a 

rs) 

(40 

c h a 

r s ) 

/ * 

* Pretty-print  a 160-bit  key  fingerprint  into  the  supplied  buffer, 

* in  varius  forms,  depending  on  the  "len"  argument: 

* Version  a: 

* 11111111112222222222333333333344444444 

* 012345678901234567890123456789012345678901234567 

* 01234  56789  ABCDE  F0123  45678  9ABCD  EF012  34567 

* 01234  56789  ABCDE  F0123  45678  9ABCD  EF012  34567 

* 0123456789  ABCDEF01 23  456789ABCD  EF01234567 

* 0123456789  ABCDEF0123  456789ABCD  EF01234567 

* 0123456789ABCDEF0123  4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 

* 01 23456789ABCDEF0123456789ABCDEF01 234567 

* 01 23456789ABCDEF0123456789ABCDEF01 23456 

* 01 23456789ABCDEF01 23456789ABCDEF01 2345 

* 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 (etc.,  truncating  as  needed) 

* 

* Version  b: 

* 1111111111222222222233333333334444444444 

* 01234567890123456789012345678901234567890123456789 

* 01  23  4567  89a  b cdef  01  23  4567  89ab  cdef  01  23  4567  ( 50  chars) 

* 01  23  4567  89a  b cdef  01  23  4567  89ab  cdef  01  23  4567  ( 49  chars) 

* 01234567  89abcdef  01234567  89abcdef  01234567  (44  chars) 

* 01 23456789abcdef 01 23  4 5 6789a b c d e f 0 1 2 34 5 67  (41  chars) 

* 01  23456789ABCDE F01  2 3 4 5 6 7 8 9 A B C D E F 0 1 234567  ( 40  chars) 

* 01 23456789ABCDEF0123456789ABCDEF01 23456 

* 0123456789ABCDEF0123456789ABCDEF012345 
0123456789ABCDEF0123456789ABCDEF01234  (etc. 


★ 

*/ 

s i z e_t 

ringTtyFormatFingerprint20(struct  RingSet  const 

char  *buf,  si ze_t  len) 


truncating  as  needed) 


*set,  union  RingObject  *key. 


limitsaC40] 
40,  46,  42, 
limitsbCIO] 
43,  48,  43, 


static  signed  char  const 
C-1,  46,  42,  46, 
static  signed  char  const 
{-1,  48,  43,  48, 
signed  char  const  *limits  = limitsb; 
int  period  = 4;  /*  Use  5 for 

char  * p = buf; 
byte  hashC200; 
int  i ; 
int  hlen; 


46>  ; 

48,  43,  4 8 > ; 

/ * Choose  B * / 
A,  4 for  B * / 


hlen  = ringKeyFingerprint20(set,  key,  hash); 
if  (hlen  < 0) 

return  hlen; 


hlen  *=  2; 


/*  Unlike  the  16  byte  version,  this  loops  per  character  */ 
for  (i  = 0;  i < hlen  &&  ( s i ze_t ) ( p-buf ) !=  len;  i++)  { 

/*  Print  each  space  iff  it's  okay  to  */ 
if  ( i % p e r i od  ==  0) 

if  (len  > ( u n s i g n ed  ) ( i n t ) l i m i t s l i / p e r i od  ] ) 

* p + + = ' 1 ; 

/ * Double  space  in  the  middle  if  appropriate  * / 

if  (i  ==  20  &&  len  >=  ( uns i gned  ) ( l i mi t s = = l i mi t sa  ? 44  : 50)  && 
len  ! = 47) 
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if  ( i 

* p + + = 

8 1 ) 

r 

else 

*p  + + = 

hexcharChashCi / 2 ] 

8 15]; 

> 

return  p-buf; 

* p + + = 

hexcharChashCi/2] 

>>  4 8 15]; 

i n t 

r i ngTt y Pu t F i nge rpr i n 1 1 6 ( F I LE  *f,  struct  RingSet  const  *set, 
union  RingObject  *key,  unsigned  wid) 

{ 


char  buf[54]; 


/*  Incestuous  knowledge  */ 


if  (wid  > sizeof(buf)) 

wid  = sizeof(buf); 

wid  = (unsigned)ringTtyFormatFingerprint16(set,  key,  but,  ( s i z e_t ) w i d ) ; 
return  fwriteCbuf,  1,  wid,  f ) ; 


i n t 

r i ngTt y Pu t F i nge rp r i n t 20 ( F I LE  *f,  struct  RingSet  const  *set, 
union  RingObject  *key,  unsigned  wid) 

{ 


char  bufC50]; 


/*  Incestuous  knowledge  */ 


if  (wid  > sizeof(buf)) 

wid  = sizeof(buf); 

wid  = (unsigned)ringTtyFormatFingerprint20(set,  key,  buf,  ( s i z e_t ) w i d ) ; 
return  fwrite(buf,  1,  wid,  f ) ; 


i n t 

r i ngTtyPutKeyl D ( F I LE  *f,  struct  RingSet  const  *set,  union  RingObject  *key) 
{ 

byte  b u f C 8 ] ; 
i n t i ; 


ringKeyID8(set,  key,  NULL,  buf); 
for  (i  = 4;  i < 8;  i++)  { 

putc(hexcharCbufCiII  >>  4 & 15],  f); 
putc(hexcharCbufCi]  & 15],  f); 

> 

return  8; 


i n t 

r i ngTty Put S i g I D ( F I LE  *f,  struct  RingSet  const  *set,  union  RingObject  *sig) 
{ 

byte  bu  f C 8 ] ; 
i n t i ; 


ringSigID8(set,  sig,  NULL,  buf); 
for  (i  = 4;  i < 8;  i + + ) f 

putc(hexcharLbufCi]  >>  4 & 15],  f); 
putc(hexchar[bufCi]  8 15],  f); 

> 

return  8; 
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> 


/ * 

* Write  out  the  given  string  with  all  funny  characters  \-escaped  in 

* the  manner  of  C strings,  up  to  "maxlen"  characters.  Returns  the 

* actual  number  of  characters  printed,  which  will  always  be  <=  maxlen. 

* If  f is  NULL,  prints  nothing.  (May  be  useful  for  justification 

* computations.)  The  string  is  surrounded  by  quotes  ql  and  q2 

* (if  not  'NO').  q2  is  also  \-escaped  if  it  appears  in  the  string. 

* / 


unsigned 

ringTtyPutString(char 


const  *str,  si ze_t  len,  unsigned  maxlen,  FILE  *f, 
ql,  char  q2) 


i n t c = 0 ; 
s i z e_t  t ; 
char  const  * p ; 

unsigned  remaining  = maxlen; 

static  char  const  escapesC]  = "\a\b\f\n\r\t\v"; 

static  char  const  lettersC]  = {,a,,,b,,'f,,,n,,,r,,,t,,,v,>; 


/ * 
i f 


> 


Opening  quote  * / 

(ql  &&  remaining)  { 
if  (f  ) 

pu  t c ( q 1 , 
remai ni n g - - ; 


f ) 


for  ( ; ; ) { 

/*  Printing  can  only  expand  the  string,  so  truncate  it  */ 
if  (len  > remaining) 

len  = remaining; 

/*  Find  a directly  printable  substring  */ 
p = str;  / * Remember  start  of  substring  * / 

while  (len)  L 

c = (unsigned  char)*str; 

if  (!isprint(c)  ||  c ==  ' \ \ ' ||  c ==  q2) 

break; 

str++; 

len--; 

} 


/ * 
t 

i f 


> 


Print  from  p up  to  str  */ 

( s i z e_t ) (str  - p); 

(t)  { 

if  ( f ) 

fwrite(p,  1,  t,  f); 
remaining  - = t; 


/*  Done  with  the  string?  */ 
if  ( ! I e n ) 

break; 

/*  Note  that  remaining  >=  len  > 0,  so  remaining  > 0.  */ 
/* 
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> 


> 


* c is  a character  to  print  that  needs  escaping. 

* Now  we're  going  to  print  it,  so  remove  it  from  the  string. 
*/ 

ten--; 
s t r + + ; 

/*  Start  with  the  obligatory  backslash  */ 
if  ( f ) 

putcl'W',  f ) ; 
if  ( [--remaining) 
break; 

/*  Simple  case  1:  escaping  printable  characters  */ 
if  (isprint(c))  { 
if  (f  ) 

putc((char)c,  f ) ; 

— remaining; 
continue; 

> 

/*  Simple  case  2:  standard  C escape  */ 
p = strchrCescapes,  c ) ; 
if  (p  88  c)  { 
if  ( f ) 

putc(  letterslp-escapes],  f ) ; 

— remaining; 
continue; 

} 

/*  General  octal  escapes  */ 

/*  If  next  char  makes  it  ambiguous,  force  3-char  escape  */ 
if  (len  88  i s d i g i t ( * s t r ) ) /*  Force  on  8 and  9,  too!  */ 

c +=  256; 
if  (c  > 077)  { 
if  ( f ) 

putcC'O1  + (c>>6  & 3),  f); 
if  (!--remaining) 
break; 

> 

if  ( c > 07)  t 
if  ( f ) 

putcC'O'  + (c>>3  & 7),  f); 
if  ( [--remaining) 
break; 

> 

if  (f  ) 

putcC'O'  + Cc  8 7),  f); 

— remaining; 


/ * 
i f 


> 


Closing  quote  Cif  string  ended) 
C q 2 88  remaining)  { 
if  C f ) 

putcCq2,  f); 
remaining--; 


*/ 


return  maxlen  - remaining; 
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Print  i 

nf o about 

a key,  in  the 

format 

1024 

bits.  Key 

ID  FBBB8AB1,  c 

reated 

1 984-12-25 

The  ", 

created" 

part  is  omitted 

if  the 

creation  timestamp  i 

void 

r i n g T t y Pu t Key  I n f o ( F I L E *f,  struct  RingSet  const  *set,  union  RingObject  *obj) 
{ 

char  buf [PGPDATESTRINGLEN+1 3; 
w o r d 3 2 tstamp; 

fprintf(f,  "%6u  bits.  Key  ID  ",  (unsigned)ringKeyBits(set,  obj)); 
ringTtyPutKeyIDCf,  set,  obj); 

tstamp  = ringKeyCreationCset,  obj); 
if  (tstamp)  { 

fputsC",  created  ",  f); 
pgpDateString(tstamp,  buf); 
fputs(buf,  f ) ; 

> 


putc('\n',  f ) ; 

ft  i f 0 

if  (trust  & PGP_KE YTRUST F_REV0KED ) 

fprintf(f,  "%sThis  key  has  been  revoked  by  its  owner\n", 
prefix); 

ft  end  i f 

> 


void 

r i n g Key  I D p r i n t ( F I L E *f,  char  const  *prompt,  byte  const  keyIDC83) 
{ 


char  bufC183; 
char  * p = buf; 
i n t i ; 


for  ( i 

> 

* p + + = 

for  ( i 


> 


0;  i 

< 4 ; i + + ) { 

* p + + 

= h e x c h a r C k ey  I D C i D 

>> 

43,- 

* p + + 

= h e x c h a r C k ey I D C i ] 

8 

153; 

i ■ 

*:•  i 

< 8 ; i + + ) { 

* p++ 

= h e x c h a r C key  I D L i ] 

>> 

43; 

* p + + 

= h e x c h a r C key  I D C i ] 

8 

153; 

* p = ' \ n ' ; 


fputs(prompt,  f); 
fwrite(buf,  1,  18,  f); 


void 

r i n g Key P r i n t ( F I L E *f,  struct  RingSet  const  *set, 
int  level) 


{ 


union  RingObject 


*ob  j , 
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> 


struct  Ringlterator  * i t e r ; 
char  const  *name; 
s i z e_t  len; 
i n t i ; 


ringTtyPutKeylnfoCf,  set,  obj); 
iter  = ringlterCreate(set) ; 
if  (iter)  { 

i = ringlterSeekToCiter,  obj); 

while  ( r i ng  1 1 e r N e x t Ob j e c t ( i t e r , i+1)  > 0)  f 

obj  = ringlterCurrentObjectCiter,  i+1); 
assertCobj ); 

if  (ringObjectType(obj)  !=  R I NGT Y P E_N AM E ) 
continue; 

name  = ringNameNameCset,  obj,  Slen); 
fprintfCf,  "%*s" , level+2,  ""); 

( vo i d ) r i ng T t y Pu t S t r i ng ( name , len,  -1  u,  f. 


' ); 


putc('\n',  f); 

/ * break;  * / 


> 


> 


ringlterDestroy(iter); 


void 

r i ng Ob j P r i n t ( F I LE  *f,  struct  RingSet  const  *set, 
i nt  level) 


int  i = r i n g 0 b j e c t Ty pe ( o b j ) ; 
i n t err; 

char  const  * n a m e ; 
s i z e_t  len; 

char  buf CPGPDATESTRINGLEN+1 ]; 


union  RingObject  *obj. 


switch  (i)  { 

case  R I N G T Y P E_KE  Y : 

err  = r i n g Ke y E r r o r ( s e t , obj); 
fprintfCf,  "%*sKey:  error=%d  ",  level, 
ringTtyPutKeylnfoCf,  set,  obj); 
fprintfCf,  "%*s  fingerprint16=",  level, 

r i n g T t y Pu t F i n g e r p r i n t 1 6 C f , set,  obj,  100); 
putcC'Xn',  f); 

fprintfCf,  "%*s  f i n g e r p r i n t 2 0= " , level, 

r i ng T t y Pu t F i n g e r p r i n t 2 0 C f , set,  obj,  100); 
putcC'Xn',  f); 
break; 

case  R I N G T Y P E_S  E C : 

fprintfCf,  "%*sSecret:  Cnot  much  to  say) \n" 
break; 

case  RINGTYPE  NAME: 


err); 


n ii 


) 


A 


ii  ii 


) ; 


, level 


/ 


name  = ringNameNameCset,  obj,  Slen); 
fprintfCf,  "%*sName:  ",  level,  ""); 

C v o i d ) r i ngT t y Pu t S t r i n g C n a me , len,  -1 u,  f,  ,"1) 

putcC'Xn',  f); 

break; 

case  R I N G T Y P E_S I G : 

err  = ringSigErrorCset,  obj); 


ii  ii  X . 

J r 
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fprintf(f,  "%*sSig:  error=%d  ",  Level,  err); 

ringTtyPutSigIDCf,  set,  obj); 
putc  ( 1 ',  f); 

pgpDateString(ringSigTimestamp(set,  obj),  buf); 
fputsCbuf,  f ) ; 

fprintf(f,  ",  type=%x",  r i ng S i g Ty p e ( s e t , obj)); 

obj  = ringSigMaker(set,  obj,  set); 
if  ( ! o b j ) { 

putc('\n',  f); 

> else  -C 

fputs("  made  by:\n",  f); 
ringKeyPrintlf,  set,  obj,  level); 
ringObjectReleaseCobj ); 

> 

break; 

default: 

fprintfCf,  "%*s tttt#  Unknown  object:  type  %d\n",  level,  i); 

break; 

> 

> 


static  void 

r i n g Ob j P r i n t A l l ( F I L E *f,  struct  RingSet  const  *set,  union  RingObject  *obj, 

i n t level) 

{ 

struct  Ringlterator  * i t e r ; 
i n t i , j ; 


> 


iter  = ringlterCreate(set); 
if  (iter)  { 

i = ringIterSeekTo(iter,  obj); 
for  (j  = 1;  j < i;  j++)  { 

obj  = r i ng  1 1 e r C u r r e n t Ob j e c t ( i t e r , j); 
ringObjPrint(f,  set,  obj,  level+2*(j-1)); 

> 


ri nglterDestroyli ter); 

> else  { 


> 


ringObjPrint(f,  set,  obj,  level); 


* i f 0 

* - PGPERR_KEYI 0_R  E A D I N G 

* - PGPERR_KEYI 0_E  0 F 

* - P G P E R R_K  E Y I 0_B  A D P KT 

* - P G P E R R_N  0 M E M 

* / 

"Trust  packet  malformed") 

"Unknown  packet  byte  in  keyring") 
"Unexpected  name  (before  key)") 


^define  PGPERR_TROUB  L E_B  A D T R U S T -320 
PGPERR  ( P G P E R R_T  R 0 U B L E_B  ADTRUST, 

# d e f i n e P G P E R R_T  R 0 U B L E_U  NKPKTBYTE  -321 
PGPERR  ( P G P E R R_T  R 0 U B L E_U  NKPKTBYTE, 

# d e f i n e PG P E R R_T R 0 UB L E_U N XN AM E -322 
PGPERR  ( PG  P E R R_T  R 0 U B L E_U  N X N A M E , 

# d e f i n e PGPERR  TROUBLE  UNXSIG  -323 
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PGPERR  ( PGPERR_TROUBLE_UNXSIG, 

#define  PG P E R R_T R 0 UB L E_U N X T R U S T -324 
PGPERR  ( P G P E R R_T  R 0 U B L E_U  NXTRUST, 

^define  PG P E R R_T R 0 UB L E_KE Y 2 B I G -325 
PGPERR  ( P G P E R R_T  R 0 U B L E_K  E Y 2 B I G , 

^define  PG P E R R_T R 0 UB L E_N AM E 2 B I G -326 
PGPERR  ( P G P E R R_T  R 0 U B L E_N  AME2BIG, 

#define  PG P E R R_T R 0 U B L E_S I G 2 B I G -327 
PGPERR  ( PGPERR_TROUBLE_S IG2BIG, 

^define  PG P E R R_T R 0 U B L E_D U PKE Y I D -328 
PGPERR  (PGPERR_TROUBLE_DUPKEYID, 

# d e f i n e PG P E R R_T R 0 UB L E_D U PKE Y -329 

PGPERR  ( P G P E R R_T  ROUBLE_DUPKEY, 

^define  PG P E R R_T RO UB L E_D U PN AM E -330 
PGPERR  ( P G P E R R_T  R 0 U B L E_D  U P N A M E , 

^define  PG P E R R_T RO U B L E_D U P S I G -331 

PGPERR  ( PGPERR_TROUBLE_DUPSIG, 

#d e f i n e PG P E R R_T RO UB L E_B A R E KE Y -332 
PGPERR  ( P G P E R R_T  R 0 U B L E_B  A R E K E Y , 

# d e f i n e PG P E R R_T RO U B L E_V E R S I ON_B U G_P R E V 
PGPERR  ( PGPERR_TROUBL  E_V  E R S I 0 N_B  UG_PREV, 
#def i ne  PG P E R R_T RO U B L E_V E R S I ON_BUG_C U R 
PGPERR  ( PGPERR_TROUBLE_VERSION_BUG_CUR, 


"Unexpected  sig  (before  key)") 
"Unexpected  trust  packet") 

"Key  too  damn  big") 

"Name  too  damn  big") 

"Sig  too  damn  big") 

"Duplicate  KeylD,  different  keys") 

"Duplicate  key  (within  keyring)") 

"Duplicate  name  (in  same  keyring)") 

"Duplicate  signature") 

"Key  found  with  no  names") 

-333 

"Bug  introduced  by  l ega l_k l udge" ) 
-334 

"Bug  introduced  by  l eg  a l_k l udg e " ) 


#end i f 


/* 


* Print  a single  trouble  message 

* A message  with  extra  lines  of  information  (such  as  a key)  is  followed 

* by  a blank  line.  This  is  a feature,  for  clarity,  not  an  accident  of 

* the  way  it  is  implemented. 

* / 


#i  f 0 


struct  RingTrouble  const  * n e x t ; 

union  RingObject  *obj;  /*  The  pertinent  object,  if  applicable 
word32  num;  /*  An  integer  parameter,  if  applicable  */ 

word32  fpos;  / * File  position  related  to  the  error  * / 

int  type;  /*  PGPERR_  code  from  pgp/pgperr.h  */ 

# e n d i f 
static  void 

r i ng To p D o P r i n t T r o u b L e ( F I L E *f,  struct  RingFile  *file, 

struct  RingTrouble  const  *t) 


{ 


fprintf(f,  "%7lu:  ",  (unsigned  long)t->fpos); 


* / 


switch(t->type)  { 

/*  Non-fatal  errors  */ 

case  PG P E R R_T R OU B L E_B A DT R U S T : /*  Trust  packet  malformed  */ 

fprintf(f,  "Trust  packet  too  long:  %lu  bytes  long", 

(unsigned  long)t->num); 

break; 

case  P G P E R R_T  R 0 U B L E_U  NKPKTBYTE : /*  Unknown  packet  byte  */ 

fprintf(f,  "Unknown  packet  byte:  %02X",  (unsigned)t->num); 
break; 

case  PG P E R R_T R 0 UB L E_U N X N AM E : /*  Unexpected  Name  (before  key)  */ 

fprintf(f,  "Unexpected  name,  not  attached  to  any  key\n"); 
break; 

case  PG P E R R_T R OU B LE_UNX S I G : /*  Unexpected  sig  (before  key)  */ 

fprintf(f,  "Unexpected  signature,  not  attached  to  anything"); 
break; 

case  PGPERR_TROUBLE_UNXTRUST : /*  Unexpected  trust  */ 
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fprintf(f, 

"Unexpected  trust  packet,  not  attached  to  anything"); 

break; 

case  PG P E R R_T RO UB L E_KE Y2 B I G : /*  Key  too  damn  big  */ 

fprintfCf,  "Key  grossly  oversized:  %lu  bytes  long", 

(unsigned  l ong  ) t->num ) ; 


break; 

case  PG P E R R_T R 0 UB L E_N AM E 2 B I G : /*  Uid  too  damn  big  */ 

fprintfCf,  "User  ID  too  long:  %lu  bytes  long", 

(unsigned  long) t->num); 

break; 

case  PG P E R R_T RO UB L E_S I G 2 B I G : /*  Sig  too  damn  big  */ 

fprintfCf,  "Signature  grossly  oversized:  %lu  bytes  long", 
(unsigned  l ong  ) t->num ) ; 


break; 

case  PGPERR_TROUBLE_DUPKEY I D : /*  Duplicate  KeylD,  different  keys  */ 

fprintfCf, 

"Duplicate  keylD  found.  Two  keys  have  the  same  keyID,\n\ 

but  they  are  different.  This  is  highly  suspicious.  The  first  key  is:"); 

ringKeyPrintCf,  ringFileSet(file),  t - > o b j , 2); 
break; 

case  PGPERR_TROUBLE_DUPKE Y : /*  Duplicate  key  (within  keyring)  */ 

fprintfCf,  "A  key  was  found  twice  in  one  keyring  file.  " 

"It  is  a duplicate  o f : \ n " ) ; 
ringKeyPrintCf,  ringFileSet(file),  t - > o b j , 2); 
break; 

case  P G P E R R_T R 0 U B L E_D U P N AM E : /*  Duplicate  name  (within  keyring)  */ 

fprintfCf,  "A  name  was  found  twice  in  one  keyring  file.  " 
"It  is  a duplicate  o f : \ n " ) ; 
ringObjPrintAllCf,  ringFileSet(file),  t - > o b j , 2); 
break; 

case  P G P E R R_T R 0 U B L E_D U P S I G : /*  Duplicate  sig  (within  keyring)  */ 

fprintfCf,  "A  signature  was  found  twice  in  one  keyring  file. 
"It  is  a duplicate  o f : \ n " ) ; 


//if  0 


//end  i f 


if  ( t->i nf o . s i g->f lags  S SIG  F_K  E Y ) { 

uidPrintCring,  t->info.sig->up.key, 

(struct  RingUid  *)0,  ( r i ngma sk) ' ( ri ngmask ) 0, 

userOutFi  le,  -1u,  " ",  0); 

if  ( t -> i n f o . s i g -> u p . k e y-> u i d s ) 

uidPrintCring,  (struct  RingKey  *)0, 
t -> i n f o . sig->up. key->uids, 
(ringmask)~(ringmask)0,  userOutFi  le, 
— 1 u , " ",  0); 

> else  C 

uidPrintCring,  t->info.sig->up.uid->up, 

t->info.sig->up.uid,  Cringmask)"Cringmask)0, 
userOutFile,  -1 u,  " ",  0); 

> 

sigPrintCring,  t->info.sig,  userOutFile,  -1u,  " "); 

break; 

case  P G P E R R_T R 0 U B L E_B A R E K E Y : /*  Duplicate  key  (within  keyring)  */ 

fprintfCf,  "A  key  was  found  twice  in  one  keyring  file.  " 

"It  is  a duplicate  of:\n"); 
ringKeyPrintCf,  r i n g F i l e S e t ( f i l e ) , t->obj,  2); 
break; 

case  PG  P E R R_T  R0UBLE_VERSI0  N_B  U G_C  U R : /*  legal_kludge  bug  */ 
f pu  t s ( 


1 1 
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"This  private  key's  version  number  appears  to  be  incorrect  . \ n\ 

PGP  version  2.6  had  a bug  wherein  it  would  improperly  change  the\n\ 
version  number  of  a private  key  generated  by  older  versions  of  PGP\n\ 
when  it  was  edited.  The  private  key  in  this  key  file  has  a version\n\ 
byte  that  is  different  from  a copy  in  another  key  file,  and  appears\n\ 
to  be  improper.  PGP  will  fix  this  by  changing  the  version  byte  in\n\ 
the  private  key  to  the  previous  value.  The  key  with  the  problem  i s : \ n 1 


f > ; 

/ * Obj  is  "sec"  * / 

ringKeyPrintCf,  ringFileSet(file),  t->obj,  2); 
break; 

case  P G P E R R_T  R 0 U B L E_V  ERSION_BUG_PREV : /*  legal_kludge  bug  */ 


/ 


f pu  t s ( 

"A  previously  seen  private  key's  version  number  appears  to  be\n\ 
incorrect.  PGP  version  2.6  had  a bug  wherein  it  would  improperly\n\ 
change  the  version  byte  of  a private  key  generated  by  older  versions\n\ 
of  PGP  when  it  was  edited.  The  public  key  in  this  key  file  has\n\ 
a version  byte  that  is  different  from  a private  key  elsewhere,\n\ 
which  appears  to  be  improper.  PGP  will  fix  this  by  changing  the\n\ 
version  byte  in  the  private  key  to  the  previous  value.  The  key\n\ 
with  the  problem  is:\n". 


f ); 

ringKeyPrintCf,  ringFileSet(file),  t->obj,  2); 
break; 


} 


/ * Fatal  errors  * / 

case  P G P E R R_K  E Y I 0_R  E A D I N G : /*  Read  error  */ 

fprintfCf,  "I/O  error  reading  file:  %s", 
strerror((int)t->num)); 

break; 

case  PGPERR_KEYI 0_F  TELL:  /*  Read  error  */ 

fprintfCf,  "I/O  error  during  call  to  ftellC):  %s", 
strerror((int)t->num)) ; 

break; 

case  P G P E R R_K E Y I 0_E 0 F : /*  EOF  in  unexpected  place  */ 

fputsC"End  of  file  encountered  in  the  middle  of  a packet.",  f); 
break; 

case  PG P E R R_KE Y I 0_B A D PKT : /*  Non-packet  encountered  */ 

f pu t s C " I n va  l i d data  encountered. 

"Read  halted;  file  may  be  corrupt.",  f); 

break; 

case  P G P E R R_N  0 M E M : 

fputsC"***  Out  of  memory!  ***",  f); 
break; 

default: 

fprintfCf,  "Unknown  error  Zd  encountered",  t->type); 
if  Ct->obj)  { 

fputsC"  in  connection  with:\n",  f); 
ringObjPrintAllCf,  ringFileSetCfile),  t - > o b j , 2 ) ; 
break; 

> 

break; 

> 

putcC'Xn',  f); 


/ * 

* List  any  trouble  spots  encountered  opening  a file. 

* Ask  the  user  if  they  wish  to  continue.  If  not. 
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* return  an  error  code  <0. 

* 

* Prints  nothing  if  there  is  no  trouble. 

*/ 
i n t 

r i n g T op L i s t T r ou b l e ( F I L E *f,  struct  RingFile  *file,  int  writeflag) 

{ 

struct  RingTrouble  const  *trouble; 
unsigned  u = 0; 

(void)  writeflag ; 

trouble  = ringFileTrouble(file); 
if  (!  trouble) 

return  0; 

/ * 

* Special  case:  if  first  packet  in  the  file  isn't  a packet, 

* it's  unconditionally  an  error. 

*/ 

if  (trouble->f pos  ==  0 &&  t r o u b l e -> t y pe  ==  PG P E R R_KE Y I 0_B A D PKT ) { 
fputs("File  is  not  a PGP  key  file.  Aborting. \n",  f); 
ringFi  lePurgeTroublelfi  l e ) ; 
return  PG P E R R_KE Y I 0_B A D PKT ; 

> 


f pu  t s ( 

"The  following  problems  were  encountered  while  reading  the  keyring:\n" 
"Offset  Description^  ",  f); 


do  -C 

u + + ; 

ringTopDoPrintTroubleCf,  file,  trouble); 
> while  ((trouble  = trouble->next)  ! = NULL); 

if  (u  > 20) 

fputs("  Offset  Description^ ",  f); 


# i f 1 

u = 1; 

# e l s e 


if  (writeflag)  ( 

u = userAsk("\n\ 

If  you  continue,  PGP  will  ignore  the  errors  and  remove  the\n\ 
offending  data  from  the  key  file.  Do  you  want  to  continue  with\n\ 

\"%s\"",  ' y 1 , r i n g -> r i ng C b i t 3 . I o g n a me ) ; 

> else  { 

u = userAsk("\n\ 

If  you  continue,  PGP  will  ignore  the  errors.  Do  you  want  to  continue  with\n\ 
\"%s\"",  ' y ' , ring->ringCbit3.logname); 

> 

#end i f 


# i f 0 

/ * 

* KLUDGE  Version  bug  kludge:  if  told  to  correct,  flags  the 

* offending  keys  appropriately. 

*/ 

if  (u)  { 
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> 

#end i f 


> while 


if  ( t r oub  l e->type  ==  T ROUB L E_V E R S I 0 N_BUG_S E C || 
t roub  le->type  ==  T R 0 U B L E_V  E R S I 0 N_B  U G_P  U B ) { 

trouble->obj->g. flags  |=  SEC  F_V  E R S I 0 N_B  U G ; 
ringPoolMarkDi rtylring, 

trouble->obj->g.mask); 

> 

((trouble=trouble->next)  !=  NULL); 


ringFi  lePurgeTroublelfi  le); 
return  u ? 0 : - 1 ; 


/*  Functions  for  displaying  keys  */ 


const  int  name_i ndent  = 30; 
const  int  si g_ indent  = 32; 

/*  Given  a key  object,  return  the  first  Name  object  attached  to  it.  */ 
static  union  RingObject  * 

getFirstName  (struct  RingSet  const  *set,  union  RingObject  *key) 

{ 

int  status; 

struct  Ringlterator  *i ter  = ringlterCreate  (set); 

union  RingObject  *object; 


> 


assert  (ringObjectType  (key)  ==  R I NGTYPE_KE Y ) ; 
ringlterSeekTo  (iter,  key); 

while  ((status  = r i ng  1 1 e r N e x t Ob j e c t (iter,  2))  > 0)  f 
object  = ringlterCurrentObject  (iter,  2); 
assert  (object  ! = NULL); 

if  (ringObjectType  (object)  ==  R I N G T Y P E_N A M E ) ( 

r i ng  1 1 e r D e s t r oy  (iter); 
return  object; 

> 

> 

ringlterDestroy  (iter); 
return  NULL; 


/*  Passed  the  keyid  of  a signature,  its  level,  and  its  parent  object, 
determine  if  the  signature  has  been  retired.  */ 

static  int 

sigRetired  (struct  RingSet  const  *set,  union  RingObject  *sig) 

{ 

struct  Ringlterator  *i  ter  = ringlterCreate  (set); 

union  RingObject  *object; 
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status; 

level; 


i n t 
i n t 

Level  = ringlterSeekTo  (iter,  s i g ) ; 
if  (Level  < 0) 
return  Level; 

ringIterRewind(iter,  level); 

while  ((status  = r i ng I t e r N e x t Ob j e c t (iter,  level))  > 0)  { 

object  = ringlterCurrentObject  (iter,  level); 
assert  (object  !=  NULL); 

if  ( r i ngOb j e c t Type  (object)  ==  R I NGT Y P E_S I G ) { 
if  ( r i ng S i g E r r o r (set,  object)  ==  0 && 

ringSigType  (set,  object)  ==  PG P_S I GT Y P E_KE Y_U I D_R E VOKE 
r i n g S i g C h e c k e d (set,  object)  && 

ringSigMaker  (set,  object,  set)  ==  ringSigMaker  (set,  si 
ringlterDestroy  (iter); 
return  1; 

> 

> 

> 

ringlterDestroy  (iter); 
return  0; 

> 

/*  List  of  algorithms  indexed  by  the  pkalg  byte.  Each  entry  conta 
the  name  of  the  algorithm  and  what  it  can  be  used  for.  */ 

static  const  char  * p ka l g_l i s t C ] = 

(NULL,  " R S A " , " R S A " , " R S A " , NULL,  NULL,  NULL,  NULL,  NULL,  NULL, 
NULL,  NULL,  NULL,  NULL,  NULL,  NULL,  "ElGamal",  "DSA">; 

static  const  char  * 

getKeyAlg  (union  RingObject  *key,  struct  RingSet  const  *set) 

( 

byte  pkalg; 

ringKeyID8  (set,  key,  Spkalg,  NULL); 
return  pka l g_l i s t Cpka l g ] ; 

> 

static  const  char  * k e y u s e_ l i s t C ] = 

(NULL,  "Sign  only",  "Encrypt  only",  "Sign  and  Encrypt"}; 
static  const  char  * 

getKeyUse  (union  RingObject  *key,  struct  RingSet  const  *set) 

{ 

if  ( r i n g Ke y S ub k e y ( s e t , key)) 

return  keyus  e_l i stCPGP_PKUSE_SIGN]; 
return  k ey u s e_l i s t C r i ng Key U s e (set,  key)  & PG P_PKU S E_S I GN_ 

} 

# i f ! OLDTRUST 

static  char  statementCIID; 
static  char  * 

g e t T r u s t S t a t erne n t (word16  trust) 

C 

int  d = trust  - PG P_T R U S T_D E C A D E - P G P_T R U S T_0 C T A V E ; 
i n t i ; 


&& 

g , set))  ( 


i n s 


ENCRYPT] ; 
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unsigned  long  l ; 
int  wid  = 9 ; 
char  numbertIO]; 


if  (trust  ==  PGP_TRUST_INFINITE) 

strcpy  (statement,  " maximum  "); 
else  if  (trust  ==  0) 

strcpy  (statement,  " none  "); 

else  C 


> 

# e nd  i f 


> 

return 


/* 

* Note:  The  following  was  taken  from  Colin's 

* prettyprint  routine. 

*/ 


d -=  d % P G P_T  R U S T_D  E C A D E ; 
i = d / P G P_T  R U S T_D  E C A D E ; 
l = ringTrustToInt(trust  - d ) ; 
if  ( i ) 

wid  -=  s p r i n t f ( numbe r , "%lu%0*u  ",  l, 

else 


s p r i n t f 


wid  -=  sprintf (number,  "%lu  ",  l); 

(statement,  "%*s%s",  wid,  number); 


statement ; 


0) 


/*  This  function  displays  a single  signature.  */ 
int 

r i ngT t y S h ow S i g ( un i on  RingObject  *sig,  struct  RingSet  const  *set, 

FILE  * f p , int  check) 


union  RingObject 

wo  r d32 

char 

char  const 
s i z e_t 
byte 


* s i g k e y , *signame; 
creation; 
datestringCII]; 
★namestring; 
len; 
trust; 


sigkey  = ringSigMaker  (set,  sig,  set); 

/*  Output  "sig"  followed  by  key  bits  and  key  id.  */ 
trust  = ringSigTrust  (set,  sig); 

if  (ringSigType  (set,  sig)  ==  PG P_S I GT Y P E_KE Y_U I D_R E VOKE ) 
fputs  ("ret",  fp); 

else 

fputs  ("sig",  fp); 


i 

f ( 

ringSigError 

(set,  s 

pu  t c ( 1 

1 % ' 

, f p)  ; 

e 

l s e 

i f 

( ! s i g key ) 

p u t c ( 1 

1 ? ' 

, fp); 

e 

l s e 

i f 

(check 

SS 

(ringS 

p u t c ( ' 

i i i 

, f P ) ; 

e 

l s e 

i f 

(check 

SS 

(ringS 

pu  t c ( ' 

1 * ' 

, f p ) ; 

g)  < 0) 

g C h e c k e d ( s e t , sig))) 
gTried(set,  sig))) 
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else 

putc  ('  f p ) ; 

fputs  ("  ",  fp); 

ringTtyPutSigID  (fp,  set,  sig); 
putc  ( ' ',  fp); 

/ * Signature  date  * / 


creation  = r i n g S i g T i me s t a mp  (set,  sig); 
if  (creation  > 0)  { 

pgpDateString  (creation,  datestring); 
fputs  (datestring,  fp); 

> 

else 

fputs  ( " ",  fp); 

if  (sigkey)  { 

signame  = getFirstName  (set,  sigkey); 
if  (signame)  { 

fputs  ("  ",  fp); 

namestring  = ringNameName  (set,  signame,  Slen); 
r i ng T t y Pu t S t r i n g (namestring,  len, 

(unsigned)  len,  fp,  0,  0); 

> 

putc  ('\n',  fp); 

> 

else 

fputs  ("  (Unknown  si gnator,  can't  be  checked)\n",  fp); 

r i ng Ob j e c t R e l e a s e (sigkey); 
return  0; 


/*  This  function  displays  a 


set  of  signatures  attached  to  a name.  */ 


i n t 

ringTtyShowSigs 

{ 


(void  *arg,  union  RingObject  *name, 
struct  RingSet  const  *set,  int  mode) 


struct 

PgpTtyU I 

*ui  = (struct  PgpTtyUI 

* ) arg; 

struct 

Ringlterator 

*i ter  = ringlterCreate 

(set); 

i n t 

status; 

union 

RingObject 

* s i g ; 

FILE 

*fp  - ui->fp; 

i n t 

check; 

assert 

(name  !=  NULL); 

assert 

(arg  !=  NULL); 

assert 

(set  ! = NULL); 

assert 

(ringObjectType 

(name)  ==  R I NGTY PE_N AME ) 

r 

check 

= (mode  ==  3 | | 

mode  ==  4); 

/ * D i s 

play  sigs  attached  to  the  Name  */ 

r i n g 1 1 

erSeekTo  (iter. 

name); 

while 

((status  = r i n g 1 1 e r N e x t 0 b j e c t (iter,  3)) 

/~s 

o 

A 
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> 


> 


sig  = ringlterCurrentObject 
assert  (sig  !=  NULL); 
r i ng T t y S h ow S i g ( s i g , set,  fp. 


check); 


ringlterDestroy  (iter); 
return  0; 


i n t 

ringTtyCheckSigs 


(void  *arg,  union  RingObject  *name, 
struct  RingSet  const  *set,  int  mode) 


struct  PgpTtyUI 
struct  Ringlterator 
i n t 

union  RingObject 

s i z e__t 

FILE 


char  const 
char  const 


# if  OLDTRUST 
byte 

# e l s e 


unsigned 

#end  i f 


* u i = (struct  PgpTtyUI  *)  arg; 
*i ter  = ringlterCreate  (set); 
status; 

*sig,  *sigkey,  *signame; 
len; 

*fp  = u i - > f p ; 

★output; 

★namestring; 

sigtrust; 

confidence; 


assert  (name  !=  NULL); 

assert  (arg  !=  NULL); 

assert  (set  !=  NULL); 

assert  (mode  ==  4 | | mode  ==  5); 

assert  ( r i ng Ob j e c t Ty pe  (name)  == 


R I N G T Y P E_N  A M E ) ; 


/*  Display  sigs  attached  to  the  Name  ★/ 
ringlterSeekTo  (iter,  name); 


while 


# i f OLDTRUST 


//else 


((status  = ringlterNextObject  (iter,  3))  > 0)  ( 
sig  = ringlterCurrentObject  (iter,  3); 
assert  (sig  !=  NULL); 

if  (ringSigType  (set,  sig)  ==  P G P_S I G T Y P E_K E Y_U I D_R E V 0 KE ) 
continue; 

sigkey  = ringSigMaker  (set,  sig,  set); 
fprintf  (fp,  "%*s",  11,  ""); 


if  (isigkey  ||  sigkey  ==  ringlterCurrentObject 
sigtrust  = P G P_S I G T R U S T_N  0 KE  Y ; 
else  if  (sigRetired  (set,  sig)) 

sigtrust  = PG P_S I GT RU S T_R E T I R E D ; 
else  if  ( r i ngKey Revoked  (set,  sigkey)) 

sigtrust  = PG P_S I GT RU S T_R E VOKE D ; 

else 


sigtrust  = ringSigTrust  (set,  sig); 
output  = keyTrustTableCsigtrustD; 
fprintf  (fp,  "%-10s%*s",  output,  12,  ""); 


(iter,  1 ) ) 
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# e nd  i f 


if  (isigkey  ||  sigkey  ==  r i n g 1 1 e r C u r r e n 1 0 b j e c t (i 
output  = " " ; 

else  if  (sigRetired  (set,  sig)) 
output  = "retired  " ; 
else  if  ( r i ngKeyRevoked  (set,  sigkey)) 
output  = "revoked  "; 

else  { 

confidence  = r i ng S i g C o n f i d e n c e (set,  sig) 
output  = getTrustStatement  (confidence); 

> 


fprintf  (fp,  "%10s%*s",  output,  12,  ""); 


> 


if  (sigkey)  { 

signame  = getFirstName  (set,  sigkey); 
if  (signame)  f 

namestring  = ringNameName  (set,  s 
r i n g T t y Pu t S t r i n g (namestring,  len 

(unsigned)  len, 

> 

putc  ( ' \ n ' , fp); 

> 

else  { 

fputs  ("  (KeylD:",  fp); 

r i ng T t y Pu t S i g I D (fp,  set,  sig); 
fputs  (")\n",  fp); 

> 

ringObjectRelease  (sigkey); 

> 

ri nglterDestroy  (iter); 
return  0; 


/ * 


This  function  displays  a key  in  -kv,  -kvv,  -kvc,  or  the  first 
of  a -kc  format.  * / 


i n t 

ringTtyShowKey 

{ 


(void  *arg,  union  RingObject  *key,  struct  RingSet 
i n t mode) 


struct 

PgpTtylll 

*ui  = (struct  PgpTtyUI 

struct 

Ri  nglterator 

*i ter  = ri  nglterCreate 

union 

RingObject 

*name; 

union 

RingObject 

*subkey  = NULL; 

s i z e_t 

len; 

i n t 

status; 

F I LE 

* f p = u i - > f p ; 

w o r d 3 2 

c r e a t i 

on,  expiration; 

char 

datestringlllH; 

char  const 

*namestring; 

assert 

(key  ! = 

N U L L ) ; 

assert 

(arg  ! = 

NULL); 

assert 

(set  ! = 

NULL) ; 

assert 

(mode  <= 

5); 

assert 

(ringObjectType 

(key)  ==  R I N G T Y P E_KE  Y ) ; 

* ) arg; 
(set); 


ter,  1 ) ) 


igname,  S l e n ) ; 
f p , 0 , bi- 


section 


const  * s e t , 
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if  (ringKeylsSec  (set,  key)) 
fputs  ("sec",  f p ) ; 

else 

fputs  ("pub",  fp); 

if  (ringKeyError  (set,  key)  !=  0)  { 

/*  return,  otherwise  some  strange  behaviour  occurs  */ 
fputs  ("?  ",  fp); 
putc  ( ' \ n ' , fp); 
return  0; 

> 

else  if  ( r i n g Ke y D i s a b l ed ( s e t , key)) 
fputs  ("3  ",  fp); 

else 

fputs  ("  ",  fp); 

fprintf  (fp,  "%4u  ",  (unsigned)  ringKeyBits  (set,  key)); 
ringTtyPutKeylD  (fp,  set,  key); 
putc  ('  ',  fp); 

creation  = ringKeyCreation  (set,  key); 
if  (creation  > 0)  { 

pgpDateString  (creation,  datestring); 
fputs  (datestring,  fp); 
putc  ('  ',  fp); 

} 

else 

fputs  ( " ",  fp); 

if  ( r i ng Key R e v o k e d (set,  key)) 

fputs  ("*REV0KED*  ",  fp); 


else  l 


expiration  = ringKeyExpiration  (set,  key); 
if  (expiration  > 0)  f 

pgpDateString  (expiration,  datestring); 
fputs  (datestring,  fp); 
putc  ('  ',  fp); 

> 

else 

fputs  ( " ",  fp); 


fprintf  (fp,  "%-8s  %-15s\n",  getKeyAlg  (key,  set), 

getKeyUse  (key,  set)); 


if  (mode  ==  2 ) f 

byte  pkalg; 

ringKeyID8  (set,  key,  Spkalg,  NULL); 
if  (pkalg  > P G P_P  K A LG_R  S A_E  N C ) { 

fprintf  (fp,  " Fingerprint20  = "); 

ringTtyPutFingerprint20  (fp,  set,  key,  50); 
putc  ( ' \ n ' , fp); 

> else  ( 

fprintf  (fp,  " Fingerprint16  = "); 

ringTtyPutFingerprint16  (fp,  set,  key,  48); 
putc  ( ' \ n 1 , fp); 

> 

> 
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if  ( ( s u b ke  y = r i ng  Ke  y S ub  k ey  ( s e t , key))  !=  NULL)  { 

/ * Print  out  its  status  * / 
fprintf  C f p , " sub  "); 

fprintf  (fp,  "%4u  ",  (unsigned)  ringKeyBits  (set,  subkey)); 
ringTtyPutKeylD  (fp,  set,  subkey); 
putc  ('  ',  fp); 

creation  = ringKeyCreation  (set,  subkey); 
if  (creation  > 0)  { 

pgpDateString  (creation,  datestring); 
fputs  (datestring,  fp); 
putc  ( 1 1 , fp); 

> 

else 

fputs  ( " ",  fp); 


/*  If  superkey  revoked,  don't  print  expiration  */ 
if  ( r i ngKeyRevoked  (set,  key)) 

fputs  ("  ",  fp); 

else  { 

expiration  = r i n g Key E x p i r a t i on  (set,  subkey); 
if  (expiration  > 0)  { 

pgpDateString  (expiration,  datestring); 
fputs  (datestring,  fp); 
putc  ('  ',  fp); 

> 

else 

fputs  (" ",  fp); 

> 

fprintf  (fp,  "%-8s  %-15s\n",  getKeyAlg  (subkey,  set), 

getKeyUse  (subkey,  set)); 
if  (mode  ==  2 ) { 

fprintf  (fp,  " Fingerprint20  = "); 

r i ngT t y Pu t F i nge rpr i n t 20  (fp,  set,  subkey,  50); 
putc  ( ' \n  ' , f p)  ; 

> 

> 


fprintf  (fp,  "%*s",  name_ indent,  ""); 


if  ((name  = getFirstName  (set,  key))  ! = 
ringlterSeekTo  (iter,  name); 

else 


fputs  ("***  This  key  is  unnamed 


NULL) 


***\n",  fp); 


while  (name  !=  NULL)  { 

namestring  = ringNameName  (set,  name,  &len); 

ringTtyPutString  (namestring,  len,  (unsigned)  len,  fp,  0,  0); 
putc  ( ' \ n ' , fp); 


i f 


(mode  > 0 ) 

ringTtyShowSigs 


(arg,  name,  set,  mode); 


name 
do  { 


NULL; 

status  = ringlterNextObject  (iter,  2); 
if  (status  > 0)  L 

name  = ringlterCurrentObject  (iter,  2); 
assert  (name  !=  NULL); 

if  ( ri ngObjectType  (name)  !=  R I N G T Y P E_N  A M E ) 
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fprintf  (fp,  "%* s",  name_indent. 


> while  (status  > 0 & & name  ==  NULL); 
> / * end  while  * / 
r i ng I t e r D e s t r oy  (iter); 
return  0; 


i n t 

r i ng T t y C h e c kKey  (void  *arg,  union  RingObject  *key, 

struct  RingSet  const  *set,  int  mode) 

{ 


struct  PgpTtyUI 
struct  Ringlterator 
union  RingObject 


s i z e_t 
i n t 
FILE 

char  const 
# i f ! OLDTRUST 


#end  i f 


l e n ; 


*ui  = (struct  PgpTtyUI  *)  arg; 
*i ter  = ringlterCreate  (set); 

* n a m e ; 

status; 

* f p = ui->fp; 

*namestring; 


unsigned 

confidence; 

unsigned 

validity; 

i n t 

name_leader  = 0; 

assert  (key  !=  NULL); 
assert  (arg  !=  NULL); 
assert  (set  !=  NULL); 
assert  (mode  = = 4 ||  mode  ==  5); 

assert  ( r i ng Ob j e c t Ty pe 

(key)  ==  RINGTYPE_ 

if  (ringKeyError  (set. 

key)  ! = 0)  C 

/*  return,  otherwise  some  strange  behaviour  occurs  */ 
fputs  ("?  ",  fp); 
putc  ('\n',  fp); 
return  0; 


if  ( r i n g Ke y R e v o ke d (set,  key)) 
fputs  ("#  ",  fp); 

else  if  ( r i n g Ke y Ax i oma t i c ( s e t , key)) 
fputs  ("*  ",  fp); 

else 

fputs  ("  ",  fp); 

ringTtyPutKeylD  (fp,  set,  key); 

#if  OLDTRUST 

fprintf  (fp,  " %-10s",  keyTrustTableCringKeyTrust  (set,  key)]); 

ft  e nd  i f 


if  ((name  = getFi rstName  (set,  key)) 
ringlterSeekTo  (iter,  name); 

else 

fputs  (" 


NULL  ) 


***  This  key  is  unnamed  ***\n". 
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f p)  ; 

while  (name  !=  NULL)  { 


# i f OLDTRUST 


#else 


#end i f 


if  (name  leader) 


fprintf 

( f p. 

"%* s". 

name_i ndent 

- 9,  ""); 

name_leader  = 1; 
fprintf  (fp,  "/- 

10s", 

u i dVa  l i 

di tyTableCri 

ngNameT  rust 

(set,  name)]); 

if  (name_leader) 

fprintf 

( f p. 

"%*s". 

name_i ndent 

- 2 0,  " " ) ; 

name_ leader  = 1 ; 

confidence  = (unsigned)  ringNameConf idence  (set,  name) 
validity  = (unsigned)  ringNameValidity  (set,  name); 
fprintf  (fp,  " %10s",  getTrustStatement  (confidence)); 
fprintf  (fp,  "%10s",  getTrustStatement  (validity)); 


> 


namestring  = ringNameName  (set,  name,  Slen); 
r i n g T t y Pu t S t r i ng  (namestring,  len,  (unsigned)  len,  fp, 
putc  ( ' \ n ' , fp); 

ringTtyCheckSigs  (arg,  name,  set,  mode); 


} 


name  = NULL; 
do  t 


> while 


status  = ringlterNextObject  (iter,  2 ) ; 
if  (status  > 0)  { 

name  = r i ng  1 1 e r C u r r en 1 0 b j e c t (iter,  2) 
assert  (name  !=  NULL); 

if  ( r i ng Ob j e c t Ty pe  (name)  !=  RINGTYPE_ 
name  = NULL; 

> 

(status  > 0 & & name  ==  NULL); 


ringlterDestroy  (iter); 
return  0; 


/*  Note:  No  mode  5 for  the  moment  */ 


i n t 

ringTtyKeyCheck 

I 


(void  *arg,  struct  RingSet  const  *viewkeys, 
struct  RingSet  const  *allkeys,  int  mode) 


struct  Ringlterator  *i ter; 


union 

RingObject 

* k e y ; 

U i f OLDTRUST 

char 

headerl]  = " 

\ n \ n 

Keyl  D 

Trust  Validity  Use 

ft  else 

char 

headerC]  = " 

\ n \ n 

KeylD 

Confidence  Validity  Use 

ft  e nd  i f 

struct  PgpTtyUI 

* u i = 

(struct  PgpTtyUI  *)  arg; 

i n t 

status; 

FILE 

* f p = 

u i - > f p ; 

r 

r 


I D\n" 
I D \ n " 


0,  0); 


NAME  ) 
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assert  (allkeys  !=  NULL); 

if  (viewkeys  ==  NULL) 

viewkeys  = allkeys; 

fputs  (header,  fp); 

iter  = ringlterCreate  (viewkeys) ; 

while  ((status  = r i ng  1 1 e r N e x t Ob j e c t (iter,  1))  > 0)  { 

key  = ringlterCurrentObject  (iter,  1 ) ; 
ringTtyCheckKey  (arg,  key,  allkeys,  mode); 

> 

ringlterDestroy  (iter); 
return  0; 


/ * Modes: 


0 

list 

key  s , 

but 

no  fingerprints 

or  signatures  ( - k v ) 

1 

list 

keys 

with 

signatures,  but 

no  fingerprints  (-kvv) 

2 

list 

keys 

with 

fingerprints  and 

signatures  ( - k v c ) 

3 

list 

keys 

with 

signature  status 

info  ( - k a ) 

4 

list 

keys 

with 

signature  status 

info,  plus  trust  info 

5 

same 

as  4 , 

but 

do  not  output  numeric  trust  info 

(not  implemented  yet) 
*/ 


i n t 

ringTtyKeyView 

C 


(void  *arg,  struct  RingSet  const  *vi ewkeys, 
struct  RingSet  const  *allkeys,  char  const  *keyring. 


struct 

Ringlterator  *iter; 

union 

RingObject 

* k e y ; 

char 

headerC]  = 

"Type  Bits  KeylD  Created 

Expires  Algorithm 

i n t 

count  = 0; 

struct 

PgpTtyUI 

* u i = (struct 

PgpTtyUI  * ) arg; 

i n t 

status; 

FILE 

*fp  = u i - > f p ; 

assert 

(mode  <= 

5); 

assert 

(allkeys 

! = NULL); 

if  (viewkeys  == 

NULL) 

v i ewkeys 

= a l l k e y s ; 

if  (keyring) 

fprintf  (fp,  "Key  ring:  \'%s\'\n",  keyring); 
fputs  (header,  fp); 

iter  = ringlterCreate  (viewkeys); 

while  ((status  = r i ng  1 1 e r N e x 1 0 b j e c t (iter,  1))  > 0)  { 
count++; 
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- k c ) 


i nt  mode  ) 


Use\n"; 
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> 


key  = ringlterCurrentObject  (iter,  1 ) ; 
ringTtyShowKey  (arg,  key,  allkeys,  mode); 

} 

ringlterDestroy  (iter); 


i f ( mode  < 4 ) T 

it  (count  ==  1) 

fputs  ("1  matching  key  foundin'1,  fp); 

else 

fprintf  (fp,  "%d  matching  keys  foundin'1,  count); 

> 

else 

ringTtyKeyCheck  (arg,  viewkeys,  allkeys,  mode); 


return  0 ; 


/ * Key 
use 


selected  for  encryption.  Determine  is  the  user  really  wants  to 
it.  If  'batchmode'  is  set,  we  fail  rather  than  ask.  */ 


i n t 

ringTtyKeyOKToEncrypt 

{ 


(void  *arg,  struct  RingSet  const  *set, 
union  RingObject  *key) 


struct  PgpTtyUI  * u i = (struct  PgpTtylll  *)  arg; 

FILE  * f p = u i - > f p ; 

int  batchmode  = pgpenvGetlnt  (ui->env,  PG P E N V_B AT C H MO D E , 
union  RingObject  *name; 
char  const  *namestring; 
s i z e_t  len; 

struct  Ringlterator  *i ter; 
time_t  expiration; 
char  datestringCII]; 

//if  OLDTRUST 


NULL, 


int  trust; 

//else 


unsigned  validity; 

# e nd  i f 


NULL); 


fputc  ( ' \ n ' , fp); 

ringKeyPrint  (fp,  set,  key,  1); 

if  ( r i ngKey Revoked  (set,  key))  { 
fprintf  (fp,  "\n\ 

WARNING:  The  above  key  has  been  revoked  by  its  owner, \n\ 
possibly  because  the  private  key  was  compromi sed . \ n\ 

You  cannot  use  a revoked  key  for  encryption . \n" ) ; 

return  0; 

} 

if  ( r i ngKeyD i sab  l ed  (set,  key))  { 
fprintf  (fp,  "\n\ 

WARNING:  You  have  disabled  the  above  key.\n"); 

if  (batchmode) 

return  0; 
fprintf  (fp,  "\n\ 
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Do  you  still  want  to  use  it?  Cy/N] 

if  (IpgpTtyGetBool 
return  0; 

> 


(0, 


stderr) ) 


if  ((expiration  = r i n g Ke y E x p i r a t i on  (set,  key))  > 0 && 
expiration  <=  time  ((time_t  *)  0))  { 

pgpDateString  (expiration,  datestring) ; 
fprintf  (fp,  "\n\ 

WARNING:  This  key  is  not  valid  for  use  after  %s.\n",  datestring); 

if  (batchmode) 

return  0; 
fprintf  (fp,  "\n\ 

Do  you  still  want  to  use  it?  Cy/N]  "); 

if  ( ! pg p T t y G e t Bo o l (0,  stderr)) 
return  0; 


> 


iter  = ringlterCreate  (set); 
assert(iter  !=  NULL); 
ringlterSeekTo  (iter,  key); 

while  ( r i n g I t e r N e x t 0b j e c t (iter,  2)  > 0)  C 

name  = ri nglterCurrentObject  (iter,  2 ) ; 
assert(name  !=  NULL); 

if  ( r i n g Ob j e c t Ty p e (name)  ==  R I N G T Y P E_N AM E ) { 
int  warn  = 0; 


# i f 0LDTRUST 

switch  (trust  = ri ngNameTrust  (set,  name))  { 

case  P G P_N  A M E T R U S T_U  N KN  0 W N : 

fprintf  (fp,  "\n\ 

WARNING:  Because  the  following  name  has  not  been  certified\n\ 
by  a trusted  signature,  it  is  not  known  with  a high\n\ 
degree  of  confidence  that  the  above  key  belongs  to:\n"); 

warn  = 1 ; 
break; 

case  P G P_N  A M E T R U S T_U  NTRUSTED: 
fprintf  (fp,  "\n\ 

WARNING:  The  above  key  is  not  trusted  to  belong  t o : \ n " ) ; 

warn  = 1 ; 
break; 

case  PG  P_N  A M E T R U S T_M  A R G I N A L : 
fprintf  (fp,  "\n\ 

WARNING:  Because  the  following  name  is  not  certified  with  s u f f i c i e n t \ n \ 
trusted  signatures,  it  is  not  known  with  high  confidence  that  the\n\ 
above  key  actually  belongs  t o : \ n " ) ; 

warn  = 1 ; 
break; 


validity  = ringNameValidity  (set,  name); 
if  (validity  ==  0)  C 

fprintf  (fp,  "\n\ 

WARNING:  The  above  key  is  not  trusted  to  belong  to:  \n"); 

warn  = 1 ; 

> 

else  if  ( ! r i ng T r u s t Va  l i d (set,  validity))  C 
fprintf  (fp,  "\n\ 
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WARNING:  Because  the  following  name  is  not  certified  with  s u f f i c i e n t \ n \ 
trusted  signatures,  there  is  an  estimated  1/%-ld  probability  that\n\ 
the  above  key  may  not  belong  to:\n", 

strtol  ( g e t T r u s t S t a t erne n t (validity), 
NULL,  10)); 

warn  = 1 ; 

> 

# e nd  i f 

if  (warn)  i 

namestring  = ringNameName  (set,  name,  8 1 e n ) ; 
r i ngT t y Pu t S t r i ng  (namestring,  len, 

(unsigned)  len,  fp,  0,  0 ) ; 

fputc  ( ' \ n ' , fp); 

if  ( r i ng N a me Wa r n o n l y (set,  name)) 
f pu  t s ( 

"But  you  previously  approved  using  the  key  with  this  name.Xn", 

f p)  ; 

else  ( 

if  (batchmode) 

return  0; 

f pu  t s ( 

"Do  you  want  to  use  the  key  with  this  name?  [y/NO  ", 

f p)  ; 

if  ( pgpTtyGetBoo l (0,  stderr)  ) 

ringNameSetWarnonly  (set, 

name  ) ; 

else 

return  0; 

> 

putc  ( ' \ n 1 , fp); 

> 


return  1; 


void 

ringTtyKeyOKToSign 

{ 


(void  *arg,  struct  RingSet 
union  RingObject  *key) 


const  *set. 


struct  PgpTtyUI  * u i = (struct  PgpTtyUI  * ) arg; 

FILE  *fp  = u i - > f p ; 

struct  Ringlterator  * i t e r ; 

union  RingObject  * n a m e ; 

s i z e_t  len; 

char  const  *namestr; 

int  warn  = 0; 

time_t  expiration; 

char  datestringCIID; 


# i f 0LDTRUST 


# e l s e 

# e nd  i f 


byte  trust; 
unsigned  validity; 


if  ( r i n g Key R e vo k e d (set,  key))  i 
fprintf  (fp,  "\ 

WARNING:  The  signing  key  has  been  revoked  by  its  owner, \n\ 
possibly  because  the  private  key  was  compromi sed . \n\ 
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A signature  made  by  this  key  should  not  be  t r us t ed . \n"  ) ; 

return; 

> 

if  ( r i ngKeyD i sab  l ed  (set,  key)) 
fprintf  (fp,  " \ 

WARNING:  You  have  disabled  the  signing  key\n"); 


if  ((expiration  = ringKeyExpiration  (set,  key))  > 0 & & 
expiration  <=  time  ((time_t  *)  0))  { 

pgpDateString  (expiration,  datestring); 
fprintf  (fp,  "\ 

WARNING:  This  key  is  not  valid  for  use  after  %s.\n",  datestring); 

> 


iter  = ringlterCreate  (set); 
assert(iter  !=  NULL); 


# i f 


ringlterSeekTo  (iter,  key); 

while  ( r i n g I t e r N e x t 0 b j e c t (iter,  2)  > 0)  { 

name  = r i n g 1 1 e r C u r r e n t 0 b j e c t (iter, 
if  (name  &&  r i ng Ob j e c t T y pe  (name)  = 
warn  = 0 ; 


OLDTRUST 


2); 

RINGTYPE  NAME) 


{ 


trust  = ringNameTrust  (set,  name); 

switch  (trust  = ringNameTrust  (set,  name))  { 


case  P G P_N  A M E T R U S T_U  N KN  0 W N : 

fprintf  (fp,  "\n\ 

WARNING:  Because  the  following  name  has  not  been  certified\n\ 
by  a trusted  signature,  it  is  not  known  with  a high\n\ 
degree  of  confidence  that  the  signing  key  belongs  to:\n"); 

warn  = 1 ; 
break; 


case  P G P_N  A M E T R U S T_U  NTRUSTED: 
fprintf  (fp,  "\n\ 

WARNING:  The  signing  key  is  not  trusted  to  belong  t o : \ n " ) ; 

warn  = 1 ; 
break; 

case  P G P_N  A M E T R U S T_M  A R G I N A L : 
fprintf  (fp,  "\n\ 

WARNING:  Because  the  following  name  is  not  certified  with  suff icient\n\ 
trusted  signatures,  it  is  not  known  with  high  confidence  that  the\n\ 
signing  key  actually  belongs  to:\n"); 

warn  = 1 ; 
break; 

> 


# e l s e 

validity  = ringNameValidity  (set,  name); 
if  (validity  ==  0)  i 

fprintf  (fp,  "\n\ 

WARNING:  The  signing  key  is  not  trusted  to  belong  to:\n"); 

warn  = 1 ; 

> 

else  if  (IringTrustValid  (set,  validity))  i 
fprintf  (fp,  "\n\ 

WARNING:  Because  the  following  name  is  not  certified  with  s u f f i c i e n t \ n \ 
trusted  signatures,  there  is  an  estimated  1/%-ld  probability  that\n\ 
the  signing  key  may  not  belong  to:  \ n", 

strtol  ( g e t T r u s t S t a t erne n t (validity). 
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U e n d i f 


> 


> 


> 

> 

if  (warn) 

f p u t c 


i f 


> 


(warn)  { 

namestr  = ringNameName  (set,  name,  & l e n ) ; 
r i ng T t y Pu t S t r i n g (namestr,  ten,  (unsigned) 

f p , 0 , 0 ) ; 

fputc  ( ' \ n ' , fp); 


( ' \ n ' , fp); 


ten. 
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ringui.h 

/* 

* $ I d : ringui.h, v 1.1  9.2.1  1 996/1  1 /1  4 04:09:42  cbertsch  Exp  $ 

* / 

# i f nd  e f RINGUI_H 
^define  RINGUI_H 

^include  <stdio.h> 


#include  " pg p / u s u a l s . h " 

struct  RingFile; 

# i f nde  f T Y PE_R I NG F I LE 
#def i ne  T Y P E_R I NG F I L E 1 

typedef  struct  RingFile  RingFile; 
#end i t 

union  RingObject; 

# i f nd  e t T Y P E_R I N G OB J E C T 
#define  T Y P E_R I N G OB J E C T 1 

typedef  union  RingObject  RingObject; 
#e  nd i f 

struct  RingSet; 

# i f nd  e f T Y P E_R I N G S E T 

#define  T Y P E_R I N G S E T 1 

typedef  struct  RingSet  RingSet; 

# e nd  i f 


si ze_t  r i n g T t y F o r ma t F i n g e r p r i n 1 1 6 ( s t r u c t RingSet  const  *set, 
union  RingObject  *key,  char  *buf,  size_t  len); 
si ze_t  r i ng T t y F o rma t F i n g e r p r i n t 2 0 ( s t r u c t RingSet  const  *set, 
union  RingObject  *key,  char  *buf,  si ze_t  len); 
int  r i ng T t y Pu t F i ng e r p r i n 1 1 6 ( F I LE  *f,  struct  RingSet  const  *set 


i n t 


union  RingObject  *key,  unsigned  wid); 
r i ng T t y Pu t F i ng e r p r i n t 2 0 ( F I L E *f,  struct  RingSet  const 


* s e t , 

union  RingObject  * k e y , unsigned  wid); 
int  r i ng T t y Pu t Ke y I D ( F I L E *f,  struct  RingSet  const  *set,  union  RingObject 
int  r i ng T t y P u t S i g I D ( F I L E *f,  struct  RingSet  const  *set,  union  RingObject 
unsigned  r i ng T t y P u t S t r i n g ( c h a r const  *str,  si ze_t  len,  unsigned  maxlen, 
FILE  * f , char  q 1 , char  q 2 ) ; 

void  r i ng T t y P u t Ke y I n f o ( F I L E *f,  struct  RingSet  const  *set, 
union  RingObject  * o b j ) ; 

void  ringKeyIDprintCFILE  * f , char  const  *prompt,  byte  const  keyIDC83); 


* k e y ) ; 

* s i g ) ; 


void  r i n g Ke y P r i n t ( F I L E 
int  level); 


*f,  struct  RingSet  const  *set,  union  RingObject  *obj 


void 

r i ng Ob j P r i n t ( F I L E *f,  struct  RingSet  const  *set,  union  RingObject  *obj, 
int  level); 


int  ringTopListTroubleCFILE  * f , struct  RingFile  * f i l e , int  writeflag); 


int 

ri ngTtyKeyVi ew  (void  *arg,  struct  RingSet  const  *viewkeys, 

struct  RingSet  const  *allkeys. 
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char  const  *keyring,  int  mode); 

/*  Display  second  segment  of  -kc  output  (trust  info)  only.  */ 

int 

r i n g T t y Key C h e c k (void  *arg,  struct  RingSet  const  *vi ewkeys, 

struct  RingSet  const  * a l l k e y s , int  mode); 


/*  Show  a single  key  in  appropriate  key  view  format. 

Associated  names  are  also  displayed.  */ 

int 

ringTtyShowKey  (void  * a r g , union  RingObject  * k e y , struct  RingSet  const  * s e t , 

int  mode); 

/*  Show  second  segment  of  -kc  output  for  designated  key.  */ 

i n t 

r i ng T t y C h e c kKe y (void  *arg,  union  RingObject  *key, 

struct  RingSet  const  * s e t , int  mode); 


/*  Show  signatures  in  appropriate  key  view  format.  Similar  concept  to 

pg pT t y S h o w Key  . The  object  for  the  name  with  which  the  signatures  are 
associated  should  be  passed.  */ 

i n t 

ringTtyShowSigs  (void  *arg,  union  RingObject  * n a m e , struct  RingSet  const  * s e t , 

int  mode); 

/*  Service  routine  for  ringTtyShowSigs,  to  show  a single  sig.  Check 

means  to  indicate  signature  check  status.  * / 

int 

r i n g T t y S h ow S i g ( u n i o n RingObject  *sig,  struct  RingSet  const  *set, 

FILE  *fp,  int  check); 


/*  Show  second  segment  of  -kc  output  (trust  info)  for  signatures 

attached  to  designated  name.  */ 

int 

r i n g T t y C h e c k S i g s (void  *arg,  union  RingObject  *name, 

struct  RingSet  const  *set,  int  mode); 

/*  Return  whether  key  can  be  used  for  encryption  */ 

i n t 

r i n g T t y Ke y 0 KTo E n c ry p t (void  *arg,  struct  RingSet  const  *set, 
union  RingObject  *key); 


void 

r i ngTtyKeyOKToS i gn  (void  *arg,  struct  RingSet  const  *set, 
union  RingObject  *key); 


#end i f /*  RINGUI  H */ 
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screen,  h 

/* 

* $ I d : screen. h,v  1.2  1 996/1  1 /1  2 01 
*/ 

void  screenSizeGettunsigned  *rowsp, 
void  s c r e e n C L e a r ( F I L E *f); 


: 4 2 : 5 8 mhw  Exp  $ 
unsigned  * c o l s p ) ; 
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scrmac.c 


/ * 

* scrmac.c  - get  the  screen  size,  and  clear  it  (Mac  version). 

* Not  much,  but  there  are  so  *many*  wonderful  ways  to  do  it. 

* 


* $ I d : scrmac.c, v 1.2  1 996/1  1 /1  2 01:42:58  mhw 


*/ 

ft  i f H A V E_ 

.C  0 N F I G__H 

U i n c l u d e 

" con  f i g . h " 

ft  e nd  i f 

# i n c l ud e 

<assert . h> 

ft  i nc  l ude 

< s t d i o . h > 

ft  include 

<stdlib.h> 

ft  i nc  l ude 

<string.h> 

ft  i n c l ud e 

"pgp/usual 

ft  i nc  l ude 

" screen,  h " 

/* 

Exp  $ 


* Get  the  screen  size  for  'more'. 

* The  environment  variables  $LINES  and  SCOLUMNS  will  be  used  if  they  exi 

* If  not,  then  the  TIOCGWINSZ  call  to  ioctl()  is  used  (if  it  is  defined) 

* If  not,  then  the  TIOCGSIZE  call  to  ioctl()  is  used  (if  it  is  defined). 

* If  not,  then  the  WIOCGETD  call  to  ioctl()  is  used  (if  it  is  defined). 

* If  not,  then  get  the  info  from  terminfo/termcap  (if  it  is  there). 

* Otherwise,  assume  the  following:  we  have  a 24x80  vtlOO  or  similar. 

* / 


^define  D E F A U L T_R  0 W S 24 
#define  DEFAULT  COLS  80 


/*  Return  the  screen  size  */ 
void 

screenSizeGet(unsigned  *rowsp,  unsigned  *colsp)  /*  Rot  bilong  kargo  */ 
{ 

*rowsp  = D E F A U L T_R  0 W S ; 

* c o l s p = D E F A U L T_C  0 L S ; 

} 


/ * 

* Clear  the  screen  and  home  the  cursor. 

* Uses  a near-universal  ANSI  sequence,  followed  by 

* erase  the  mess  it  would  make  if  it  didn't  work. 
*/ 


void 

s c r e e n C l e a r ( F I L E *f) 

{ 

fputs("\33C2J\33CH\r  \r",  f); 

> 


an  attempt  to 


s t . 
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scrmsdos.c 

/ * 

* scrmsdos.c  - get  the  screen  size,  and  clear  it  (MS-DOS  version). 

* Not  much,  but  there  are  so  *many*  wonderful  ways  to  do  it. 

* 

* $Id:  scrmsdos.c, v 1.4  1996/11/12  01:42:58  mhw  Exp  $ 

* / 

^include  <assert.h> 

^include  <stdio.h> 

^include  <stdlib.h> 

#include  <string.h> 

# i f BORLANDC 

/*  Borland  C 3.1's  <dos.h>  won't  compile 

#define  far  far 

#end  i f 

ftifndef  6032 &&  ! d e f i n ed (_W I N 32 ) 

^include  <dos.h>  /*  For  int86  and 

tt  e nd i f 

/ * 

* Some  DOS  Compilers  are  reluctant  to  define  MK_FP  in  ANSI  mode,  as  if 

* it  were  not  in  the  namespace  reserved  by  ANSI  for  the  <dos.h>  header 

* file.  <dos.h>  is  not  defined  by  ANSI,  so  obviously  this  is  a 

* hallucination  due  to  drinking  too  much  Jolt.  Go  figure. 

* / 

# i f ndef  MK_FP 
# i f nd  e f _MK_FP 

/*  Create  using  Borland  C extensions.  */ 

#define  _MK_F P ( s e g , o f f ) ((void  seg  *)  (seg)  + (void  near  *)(off)) 

# e n d i f /*  !_MK_FP  */ 

^define  MK_F  P _MK_FP 

# e n d i f /*  !MK_FP  */ 

/ * 

* Return  the  screen  size 

* 

* The  number  of  columns  is  returned  from  int  0x10,  ah  = OxF,  in  ah. 

* The  low  7 bits  of  al  are  the  screen  mode.  If  it  is  80  column  mono 

* or  colour,  then  try  int  0x10,  ah  = 0x12,  bl  = 0x10  (Get  Information) 

* and  have  a look  at  bl.  If  it  has  changed  (the  allowed  return  values 

* are  0,  1,  2,  and  3),  we  have  a modern  video  BIOS,  which  stores  the 

* number  of  display  rows  at  0040:0084.  I wish  I had  a PC  BIOS  reference 

* to  see  if  there  are  simpler  ways  to  get  the  data.  In  particular, 

* how  reliable  are  the  BIOS  data  fields  at  0040:004A  (columns  per 

* line  in  current  video  mode)  and  0040:0084  (rows-1 )?  The  latter 

* is  apparently  only  used  on  video  adapters  with  their  own  BIOS, 

* EGA  and  up . 

* 

* This  technique  is  primarily  based  on  code  in  the  Borland  C 3.1 

* run-time  library,  backed  with  information  from  Frank  van  Gilluwe's 

* The  Ondocumented  PC  and  the  Programmer's  Guide  to  the  AMIBI0S. 

*/ 

void 

s c r e en S i z eGe t ( un s i g ned  *rowsp,  unsigned  *colsp)  /*  Rot  bilong  kargo  */ 

# i f d e f _W I N 3 2 

/*  No  DOS  tricks  */ 


in  ANSI  mode  without  this...  */ 


union  REGS  */ 
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*rowsp  = 2 5; 

*colsp  = 80; 

Seise 

char  const  * e n v ; 
long  t ; 

union  REGS  regs; 

* r o w s p = *colsp  = 0; 

/*  LINES  8 COLUMNS  environment  variables  override  everything  else  */ 
env  = getenvC" LINES"); 

if  (env  !=  NULL  88  (t  = atol(env))  > 0 ) 

*rowsp  = (unsigned)t; 

env  = getenv( "COLUMNS"); 

if  (env  !=  NULL  88  (t  = atol(env))  > 0 ) 

*colsp  = (unsigned)t; 

if  (*rowsp  88  *colsp) 
return; 

/*  Otherwise,  figure  it  out  the  hard  way.  */ 

regs. h. ah  = OxF;  / * Read  current  video  mode  * / 

int86(0x10,  Sregs,  Sregs); 

if  ( ! * c o l s p ) f 

★ colsp  = regs. h. ah; 
if  (*rowsp) 


# e nd  i f 

> 


★rowsp  = 25;  /*  DOS  default  */ 

/*  If  Colour  or  B8W  80-column  mode,  it's  safe  to  ask  about  EGA  */ 
if  ((regs.h.al  8 0x7E)  ==  2)  C 
regs. h. ah  = 0x12; 
regs.h.bl  = 0x10; 


> 


int86(0x10,  Sregs,  Sregs); 

if  (regs.h.bl  !=  0x10)  /*  EGA  installed  - read  BIOS  */ 

*rowsp  = *(unsigned  char  const  *)MK_FP(0x40,  0x84)  + 1 


/ * 

* Clear  the  screen  and  home  the  cursor. 

* The  only  way  to  do  this  reliably  under  MS-DOS  is  via  the  BIOS. 

* This  involves  finding  the  screen  size  (using  the  above  function), 

* finding  the  active  video  page  (int  0x10,  ah  = OxF,  returned  in  bh), 

* finding  the  attribute  to  clear  with  (taken  from  the  current  cursor 

* position,  int  0x10,  ah  = 8,  bh  = current  page,  attribute  returned 

* in  ah),  using  the  "scroll  window"  command  to  clear  the  active  page 

* screen  (int  0x10,  ah  = 6,  al  = 0 for  clear  screen,  (cl,ch)  the  top 

* left,  (dl,dh)  the  bottom  right  of  the  window  (zero-based  (x,y)), 

* and  bh  the  attribute  to  clear  with),  and  then  finally  resetting  the 

* cursor  to  (0,0)  with  int  0x10,  ah  = 2.  bh  - current  page,  ( d L , d h ) 

* is  the  position  to  set  it  to. 

*/ 

void 

s c r e e n C l e a r ( F I L E *f) 

{ 
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ft  i f d e f 
tie  l s e 


# e n d i f 
> 


WIN32 

/*  Not  sure  how  to  do  it  */ 

unsigned  rows,  cols; 
union  REGS  regs; 
unsigned  char  page; 


(void)f; 

screens i zeGet (Srows,  8 c o l s ) ; 


regs. h. ah  = 

Ox  F ; 

/* 

Read  current  video  mode  * / 

int86(0x10. 

Sregs, 

Sregs); 

page  = regs 

. h . b h ; 

/* 

Active  page  * / 

regs. h. ah  = 

8; 

/* 

Get  attribute  * / 

/*  bh  is  already  set  */ 

int86(0x10. 

Sregs, 

Sregs); 

regs.h.bh  = 

regs  . h 

.ah;  / * 

Attribute  tor  screen  c 

lear  * / 

regs. x. ax  = 

0x600; 

/* 

ah=6,  scroll  up,  ah=0. 

clear  * / 

regs.x.cx  = 

0; 

/ * 

Start  at  (0,0)  * / 

r e g s . h . d l = 

c o l s - 1 

f 

regs.h.dh  = 

rows-1 

; / * 

End  at  (cols-1,  rows-1 

) */ 

int86(0x10. 

Sregs, 

Sregs); 

regs. h. ah  = 

2; 

/* 

Home  the  cursor  * / 

regs.h.bh  = 

page; 

regs.x.dx  = 

0; 

/* 

Go  to  (0,0)  */ 

int86(0x10. 

Sregs, 

Sregs); 
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scrunix.c 


/ * 

* scrunix.c  - get  the  screen  size,  and  clear  it  (UNIX 

* Not  much,  but  there  are  so  *many*  wonderful  ways  to 

* 

* $ I d : scrunix.c, v 1.6  1 996/  1 1 /1  2 01:42:58  mhw  Exp  $ 

* / 


//if  H A V E_ 

_C  0 N F I G_H 

//include 

" c o n f i g . h " 

#end  i f 

//include 

<assert . h> 

# i n c l ud  e 

< s t d i o . h > 

//include 

<stdlib.h> 

//include 

<string.h> 

//include 

" pos i x . h " 

//if  H A V E_ 

.S  Y S_I  OCT  L_H 

//include 

<sys/ioctl.h> 

//endif 

//include 

<sys/types.h> 

/ * For  ioctl()  * / 


version) . 
do  it. 


# i f d e f sco 

//include  < s y s / s t r e a m . h > 
//include  <sys/ptem.h> 

//  e nd  i f 


//ifdef  SVR2 


/*  SVR2  has  wierd  headers  */ 


//ifndef  N0TERMI0 

//include  <termio.h>  /*  TIOCGWINSZ  should  be  here  */ 

//  e nd  i f 


//else 


/*  Normal  system:  look  in  <termios.h>,  < s y s / i o c t l . h > and  <sgtty.h>  */ 


//  i f nd  e f 
//include 
//end  i f 
//if  ! def 
//include 
//endi  f 
//if  ! d e f 
//include 
//  e nd  i f 


N0TERMI0 


<termi os . h> 

/* 

TIOCGWINSZ  should  be 

here  * / 

ned(TIOCGWINSZ) 

88 

! def i ned (TIOCGSIZE) 

88 

! d e f 

<sys/ioctl.h> 

/* 

TIOCG...  should  be  here 

* / 

ned(TIOCGWINSZ) 

88 

!def ined(TIOCGSIZE) 

88 

! d e f 

<sgtty.h> 

/* 

WIOCGETD  should  be  i 

n here  * 

ined(WIOCGETD) 

ined(WIOCGETD) 

/ 


//endif  /*  not  SVR2  */ 

//include  " pg  p / u s u a l s . h " 
//include  " screen,  h" 


/ * 


★ 

Get 

the 

screen  s 

* 

The 

envi ronment 

★ 

If 

not. 

then 

the 

★ 

I f 

not. 

then 

the 

★ 

If 

not. 

then 

the 

★ 

If 

not. 

then 

get 

ize  for  'more'. 

variables  $LINES  and  SCOLUMNS  will  be  used  if 
TIOCGWINSZ  call  to  ioctlC)  is  used  (if  it  is 
TIOCGSIZE  call  to  ioctl()  is  used  (if  it  is 


they  exist 
defined) . 
defined) . 


* Otherwise, 


WIOCGETD  call  to  ioctl()  is  used  (if  it  is  defined) 
the  info  from  termi nf o/termcap  (if  it  is  there), 
assume  the  following:  we  have  a 24x80  vtlOO  or  similar. 


1554 


lib/ttyui/ scrunix.c 


* / 

#def i ne  D E F A U LT_R  0 W S 24 
#define  D E F A U L T_C  0 L S 80 

/ * 

* Try  to  access  terminfo  through  the  termcap-interface  in  the  curses 

* Library  (which  requires  Linking  with  -Lcurses)  or  use  termcap  directLy 

* (which  requires  Linking  with  -Ltermcap) 

* / 

ft  i f ! def  i n e d ( U S E_T E RM C A P ) 88  ( d e f i n e d ( U S E_T  E R M I N F 0 ) ||  d e f i n e d ( U S E_C  U R S E S ) ) 

^define  U S E_T  E R M C A P 1 

# e n d i f 

# i f d e f U S E_T  E R M C A P 

#def i ne  TERMBUFSIZ  1024 

# d e f i n e U N KN  0 W N_T  E R M "unknown" 

^define  DUMB_TERMBUF  " d u m b : c o ft  8 0 : h c : " 

extern  int  tgetent  ( ) , tgetnum(); 
tf  e nd  i f 

/*  Return  the  screen  size  */ 
void 

screenSizeGet(unsigned  *rowsp,  unsigned  *coLsp)  /*  Rot  biLong  kargo  */ 

{ 

char  const  * e n v ; 

Long  t ; 

# i f def i ned(TIOCGWINSZ) 

struct  winsize  windowing o; 

# e L i f def i ned(TIOCGSIZE) 

struct  ttysize  windowlnfo; 

#eLif  d e f i n ed ( W I 0 C G E T D ) 

struct  uwdata  windowlnfo; 

ft e nd i f 


/*  Make  sure  that  we're  outputting  to  a terminaL  */ 
if  ( ! i s a 1 1 y ( f i L e no  ( s t d e r r ) ) ) t 

* r o w s p = D E F A U LT_R  0 W S ; 

* c o L s p = D E F A U LT_C  0 LS; 
return; 

> 

*rowsp  = *coLsp  = 0; 

/*  LINES  & COLUMNS  environment  variabLes  override  everything  eLse  */ 
env  = g e t e n v ( " L I N E S " ) ; 

if  (env  !=  NULL  88  (t  = atoL(env))  > 0 ) 

*rowsp  = (unsigned)t; 

env  = getenv( " COLUMNS"  ); 

if  (env  !=  NULL  88  (t  = atoL(env))  > 0 ) 

★coLsp  = (unsigned)t; 

if  (*rowsp  88  *coLsp) 
return; 

/*  See  what  ioctLO  has  to  say  (overrides  terminfo  8 termcap)  */ 
ft  i f def  ined(TIOCGWINSZ) 
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# e L i f 


tte  lif 


U e nd i f 
# i f d e f 


//end  i f 


if  (ioctl(fileno(stderr),  TIOCGWINSZ,  &wi ndowlnf o)  !=  -1)  < 


i f 

( ! *rowsp  SS 

w i ndo w I n f o . w s_r o w !=  0) 

* r owsp 

= (unsigned)windowlnfo. 

w s_ 

i f 

(!*colsp  SS 

w i ndo w I n f o . w s_c o l !=  0 

) 

* c o l s p 

= ( un s i g n ed ) w i ndo w I n f o . 

w s_ 

i f 

(*rowsp  SS 

* c o l s p ) 

return; 


> 

def ined(TIOCGSIZE) 

if  (ioctKf  i leno(stderr),  TIOCGSIZE,  &wi ndowlnf o)  !=  -1)  { 

if  (!*rowsp  SS  wi ndowl nf o . t s_L i nes  !=  0) 

*rowsp  = (unsigned)window!nfo.ts_ lines; 


i f 


( ! * c o l s p SS 
* c o L s p 


w i nd o w I n f o . t s_c o L s !=  0) 

= (unsigned)windowlnfo.  ts 


cols; 


if  (*rowsp  SS  *colsp) 
return; 


> 

def ined(WIOCGETD) 

if  ( i o c t l ( f i L e no ( s t d e r r ) , WIOCGETD,  Swindowlnfo)  !=  -1)  { 
if  (!*rowsp  SS  w i ndow I n f o . uw_h e i g h t !=  0) 

*rowsp  = w i ndow I n f o . uw_h e i g h t / w i nd o w I n f o . u w 


_v  s ; 


i f 


(!*colsp  SS 
* c o L s p 


w i ndow I n f o . uw_w i d t h !=  0) 

= w i nd ow I n f o . u w_w i d t h / w i ndow I n f o . uw_h s ; 


if  Orowsp  SS  *colsp) 
return; 

> 

/*  You  are  in  a twisty  Little  maze  of  standards,  all  different  */ 


U S E_T  E R M C A P 

/*  See  what  termi nfo/termcap  has  to  say  */ 
if  (!*rowsp  ||  !*colsp)  f 

char  termBufferCTERMBUFSIZ],  *termInfo; 

if  ( (termlnfo  = g e t e n v ( " T E RM " ) ) ==  (char  *)NULL) 
termlnfo  = U N KN  0 W N_T  E R M ; 


> 


if  ( ( tgetent ( termBuf f er,  termlnfo)  <=  0)) 
strcpyCtermBuffer,  DUM  B_T  ERMBUF); 

if  (!*rowsp  SS  (t  = t g e t n u m ( " L i " ) ) > 0) 

*rowsp  = (unsigned)t; 

if  (!*colsp  SS  (t  = tgetnumC'co"))  > 0) 

*colsp  = (unsigned)t; 

if  (*rowsp  SS  *colsp) 
return; 


if  (*rowsp  ==  0)  /*  nothing  worked,  use  defaults  */ 

* r o w s p = D E F A 1)  L T_R  0 W S ; 
if  (*colsp  ==  0) 
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> 


* c o L s p = D E F A U LT_C  0 L S ; 


/ * 

* Clear  the  screen  and  home  the  cursor. 

* Uses  a near-universal  ANSI  sequence,  followed  by  an  attempt  to 

* erase  the  mess  it  would  make  if  it  didn't  work. 

*/ 

void 

screenClearC  FILE  *f) 

fputs("\33L2J\33CH\r  \r",  f); 

> 
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userio.c 

/ * 

* userio.c  --  PGP  TTY  user  10  interfaces 

★ 

* Written  by:  Derek  Atkins  <warlordaMIT.EDU>  and  Colin  Plumb 

* 

* $Id:  userio.c, v 1.88.2.2  1996/11/14  04:09:42  cbertsch  Exp  $ 

* / 

# i f d e f H A V E_C  0 N F I G_H 
^include  "config.h" 
ft  e nd  i f 


//include 

//include 

//include 

//include 

//include 


<assert.h> 
<ctype  . h> 

< s t d i o . h > 
<string.h> 

< t i me . h > 


//ifdef  H A V E_S  T D A R G_H 
//include  <stdarg.h> 
ft  e n d i f 


ft  include 
//include 
//include 
^include 
//include 
//include 
//include 
ft  i n c l ud e 
//include 
//include 
ft  include 
//include 
ft  include 
ft  i nc  l ude 
//include 
//include 
ft  i n c l ud e 
//include 
//include 
//include 
//include 
//include 
ft  i n c l ud  e 


"pgp/annotate.h" 
"pgp/esk. h" 
"pgp/fi  lemod.h" 
"pgp/fixedkey.h" 
"pgp/pgpmem.h" 
"pgp/passcach.h" 
"pgp/pgper r . h" 
"pgp/pgpfi  le  . h" 
"pgp/pgpmsg  . h" 
"pgp/pgpui  . h" 
"pgp/pipeline.h" 
"pgp/pubkey.h" 
"pgp/ randpool . h" 
"pgp/ringpub. h" 
"pgp/ringread.h" 
" pgp/ s i g . h " 
"pgp/timedate.h" 
"pgp/usuals.h" 
"pgp/pgpenv . h" 
"kb  . h" 

"userio.h" 
"ringui  .h" 
"moremod . h" 


/*  Filename  for  dumping  data  we  don't  want  to  keep  */ 

//ifdef  MSDOS 

//define  NULLNAME  "NUL" 

//else 

//define  NULLNAME  "/dev/null" 
ft  end  i f 


/ * 

* Get  a string  from  the  keyboard  into  the  supplied  buffer. 

* If  echo  is  non-NULL,  echoes  the  typed  input  to  that  FILE  * . 

* Otherwise  prints  nothing  (and  beeps  go  to  stderr)  . 

* Returns  the  number  of  characters  read  (always  <=  len-1). 
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* / 
i n t 

pgpTtyGetString(char  * b u f , int  ten,  FILE  *echo) 

int  c ; 
int  n = 0 ; 

kbCbreakO; 
flifdef  MACINTOSH 

echo  = NULL;  / * XXX:  For  now,  the  Mac  version  echoes  by  itself  * / 

ft  e nd  i f 

for  ( ; ; ) { 

if  (echo) 

fflush(echo); 
c = kbGetO; 


if  ( c 


> else 


> else 

> else 

> else 


> 


= ' \r  ' ||  c ==  ' \n  ' ) { 

c = 1 \ n ' ; 
break; 

if  ( c ==  1 \b ' ||  c ==  7 ||  c ==  127)  { 

if  (n  > 0)  { 


> else 


n — ; 

if  (echo) 

fputs("\b  \b",  echo); 


fputc('\a',  echo  ? echo  : stderr); 
i f (c  < 1 1 | | c > 256  ) { 

fputc('\a',  echo  ? echo  : stderr); 
if  (n  + 1 >=  len)  { 

fputc('\a',  echo  ? echo  : stderr); 
kbFlush(O); 


if  (echo) 

fputc(c,  echo); 
buf[n++]  = (char)c; 


> 

if  (echo)  { 

fputc('\n',  echo); 
fflush(echo); 

> 

bufCn]  = ' \ 0 ' ; 


kbNorm(  ) ; 
return  n; 


/ * 

* Prompts  the  user  for  Y or  N (case  insensitive),  and  returns 

* the  appropriate  boolean  value.  If  nothing  is  entered,  <def> 

* is  returned.  This  assumes  that  a prompt  has  already  been  printed. 
*/ 

int 

pg pT t y G e t Boo l ( i n t def,  FILE  *echo) 
char  bufC2H; 
for  (;;)  ( 
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if  ( pg pT t y G e t S t r i n g ( bu f , sizeof  (buf),  echo) 
return  def; 
switch  (buftOD)  i 


> 


case  ' y ' : 
case  ' Y ' : 

return  1 ; 
case  ' n ' : 
case  ' N ' : 

return  0; 

default: 

break; 


fprintf  (echo, 

"Invalid  response.  Please  enter  Y or  N [default  %cl: 

def  ? ' Y ' : ' N ' ) ; 


> 


ii 

f 


> 


static  void 

pgpTtyPutKey  I D (struct  PgpTtylll  *ui,  byte  const  *keyid) 
{ 


> 


fprintf  ( u i ->  f p , " Ox  % 2 . 2 X %2 . 2 X %2 . 2 X % 2 . 2 X \ n " , 

keyidC4],  keyidE53,  keyid£6D,  keyidC7]); 


/* 


* Ask  the  user  for  a filename.  arg  is  the  FILE*  to  use  for 

* string  is  the  default  print  string  that  should  be  used,  f 

* the  default  that  will  be  used.  buffer  is  of  size  buflen, 

* used  to  store  the  new  filename. 

* 

* returns  the  length  of  the  contents  of  buffer,  which  must 

* filename  (trailing  white  space  must  be  stripped)  */ 
static  i n t 

pgpTtyNeed F i l e (void  *arg,  char  const  *string,  char  const  *f 

char  *buffer,  int  buflen) 


( 


struct  PgpTtyUI  *ui  = (struct  PgpTtylll  *)arg; 
char  * p ; 


fprintf  (ui->fp,  string,  (filename  ? filename  : "")) 

fflush  (ui->fp); 


*buffer  = '\0'; 

pg pT t y G e t S t r i ng  (buffer,  buflen,  ui->fp); 

p = buffer  + strlen(buffer)  - 1; 
while  (p  >=  buffer  &&  isspace  (*p)) 

* p - - - ' \ 0 ' ; 


> 


return  (strlen  (buffer)); 


static  void 
pgpTtySigResult 

{ 


(void  *arg,  union  RingObject  *key,  word32 
int  status,  char  const  *err) 


struct  PgpTtyUI  *ui  = (struct  PgpTtyUI  *)  arg; 
struct  RingSet  const  *set  = ui->ringset; 


t i 


= = 0) 


output, 
i l e name  is 
and  is 


be  a real 


i l e n a m e , 


mestamp. 
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> 


char  timedateL21D; 

pgpTimeString  (timestamp,  timedate); 

/*  Status  tells  us  whether  the  sig  is  good  or  bad.  Must  also  determine 
if  the  signing  key  is  valid.  */ 

if  (status  > 0)  { 

fprintf  (ui->fp,  "Good  signature  made  %s  by  key:\n",  timedate); 
ringKeyPrint  (ui->fp,  set,  key,  1 ) ; 
ringTtyKeyOKToSign  (arg,  set,  key); 

> 

else  if  (status  ==  0)  { 

fprintf  (ui->fp,  "BAD  signature  made  %s  by  key:\n",  timedate); 
ringKeyPrint  (ui->fp,  set,  key,  1); 

> 

else 

fprintf  (ui->fp,  "Error  %d  checking  signature:  %s\n", 
status,  err); 


i n t 

pg p T t y G e t P a s s (void  *arg,  char  *buffer,  int  buflen) 

{ 

struct  PgpTtyUI  * u i = (struct  PgpTtyUI  * ) a r g ; 
int  i ; 

fprintf  (ui->fp,  "Enter  pass  phrase:  "); 
fflush  (ui->fp); 

i = pgpTtyGetString  (buffer,  buflen,  ui->showpass  ? u i - > f p : NULL); 
fprintf  (ui->fp,  "\n"); 
fflush  (ui->fp); 
return  i; 


int 

pg pT t y D eb ug C omm i t (void  *arg,  int  scope) 

{ 

struct  PgpTtyUI  * u i = (struct  PgpTtyUI  * ) a r g ; 
char  bufCIQ]; 


(void)scope; 

fprintf  (ui->fp,  "I  received  a commit  for  a %s  packet  ... \n", 
pgpScopeName  (scope)); 

fprintf  ( u i ->  f p , "Should  I C E ] a t it,  CCDontinue  without  processing,\n" 
"[Plrocess  it,  or  [Recursively  process  it?\n>  "); 


fflush  (ui->fp); 


if  (!pgpTtyGetString(buf,  sizeof  (buf),  ui->fp)) 
return  PG P ANN_P A R S E R_R E C U R S E ; 

switch  ( * bu  f ) ( 

case  1 c ' : 
case  1 C ' : 

return  PG P A N N_P A R S E R_P A S S T H RO UG H ; 
case  ' e ' : 
case  ' E 1 : 

return  PG P AN N_P A R S E R_E A T I T ; 
case  ' p ' : 


1561 


lib/ttyui/ userio.c 


> 


case  ' P ' : 

return  PG P AN N_P A R S E R_P R 0 C E S S ; 

default: 

fprintf  (ui->fp,  "Recursively  processing...\n"); 
/*  PASSTHROUGH  */ 
case  ' r ' : 
case  ' R 1 : 

return  PG P AN N_P A R S E R_R E C U R S E ; 

} 


/ * 

* Responds  to  a commit  request  depending  on  the  TTY  UI  member  "commits" 

* If  commits  >=  0,  then  it  will  process  that  many  levels  of  scopes. 

* if  commits  < 0,  it  will  always  recurse. 

* / 
i n t 

pgpTtyDoCommi t (void  *arg,  int  scope) 

{ 

struct  PgpTtyUI  * u i = (struct  PgpTtyUI  * ) a r g ; 


(void)scope; 
if  (!ui->commits) 

return  PG P AN N_P A R S E R_P A S S T H R 0 U G H ; 
ui->commi ts — ; 

return  P G P A N N_P A R S E R_R E C U R S E ; 


/* 

* Performs  an  accumulation  of  random  bits.  As  long  as  there  are 

* fewer  bits  in  the  buffer  than  are  needed,  prompt  for  more. 

* (kbGet  is  known  to  call  p g p R a n d P o o l Ke y s t r o k e ( ) which  increments 

* trueRandBits.) 

* / 

void 

pg pT t y Ra nd A c c urn  (void  *arg,  unsigned  count) 

/*  Get  this  many  random  bits  ready  */ 

{ 

struct  PgpTtyUI  *ui  = (struct  PgpTtyUI  *)arg; 
w o r d 3 2 randbits  = pgpRandPoolEntropy  (); 

if  (count  > ( uns i gned  ) pgpRandPoo  l S i ze  ()) 
count  = pgpRandPoolSize  (); 

if  (randbits  >=  count) 
return; 

fprintf  (ui->fp,  "\n\ 

We  need  to  generate  Xu  random  bits.  This  is  done  by  measuring  the\n\ 
time  intervals  between  your  keystrokes.  Please  enter  some  random  text\n\ 
on  your  keyboard  until  you  hear  the  beep:\n",  count  - (randbits)); 

kbCbreak  (); 

do  { 

/*  display  counter  to  show  progress  */ 

fprintf  (ui->fp,  "\r%4u  ",  count-(unsignedMrandbits)); 
fflush  (ui->fp);  /*  ensure  screen  update  */ 
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kbFlush  (0);  / * Typeahead  is  illegal  * / 

(void)kbGet  ();  / * Wait  for  next  char  * / 

/*  Print  flag  indicating  acceptance  (or  not)  */ 

fputc  (pgpRandPoolEntropy  ()  ==  randbits  ? '?'  : ' . ' , ui->fp); 

randbits  = pgpRandPoolEntropy  (); 


> w h i 

le  (randbits  < 

count ) 

/ * Do 

final 

display 

update 

f pu  t s 

( " \ r 

0 *", 

u i ->  f p ) 

f pu  t s 

( " \ a 

-Enough  , 

thank 

/ * Do 

an  extra-thorough  fl 

*/ 


kbFlush  (1); 
kbNorm  (); 


i n t 

pgpTtyDebugAnnotate 

{ 


(void  *arg,  struct  PgpPipeline  *origin, 
byte  const  *string,  si ze_t  size) 


struct  PgpTtyUI  *ui  = (struct  PgpTtyUI  * ) a r g ; 
i n t i ; 

char  bufC30D; 


int  type. 


memset  (buf,  0,  sizeof(buf)); 

memcpy  (buf,  string,  min  (size,  sizeof(buf)-l)); 

for  (i  = 0;  i < (int)min(size,  sizeof(buf)-l);  i + + ) 
if  ( ! i s p r i n t ( bu f E i ] & 2 5 5 )) 
bu  f C i D = 1 . ' ; 


if  ( PGP_IS_SCOPE_MARKER  (type))  C 

if  ( PGP_IS_BEGIN_SCOPE  (type)) 
fprintf  (ui->fp, 

"Begin  %s  scope  (%#x)  from  module  %p  (%s)\n\n", 

pgpScopeName  (type),  type,  (void  Oorigin, 
ori gin->name) ; 

else 

fprintf  (ui->fp, 

"End  %s  scope  (%#x)  from  module  %p  (%s)\n\n", 
pgpScopeName  (type-1),  type, 

(void  *)origin,  origin->name); 

} else  { 

fprintf  ( u i ->  f p , 

"Received  annotation  type  %#x,  size  %d,  \"%s\"\n", 
type,  size,  buf); 
fprintf  ( u i ->  f p , 

"from  module  %p  (%s)\n\n",  (void  *)origin, 
origin->name); 

> 


switch  (type)  i 

case  PG  P A N N_N  0 N P A C KE  T_B  E G I N : 

fprintf  (ui->fp,  "This  is  not  a packet!"); 
if  (size) 

fprintf  (ui->fp,  " \"%s\"",  buf); 
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ft  i f 0 


ft  e n d i f 


fprintf  (ui->fp,  "\n"); 
break; 

case  PGPANN  UNKNOWN  BEGIN: 


fprintf  (ui->fp,  "Unknown  Packet  Type"); 
if  (size) 

fprintf  (ui->fp,  " (%#x)",  *string); 

fprintf  (ui->fp,  "\n"); 
break; 

case  PGPANN  SIGNED  SIG: 


fprintf  (ui->fp,  "This  is  a signed  message. \n"); 
break; 

case  PG  P A N N_S  KCIPHER_ESK: 
case  PGPANN  PKCIPHER  ESK: 


fprintf  (ui->fp,  "This  message  is  encrypted.Xn"); 
break; 

case  PGPANN  HASH  VALUE: 


f p r 

intf  ( u i ->  f p , 

"Got  a 

hash:"); 

i f 

(size)  { 

for  ( i = 

0;  i < 

size;  i + + 

) 

fprintf 

( u i ->f p. 

" %02  x 

fprintf 

(ui->fp. 

" \ n " ) ; 

> e 

l s e 

fprintf 

( u i ->  f p , 

"Null? 

h u h ? \ n 

stringCiH); 


break; 

case  P G P A N N_L I T E R A L_T  Y P E : 
if  ( ! s i z e ) 

fprintf  ( u i ->  f p , 

break; 

case  PGPANN_LITERA  L_N  A M E : 
if  ( ! s i z e ) 

fprintf  ( u i ->  f p , 

break; 


"Got  a type  without  any  data ! \n"); 


"Got  a name  without  any  d a t a ! \ n " ) ; 


> 

return  0; 


i n t 

pg pT t y N e ed I n pu t (void  *arg,  struct  PgpPipeline  *head) 

{ 

struct  PgpTtyUI  *ui  = (struct  PgpTtyUI  *)  arg; 
struct  PgpFileRead  *fileread; 

FILE  * f i L e ; 
unsigned  i,  err; 
char  n a me bu f C 2 5 6 D ; 


"Cannot 


if  ( pgpenvGet  Int  (ui->env,  PG P E N V_B AT C H MO D E , 
fprintf  (ui->fp, 

request  input  file  in  ba t c h mod e \ n " ) ; 
return  PG P E R R_N 0_F I L E ; 


> 


NULL, 


NULL)  ) 


{ 


for  ( ; ; 


{ 

f 


pgpTtyNeedFi  le 
( ! i ) 


(arg,  "File  to  check  signature  against: 
NULL,  namebuf,  s i z e o f ( n a m e b u f ) ) ; 


ii 


/ 
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return  PG P E R R_N0_F I LE ; 
file  = fopen  (namebuf,  " rb"); 
if  (file) 

break; 


f p r i n t f 

> 

( u i ->  f p , 

"Unable 

t 0 

open  file 

\" 

%s\" 

\n",  namebuf); 

fileread  = pgpFi 

leReadCreate  (file. 

D; 

if  (Ifileread)  { 

f p r i n t f 

(ui->fp. 

"Unable 

t 0 

create  f i 

l e 

read 

module. \n"); 

fcloseCfi  l e ) ; 
return  PG P E R R_N OM E M ; 


err  = pgpFileReadPump  (fileread,  head); 
pgpFileReadDestroy  (fileread); 
return  err; 

> 

struct  CloseUI  t 

struct  PgpTtyUI  * u i ; 

struct  PgpPipeline  **output;  / * No  longer  used  * / 
int  closing;  /*  No  longer  used  */ 

char  f i l e na me [ L_t mpn a m+ 1 ] ; 

>; 


static  int 

Do C l o s e Ke y Add  (FILE  *file,  void  *arg) 

{ 

struct  CloseUI  *ui  = (struct  CloseUI  * ) a r g ; 
int  code  = 0; 

if  (fclose  (file)  !=  0)  t 

/*  Error  closing  file  */ 

perror  ("closing  temp  keyring  file"); 

> else 

code  = ui->ui->addKeys  (ui->ui,  ui->filename); 


remove  ( u i -> f i l ename ) ; 
pgpMemFree  (ui); 
return  code; 


# i f ndef  N0_P0PEN 
static  int 

DoClose  (FILE  *file,  void  *arg) 

{ 

struct  CloseUI  *ui  = (struct  CloseUI  *)arg; 
int  code; 


code  = pclose  (file); 

fputs  ("\nDone...hit  any  key\n",  ui->ui->fp); 

kbCbreak(); 

kbGet(); 

kbNorm( ) ; 

fputs  ("\n",  ui->ui->fp); 

/*  XXX:  Ask  to  save  the  file  (if  possible)??  How?  */ 
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if  ( ! code ) { 

pgpMemFree  ( u i ) ; 

> 

return  code; 

} 

#endif  /*  ifndef  NO  POPEN  */ 


tfifndef  N0_P0PEN 
static  FILE  * 

openPager  (struct  PgpTtyUI  const  *ui) 
{ 

char  const  *pager  = "more"; 

if  (ui->pager) 

pager  = ui->pager; 

return  popen  (pager,  "w"); 

> 


#endif  /*  ifndef  NO  POPEN  ★ / 


i nt 

pgpTtyNewOutput  (void  *arg, 

char  const 


struct  PgpPipeline 
★ suggest  ed_na  me ) 


struct  PgpTtyUI  *ui  = (struct  PgpTtyUI 

struct  PgpFile  * p g p f ; 

struct  CLoseUI  * c u i ; 

char  const  * n a m e ; 

char  bufferC64H; 

int  Len,  moref  Lag  = 0,  use_stdout  = 0; 
FILE  * f p = NULL;  / * Initialized 


★★output,  int  type. 


★ ) a rg  ; 


to  shut  up  the  compiler  ★/ 


if  ( ! output) 

return  PG P E R R_B A D P A R A M ; 


name  = ui->outname;  /*  assume  the  name  passed  in  */ 


/*  Send  non-pgp  portion  to  the  bit  bucket,  for  compat  with  old. 

* this  will  get  overridden  below  if  we  are  in  filter  mode, 

* e.g.  ui->protect_name  ==  -1. 

* / 

if  (type  ==  PG  P A N N_N  0 N PG  P_B  E G I N ) { 
name  = NULLNAME; 
type  = P G P_L I T E R A L_T  E X T ; 


# i f 0 


if  (type  < 0) 

fprintf  (stderr, 

"pgpTtyNewOutput:  uninitialized  type\n"); 

/*  For  debugging,  describe  what  scope  we  are  in  ★/ 
if  (type  > 255  &&  type  !=  PGPANN_PGPKE Y_BEG I N ) 

fprintf  (stderr,  "pgpTtyNewOutput:  type  is  scope:  %d  (%s)\n". 
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ft  e nd  i f 


type,  pgpScopeName  (type)); 


if  (type  >=  0 &&  type  < 256  &&  type  !=  PG P_L I T E R A L_T E XT  && 
type  ! = PGP_LITERA  L_B I N A R Y ) 
fprintf  (stderr, 

" pg pT t y N e w Ou t pu t : type  is  a literal  type,  but  not  \'t\'  or  \ ' b \ ' : %c  (%d)\n", 

(byte)type,  type); 


/*  if  we  want  to  use  the  name  from  the  literal  packet...  */ 
if  ( u i -> p r o t e c t_n a me  > 0 &&  s u g g e s t e d_n a me  && 
strcmp  ( s ug g e s t ed_name , "stdin")) 
name  = s u g g e s t e d_na me ; 

/ * Filter  Mode  * / 
if  ( u i -> p r o t e c t_n a me  < 0)  { 
name  = "stdout"; 
u s e_s  tdout  + + ; 

> 

/*  Check  for  "for  your  eyes  only"  mode  */ 
if  (/*type  ==  PG  P_L I T E R A L_T  EXT  &&  */ 

( ( s u g g e s t e d_n a me  &&  ! strcmp  ( s ugg e s t ed_n a me , "_C0NS0LE" ) ) 

| | ui->moreflag)){ 

/*  output  to  pager  */ 
name  = "_C0NS0LE"; 
moref  lag  + + ; 

> 

/*  XXX:  If  s u g g e s t ed_n a me  is  _C0NS0LE,  ask  the  user  whether  to  show  */ 

if  (type  ==  PGPANN_PGPKE  Y_B  E G I N &&  ui->addKeys)  ( 

/*  we  have  a means  to  add  keys..  Use  it  */ 

name  = "Temporary  PGP  Keyfile";/*  won't  be  used,  see  below  */ 
moref lag++; 

> 


/*  If  all  else  fails,  ask  the  user  where  to  store  the  file. 

If  batchmode,  use  the  suggested  name  if  available,  else 
give  up.  * / 

while  (!name  ||  ( Imoref lag  SS  !use_stdout  && 

pg p T t y C h e c k 0 v e r w r i t e ( a r g , name)))  { 
if  ( pgpenvGet  I nt  (ui->env,  PG P E N V_B AT C H MO D E , NULL,  NULL))  { 
if  ( s u g g e s t e d_na me ) 
l e n = 0 ; 

else 

return  PGPERR_NO_F I LE ; 

> 

else 

len  = pgpTtyNeed F i l e (arg, 

"Where  should  I save  this  file?  C%s]  ", 
s u g g e s t ed_n a me , buffer,  sizeof  (buffer)); 


> 


if  (len) 

name 

else 

name 


buffer; 

suggest  ed_n  a me ; 


if  (!  moref  lag  &&  !use_stdout)  { 
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# i f d e f 


/*  Don't  print  this  out  if  we're  using  the  pager  or  stdout  */ 
if  ( ! t y pe  ) i 

fprintf  (ui->fp, 

"Unknown  file  type  (clearsigned?).  Assuming  text\n"); 
type  = P6  P_L I T E R A L_T  EXT; 

> 

fprintf  ( u i ->  f p , 

"Opening  file  \"%s\"  type  %s.\n",  name, 

type  ==  P G P_L I T E R A L_T  EXT  ? "text"  : "binary"); 


if  (!  *output  ||  moreflag  ||  use_stdout)  { 
if  (imoreflag)  { 

if  (us  e_s  t d o u t ) 

fp  = stdout; 

else  { 

fp  = fopen  (name,  type  ==  PG P_L I T E R A L_T E XT  ? 

"w"  : "wb"); 

/*  Only  use  name  from  UI  once  */ 
if  (name  ==  u i -> ou t na me  ) 
ui->outname  = NULL; 

> 

if  ( ! f p)  ( 

/*  XXX:  Try  to  re-open  file?  */ 
return  PG P E R R_N0_F I L E ; 

> 

> 

if  (*output)  ( 

i n t ret; 

ret  = (*output)->sizeAdvise  (*output,  0); 
i f (ret) 

fprintf  (stderr, 

"Error  closing  old  file:  %d\n",  ret); 
/*  *output  can  be  reset  from  under  us  in  closeO  */ 
if  ( *ou  t pu  t ) 

(*output)->teardown  ( * o u t p u t ) ; 

★output  = NULL; 

> 


if  (type  ==  PG P A N N_P G P K E Y_B E G I N S&  ui->addKeys)  { 

cui  = (struct  CloseUI  *)pgpMemAlloc  (sizeof  ( * c u i ) ) ; 
if  ( ! c u i ) 

return  PG P E R R_N0M E M ; 
cui->ui  = ui; 
tmpnam  ( c u i -> f i l e na me ) ; 
fp  = fopen  ( c u i -> f i l e na me , "wb"); 

pgpf  = pgpFi leProcWriteOpen  (fp,  DoCloseKeyAdd,  cui); 


> else 

NO  POPEN 


if  (moreflag)  ( 

if  ( ! pg pMo r e Mod C r e a t e ( o u t pu t ) ) { 
return  PG P E R R_N 0M E M ; 

> 

fputs  ( " \ nP  l a i n t ex t message  follows.  . ,\n\ 

\n\n",  ui->fp); 

return  0; 
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//else 

cui  = (struct  CloseUI  OpgpMemAlloc  (sizeof  (*cui)); 
if  ( ! c u i ) 

return  PG P E R R_N OM E M ; 
cui->ui  = ui; 

pgpf  = pgpFileProcWriteOpen  (openPager  (ui),  DoClose, 

cui  ) ; 


# e nd i f 


if  ( pgpf ) 

fputs  ( " \ n P l a i n t ex t message  follows. . . \n\ 
\n\n",  u i ->  f p ) ; 


> else  f 

pgpf  = pgpFileWriteOpen  (fp,  NULL); 
if  (ipgpf  &&  ! u s e_s t dou t ) 
fclose  (fp); 

> 

if  (Ipgpf) 

return  P G P E R R_N 0 M E M ; 

if  (IpgpFileWriteCreate  (output,  pgpf, 

(use_stdout  &&  ! moref lag)  ? 0 : 1))  C 

return  P G P E R R_N  OM  E M ; 

> 

return  0 ; 


/*  XXX:  How  do  we  save  the  data  in  case  the  user  wants  to 

* save  it  to  a file  and  moreflag  is  set  and  the  name 

* isn't  _C0NS0LE? 

*/ 

> else  f 

/*  Only  use  name  from  UI  once  */ 
if  (name  ==  ui->outname) 

ui->outname  = NULL; 

return  ( * o u t pu t ) -> a nno t a t e (*output,  *output, 

PG  P A N N_N  EWFILE_START, 

(byte  const  *)name, 
strlen  (name)); 

> 

> 


i n t 

pg pT t y Me s s a g e 0 l d (void  *arg,  int  type,  int  msg,  unsigned  numargs,  ...) 
{ 

struct  PgpTtyUI  * u i = (struct  PgpTtyUI  * ) a r g ; 
struct  PgpUICbArg  const  *msgarg; 
va_l i s t a p ; 


if  (type  > ui->verbose) 
return  0; 


fputs  (pgpmsgString  (msg),  ui->fp); 
putc  ('  ',  u i - > f p ) ; 

va_start  (ap,  numargs); 
while  (numargs--)  { 

msgarg  = va_arg  (ap,  struct  PgpUICbArg  const  *); 
switch  ( m s g a r g -> t y pe  ) ( 

case  P G P_U I_A R G_I N T : 

fprintf  (ui->fp,  "%d",  msgarg->val.i); 
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> 


> 

f p r i n t f 


case 


case 


case 


case 


> 


break; 

P G P U I_A  R G_U  N S I G N E D : 

fprintf  (ui->fp,  "%u",  msgarg->val.u); 
break; 

PG  P_U I_A  R G_W  0 R D 3 2 : 

fprintf  (ui->fp,  "%Lu", 

(unsigned  long)msgarg->val  .w32); 

break; 

PG  P_U I_A  R G_S  T RING: 

fprintf  (ui->fp,  "\"%s\"",  msga r g-> va L . s ) ; 
break; 

PGP_UI_ARG_BUFFER : 

fprintf  (ui->fp,  "\"%.*s\"",  ( i n t ) m s g a r g-> v a L . bu f . I en , 

msgarg->val  .buf.buf); 

break; 


( u i ->  f p , " \ n " ) ; 


return  0; 


/*  Assumes  the  message  string  is  in  printf  format  */ 
i n t 

pgpTtyMessage  (void  * a r g , int  type,  int  msg,  unsigned  numargs,  ...) 

{ 

struct  PgpTtyUI  *ui  = (struct  PgpTtyUI  * ) a r g ; 
struct  PgpUICbArg  const  *msgarg; 
char  const  *string,  *ptr; 
va_List  a p ; 

if  (type  > ui->verbose) 
return  0; 

string  = pgpmsgString  (msg); 
va_start  (ap,  numargs); 

while  ((ptr  = strchr(string,  '%'))  !=  NULL)  { 

/*  Print  part  of  string  leading  up  to  °/  */ 
fwrite  (string,  1,  ptr-string,  u i - > f p ) ; 

if  ( * + + pt  r ==  '%')  { 

putc  ('%',  u i ->  f p ) ; 
string  = ptr+1; 
continue; 

> 

assert  (numargs--); 

msgarg  = va_arg  (ap,  struct  PgpUICbArg  const  *); 
switch  (*ptr++)  ( 
case  ' d ' : /*  int  */ 

assert  ( msga rg-> type  ==  PG P_U I_A R G_I N T ) ; 
fprintf  (ui->fp,  "%d",  msgarg->val.i); 
break; 

case  'l':  /*  unsigned  long  (word32)  */ 
assert(*ptr  ==  'u'); 
p t r + + ; 

assert  (msga rg->type  ==  PGP_U I_ARG_W0RD32 ) ; 
fprintf  (ui->fp,  "%lu", 

(unsigned  l ong ) msga rg-> va  l . w32  ) ; 
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case  ' u 


case  ' s 


case 


default 

> 


break; 

: / * unsigned  * / 

assert  ( m s g a r g-> t y p e ==  PG P_U I_A RG_U N S I G N E D ) ; 
fprintf  (ui->fp,  "%u",  msgarg->val.u); 
break; 

: / * string  * / 

assert  ( ms g a r g-> t y p e ==  PG P_U I_A RG_ST R I NG ) ; 
fprintf  (ui->fp,  "%s",  msgarg->val.s); 
break; 

: / * buffer  ( % . * s ) * / 

assert  (*ptr  = = 1 * 1 88  p t r C 1 ] = = ’s'); 

Ptr  +=  2; 

assert  ( m s g a r g-> t y pe  ==  PG P_U I_A R G_BU F F E R ) ; 
fprintf  (ui->fp,  "%.*s", 

(int)msgarg->val .buf . ten, 
msgarg->val.buf.buf); 

break; 
assert  ( 0 ) ; 


string  = ptr; 

> 

/*  Print  trailing  segment  of  string  */ 
fputs  (string,  ui->fp); 
putc ( ' \ n 1 , u i - > f p ) ; 


return  0; 

> 

/ * 

* Given  the  signature  structure,  sig,  verify  it  against  the  hash 

* to  see  if  this  signature  is  valid.  This  requires  looking  up  the 

* public  key  in  the  keyring  and  validating  the  key. 

* 

* Returns  0 on  success  or  an  error  code. 

*/ 
i n t 

pg pT t y S i g V e r i f y (void  *arg,  struct  PgpSig  const  *sig,  byte  const  *hash) 

{ 

struct  PgpTtylll  *ui  = (struct  PgpTtyUI  *)arg; 

union  RingObject  *ringobj  = NULL;  /*  shut  up  the  compiler  */ 
struct  PgpPubKey  *pubkey; 

word32  timestamp  = pgpSigTimestamp  (sig); 
byte  pkalg; 
byte  const  *keyid; 
i n t err; 

keyid  = pgpSigId8  (sig); 
pkalg  = pgpSigPKAlg  (sig); 
pubkey  = NULL; 

if  (imemcmp  (keyid,  fixedKeylD,  8)  88  pkalg  ==  PG P_PK A LG_R S A ) 
pubkey  = fixedKeyPub  (); 
else  if  ( u i -> r i n g s e t ) { 

ringobj  = ringKeyById8  (ui->ringset,  pkalg,  keyid); 
if  (ringobj)  t 

pubkey  = ringKeyPubKey  (ui->ringset,  ringobj,  0); 
ringObjectRelease  (ringobj); 

> 

> 
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> 


if  (pubkey  SS  ! pub k ey-> v e r i f y ) { 

/*  Make  sure  we  can  use  this  key  */ 
pgpPubKeyDestroy  (pubkey); 
pubkey  = NULL; 

> 

if  (Ipubkey)  { 

fprintf  (ui->fp,  "Signature  by  unknown  keyid:  "); 
pgpTtyPutKeylD  ( u i , keyid); 
return  PG P E R R_S I G_N 0 KE Y ; 


> 

err  = pgpSigCheck 

(sig. 

pubkey,  hash); 

if  (err  >=  0) 

pgpTtySigResult 

else 

(arg. 

ringobj,  timestamp,  err,  NULL); 

pgpTtySigResult 

(arg, 

pgpe 

ringobj,  timestamp,  err, 
rrString  (err)); 

pgpPubKeyDestroy  (pubkey); 
return  0; 


i n t 

pg pT t y Un L o c k S e c k e y (void  *arg,  union  RingObject  *key,  struct  PgpSecKey  *seckey) 
{ 

struct  PgpTtyUI  * u i = (struct  PgpTtyUI  * ) a r g ; 
i n t i = 3 ; 
i n t err; 


if  ( ! seckey) 

return  - 1 ; 

if  ( ! pg p S e c Ke y I s L o c k e d (seckey)) 
return  0; 


i f 


> 


(ui->passcache)  { 

err  = pgpPassCacheTryKey  (ui->passcache,  seckey); 
if  (err  > 0 ) 

return  0; 


if  (pgpenvGetlnt  (ui->env,  PG P E N V_B AT C H MO D E , NULL,  NULL))  { 
fprintf  (ui->fp, 

"Use  -z  to  supply  passphrase  in  batchmode\n"); 


return  -1 


> 


fprintf  (ui->fp,  "Need  a pass  phrase  to  decrypt  private  key:\n"); 
ringKeyPrint  (ui->fp,  ui->ringset,  key,  1); 
while  ( i -- ) { 

char  passC256D; 
i n t l e n ; 


len  = pgpTtyGetPass  (arg,  pass,  sizeof  (pass)); 
if  ( ! I e n ) 

break; 
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> 


err  = pgpSecKeyUnlock  (seckey,  ui ->env,  pass,  len); 
if  (err  < 0)  -C 

fprintf  (ui->fp,  "Key  Corrupted  (%d):  %s\n",  err, 

pgperrString  (err)); 
memset  (pass,  0,  sizeof  (pass)); 
break; 

> 

if  (err)  C 

fprintf  (ui->fp,  "Pass  phrase  is  good.Xn"); 
if  (ui->passcache) 

pgpPassCacheAdd  (ui->passcache,  pass,  len); 
memset  (pass,  0,  sizeof  (pass)); 
return  0; 

> 

memset  (pass,  0,  sizeof  (pass)); 

fprintf  (ui->fp,  "Error:  Bad  pass  phrase. \n\n"); 

> 

return  - 1 ; 


/ * 

* given  a list  of  Encrypted  Session  Keys  (esklist),  try  to  decrypt 

* them  to  get  the  session  key.  Fills  in  keylen  with  the  length  of 

* the  session  key  buffer. 

* 

* Returns  0 on  success  or  PG P AN N_P A R S E R_E AT  I T on  failure. 

* / 


i n t 

pg pT t y E s k D e c r y p t (void  *arg,  struct  PgpESK  const  *esklist,  byte  *key, 

s i z e_t  * k e y l e n , 

int  (*tryKey)  (void  *arg,  byte  const  *key,  si ze_t  keylen), 
void  *tryarg) 

struct  PgpTtylll  *ui  = (struct  PgpTtylll  *)arg; 
struct  PgpESK  const  * e s k ; 

union  RingObject  *ringobj  = NULL;  / * shut  up  the  compiler  * / 

struct  PgpSecKey  *seckey; 

char  passC256H; 

int  i,  err,  len; 

byte  pkalg; 

byte  const  * k e y i d ; 


fprintf  (ui->fp,  "This  message  is  encrypted. \n"); 
for  (esk  = esklist;  esk;  esk  = pgpEskNext  (esk)  ) C 
switch  (pgpEskType  (esk))  C 
case  P G P_E  SKTYPE_PASSPHRASE : 

if  (ui->passcache)  { 

err  = pg p Pa s s C a c h e T r y E s k ( u i -> pa s s c a c h e , 

esk,  tryKey,  tryarg, 
key,  keylen); 

if  (err  > 0 ) 

return  0;  /*  success  */ 

/*  Ignore  errors,  err  < 0 */ 

> 

if  ( pgpenvGet  Int  (ui->env,  PG P E NV_B AT C HM0 D E , 
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"Use  -z 


t o 
> 


NULL,  NULL))  t 
fprintf  ( u i ->  f p , 

provide  passphrase  in  batchmode\n"); 
return  - 1 ; 


i = 3; 

while  ( i --  ) { 
l e n = 
err  = 


pgpTtyGetPass  (arg,  pass,  sizeof  (pass)); 
pg p E s k C on v D e c r y p t (esk,  ui->env, 

pass,  len,  key); 


* k e y l e n = err; 


if  (err  >=  0) 

err  = tryKey  (tryarg,  key,  *keylen); 


if  (!err)  { 

if  (ui->passcache) 

pg p Pa s s C a c h e Add  ( u i -> pa s s c a c h e , 

pass,  len); 

memset  (pass,  0,  sizeof  (pass)); 
return  0 ; 

> 

memset  (pass,  0,  sizeof  (pass)); 
fprintf  (ui->fp,  "Password  Incorrect."); 


if  ( i ) 

fprintf  (ui->fp,  " Try  Again."); 
fprintf  (ui->fp,  "\n"); 

> 

break; 


case  PGP_ESKTYPE_PUBKEY : 

keyid  = pgpEskId8  (esk); 
pkalg  = pgpEskPKAlg  (esk); 
if  ( ! memcmp  (keyid,  fixedKeylD,  8)) 
seckey  = fixedKeySec  (); 
else  if  ( u i -> r i ng s e t ) { 

ringobj  = ringKeyById8  ( u i -> r i n g s e t , pkalg, 

keyid); 

if  (Iringobj) 
break; 

seckey  = ri ngSecSecKey  ( u i -> r i n g s e t , ringobj, 

PGP_PKUSE_ENCRYPT) ; 
ringObjectRelease  (ringobj); 

> else 

break; 

if  (iseckey) 

break; 


i f 


> 


seckey->decrypt)  ( 

/*  Can't  decrypt  with  this  key  */ 
pgpSecKeyDestroy  (seckey); 
break; 


/*  XXX  need  to  make  sure  seckey  is  unlocked  */ 
err  = pgpTtyUnlockSeckey  (arg,  ringobj,  seckey); 
if  (err)  { 
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pgpSecKeyDestroy  (seckey); 
break; 

} 

err  = pgpEskPKdecrypt  (esk,  u i - > e n v , seckey,  key); 
* k e y l e n = err; 
pgpSecKeyDestroy  (seckey); 

if  (err  <=  0) 
break; 


err  = tryKey  (tryarg,  key,  *keylen); 
if  ( ! e r r ) 

return  0; 


break; 


default: 

f p r i n t f 
break; 

> 


(ui->fp,  "Unknown  ESK  type:  %d\n", 
pgpEskType  (esk)); 


> 

/ * 

* At  this  point,  none  of  the  PgpESKs  have  been  decrypted, 

* inform  the  user  that  we  failed. 

*/ 


s o 


let's 


> 


fprintf  ( u i ->  f p , 

"Cannot  decrypt  message.  It  can  only  be  decrypted  by:\n"); 
for  (esk  = esklist;  esk;  esk  = pgpEskNext  (esk))  { 
switch  (pgpEskType  (esk))  { 
case  PGP_ESKTYPE_PASSPHRASE  : 

fprintf  (ui->fp,  " A Pass  PhraseXn"); 
break; 

case  P G P_E  SKTYPE_PUBKEY : 

keyid  = pgpEskId8  (esk); 
pkalg  = pgpEskPKAlg  (esk); 
if  (ui->ringset)  C 

ringobj  = ringKeyById8  ( u i -> r i ng s e t , pkalg, 

keyid); 


if  (ringobj)  C 

ringKeyPrint(ui->fp,  ui->ringset, 
ringobj,  1); 

ringObjectRelease  (ringobj); 

> else  C 


> 


pgpTtyPutKeylD  (ui,  keyid); 


> else  C 

fprintf  (ui->fp,  " Key  ID  "); 
pgpTtyPutKeylD  (ui,  keyid); 

> 


> 


> 

fprintf  (ui->fp,  "\n"); 
return  PG P A N N_P A R S E R_E A T I T ; 


/*  Check  if  file  already  exists,  and  whether  it  is  OK  to  overwrite  it. 


1575 


lib/ttyui/ userio.c 


If  +f orce,  no  check  is  made  and  any  existing  file  will  be  overwritten. 
If  +batchmode  (but  not  +force),  the  default  answer  is  always  do  not 
overwrite.  * / 

i n t 

pg pT t y C h e c kO v e r w r i t e (void  *arg,  char  const  *name) 

{ 

struct  PgpTtylll  * u i = (struct  PgpTtylll  * ) arg; 

FILE  * f p ; 

int  status  = 0 ; 

if  ( s t r c mp ( na me , NULLNAME)  ! = 0 && 

! pgpenvGet  Int  (ui->env,  PG P E N V_F 0 R C E , NULL,  NULL))  C 
fp  = fopen  (name,  "r"); 


if  (fp) 

f 

fclose  (fp); 

if  ( pgpenvGet  Int  (ui->env,  PG P E N V_B A T C H MO D E , 

NULL,  NULL))  { 
fprintf  (stderr, 

"In  batchmode,  use  +force  to  allow  overwriting  of  output  files\n"); 


status  = PGPERR  NO  FILE; 

> 

else  { 

fprintf  (stderr, 

"File  \"%s\"  already  exists.  Overwrite?  Cy/N]  ", 
name); 

if  ( ! pg pT t y G e t Boo l (0,  stderr)) 
status  = PGPERR  NO  FILE; 

> 

> 

> 

if  (status) 

fprintf 

(stderr,  "Unable  to  overwrite  file  \"%s\"\n", 
name); 

return  status; 

> 
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userio.h 

/ * 

* userio.h  — PGP  TTY  User  10  Interfaces 

* 

* Written  by:  Derek  Atkins  < w a r L o r d 3M  I T . E D U> 

★ 

* This  is  a Public  API  Function  Header. 

★ 

* $ I d : use  r i o . h , v 1.36.2.1  1996/11/14  04:09:43  cbertsch  Exp  $ 

*/ 

//ifndef  PG P_T T Y U S E R I 0_H 
//define  PG P_T T Y U S E R I 0_H 

^include  <stdarg.h> 

//include  <stdio.h> 

//include  " pg p / u s u a l s . h " 

struct  PgpPipeline; 

//ifndef  T Y P E_PG P P I P E L I N E 

//define  T Y P E_P G P P I P E L I N E 1 

typedef  struct  PgpPipeline  PgpPipeline; 

//  e nd  i f 

struct  PgpSecKey; 

//  i f nd  e f T Y P E_PG P S E C KE Y 

//define  T Y P E_P G P S E C K E Y 1 

typedef  struct  PgpSecKey  PgpSecKey ; 

# e n d i f 

struct  RingSet; 

//  i f n d e f T Y P E_R I N G S E T 

//define  T Y P E_R I N G S E T 1 

typedef  struct  RingSet  RingSet; 

U e n d i f 

struct  PgpSig; 

# i f n d e f TYPE_PGPSIG 

//define  TYPE_PGPSIG  1 

typedef  struct  PgpSig  PgpSig; 

//end  i f 

struct  PgpESK; 

//ifndef  T Y P E_P  G P E S K 

//define  T Y P E_P  G P E S K 1 

typedef  struct  PgpESK  PgpESK; 

# e n d i f 

struct  PgpPassCache; 

//ifndef  T Y P E_PG  P P A S S C A C H E 

//define  T Y P E_PG  P P A S S C A C H E 1 

typedef  struct  PgpPassCache  PgpPassCache; 

U e nd i f 

struct  PgpTtyUI  -C 

int  verbose; 
int  showpass; 
int  moref lag; 
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int  protect_name; 
int  commits; 

FILE  * f p ; 

char  const  *outname; 
char  const  * p a g e r ; 
struct  RingSet  const  *ringset; 
struct  PgpPassCache  *passcache; 
struct  PgpEnv  const  *env; 

int  (*addKeys)  (void  *arg,  char  const  *filename); 

>; 

# i f nde  f T Y P E_PG PTT Y U I 

#define  T Y P E_PG PTT Y U I 1 

typedef  struct  PgpTtyUI  PgpTtyUI; 

# e nd i f 

/* 

* Get  a string  from  the  keyboard  into  the  supplied  buffer. 

* If  echo  is  non-NULL,  echoes  the  typed  input  to  that  FILE  *. 

* Otherwise  prints  nothing  (and  beeps  go  to  stderr). 

* Returns  the  number  of  characters  read  (always  <=  len-1). 

* / 

int  pgpTtyGetString(char  * b u f , int  len,  FILE  * e c h o ) ; 

/ * 

* Prompts  the  user  for  Y or  N (case  insensitive),  and  returns 

* the  appropriate  boolean  value.  If  nothing  is  entered,  <def> 

* is  returned.  This  assumes  that  a prompt  has  already  been  printed. 

* / 
i n t 

pgpTtyGetBool(int  def,  FILE  * e c h o ) ; 

/ * 

* Get  a passphrase  from  the  user.  arg  is  the  FILE*  to  print  to  the 

* user,  string  is  an  informational  string,  buffer  is  space  to  store 

* the  passphrase,  and  buflen  is  the  size  of  buffer. 

* 

* Fill  in  buffer  with  the  passphrase.  line  endings  must  be  stripped 

* from  the  string.  returns  the  length  of  the  passphrase. 

* / 

int  pgpTtyGetPass  (void  *arg,  char  *buffer,  int  buflen) ; 

/ * 

* A debugging  committal  callback.  Returns  one  of: 

* A N N_P  ARSER_PASSTHROUGH 

* A N N_P  ARSER_EATIT 

* ANN_PARSER_PROCESS 

* A N N_P  ARSE  R_R  E C U R S E 

* / 

int  pgpTtyDebugCommit  (void  *arg,  int  scope); 

/ * 

* Will  process  commit  requests  silently,  based  upon  the  value  of  arg->commits 

* 

* If  commits  > 0,  it  will  recursively  process  that  many  scopes, 

* changing  the  value  of  commits  each  time  through. 

* If  commits  ==  0,  it  will  passthrough  the  ciphertext. 

* If  commits  < 0,  it  will  recursively  process  the  whole  message. 

* / 

int  pgpT ty DoCommi t (void  *arg,  int  scope); 
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/* 

* Accumulate  count  bits  of  random  data  from  the  user  utilizing  keystroke 

* timings. 

*/ 

void  pgpTtyRandAccum  (void  * a r g , unsigned  count); 

int  pg pT t y D e b u g An n o t a t e (void  *arg,  struct  PgpPipeline  *origin, 

int  type,  byte  const  *string,  size_t  size); 

int  pgpTtyNeedlnput  (void  *arg,  struct  PgpPipeline  * h e a d ) ; 

int  pg pT t y N e w 0 u t p u t (void  *arg,  struct  PgpPipeline  **output,  int  type, 

char  const  * s u g g e s t ed_n a me ) ; 

int  pg pT t y M e s s a g eO l d (void  *arg,  int  type,  int  msg,  unsigned  numargs,  ...); 
int  pgpTtyMessage  (void  * a r g , int  type,  int  msg,  unsigned  numargs,  ...); 
int  pgpTtyUnlockSeckey  (void  *arg,  union  RingObject  *key, 

struct  PgpSecKey  *seckey); 

int  pgpTtyS i gVe r i f y (void  *arg,  struct  PgpSig  const  *sig,  byte  const  *hash); 

int  pg pT t y E s k D e c r y p t (void  *arg,  struct  PgpESK  const  *esklist,  byte  *key, 

s i z e_t  * k ey  l e n , 

int  ( * t ry Ke y ) ( vo i d *arg,  byte  const  *key,  si ze_t  keylen), 
void  *tryarg); 

int  pg pT t y C h e c kO v e r w r i t e (void  *arg,  char  const  *name); 

# e nd i f /*  PGP  TTYUSERIO  H */ 
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' 


man/.cvsignore 


.cvsignore 

Ma  ke  f i L e 
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man/Makefile.in 

Makefile.in 

# 

# man/ 

# 


# $Id:  Makefile. 
U 

, i n , v 1.2. 2.1  1996/11/14  04:09:43  cbertsch  Exp  $ 

M A N 1 = 

M A N 3 = 

install:  : 

if  test 

' x $ ( M A N 1 ) ' !=  x;  then  \ 

if  test  ! -d  $(DESTDIR)$(mandir)/man1;  then  \ 
mkdir  -p  $(DESTDIR)$(mandir)/man1;  \ 

f i ; \ 

for  i in  $(MAN1)'';  do  \ 

S(INSTALL)  -m  644  $ ( s r c d i r ) / $ S i \ 

$(DESTDIR)$(mandir)/man1;  \ 

done  \ 

else  : ; 
f i 

\ 

if  test 

'x$(MAN3)'  !=  x;  then  \ 

if  test  ! -d  $(DESTDIR)$(mandir)/man3;  then  \ 
mkdir  -p  $(DESTDIR)$(mandir)/man3;  \ 

f i ; \ 

for  i in  $(MAN3)'';  do  \ 

SCINSTALL)  -m  644  $ ( s r c d i r ) / $ $ i \ 

$(DESTDIR)$(mandir)/man3;  \ 

done  \ 

else  : ; 
f i 

\ 
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